Skip to main content

Alienvault USM Anywhere

Overview

Before logs can be pulled from USM Anywhere Instance, an API Token with the appropriate permissions needs to be created and provided for integration setup. This document describes the basic setup for event log collection.

Create an API profile

An API profile is built from a valid USM Anywhere user account. Please find a basic overview of the setup, including the full vendor information regarding API clients, here: https://cybersecurity.att.com/documentation/usm-anywhere/user-guide/user-management/api-clients.htm?Highlight=API

  1. From a logged in admin user in the Anywhere console, click the Alien icon in the upper right and select Profile.
  2. On the Profile page, select the API Clients tab.
  3. Click New Client.
  4. Name the Client and click Create Client for the system to generate the secret code.
note

Remember the client ID and code created; you will need it in another step below, and the code is available to view only once.

Identify the Instance Name

The final step is to note the instance name needed.

  1. Find the URL used when connecting to the USM Anywhere console.
  2. The Instance Name to use is the identifier in the URL from the form https://Instance Name.alienvault.cloud, removing the ".alienvault.cloud" portion. For example, given the URL https://acme.alienvault.cloud, the Instance Name would be "acme".

Provide Information

The Instance Name, Client ID, and Token should now be collected and available to complete the setup and start log collection. Provide these value to your service representative, or use them for self-service configuration by following the "Configuring a new Service Connector for log collection" guide.