Alien Vault USM Anywhere
App Vendor: Alien Vault USM Anywhere
App Category: Analytics & SIEM
Connector Version: 1.0.0
API Version: 2.0.0
About App
Alien Vault USM Anywhere centralizes security monitoring of networks and devices in the cloud, on-premises, and remote locations, helping you to detect threats virtually anywhere. In Orchestrate, it helps orchestrate and automate actions towards other security technologies to respond to incidents quickly and easily.
The Alien Vault USM Anywhere app is configured with Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get alarm details | This action obtains details for a single alarm by the Alarm ID. |
Get alarm labels | This action obtains the list of label IDs for an alarm. |
Add label to alarm | This action adds a label to an alarm. |
Remove the label from the alarm | This action removes the label from an alarm. |
Get alarms | This action obtains the list of alarms. The results can be filtered based on multiple parameters (Example, Time range). |
Get events | This action obtains the list of events. The results can be filtered based on multiple parameters (Example, Time range). |
Get event details | This action obtains the details of an event using the Event ID. |
Configuration Parameters
The following configuration parameters are required for the Alien Vault USM Anywhere app to communicate with the Alien Vault USM Anywhere enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Subdomain | Enter the Alien Vault-specific URL or sub-domain. Example: https://{abc}.alienvault.cloud | Text | Required | |
Client ID | Enter the Alien Vault USM’s specific Client ID. | Text | Required | |
Secret | Enter the Alien Vault USM’s specific Client ID. | Password | Required |
Action: Get alarm details
This action obtains details for a single alarm by the Alarm ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the Alarm Identification Number | Text | Required |
Example Request
[
{
"alarm_id": "33ab5554-196c-457a-b035-379d0bb2fb6f"
}
]Action: Get alarm labels
This action obtains the list of label IDs for an alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the Alarm Identification Number | Text | Required |
Example Request
[
{
"alarm_id": "33ab5554-196c-457a-b035-379d0bb2fb6f"
}
]Action: Add label to alarm
This action adds a label to the alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the Alarm Identification Number. | Text | Required | |
Label ID | Enter the Label Identification Number. | Text | Required |
Example Request
[
{
"alarm_id": "33ab5554-196c-457a-b035-379d0bb2fb6f",
"label_id": "0add9c47-0d0c-de27-5a07-b41cfbbf8404"
}
]Action: Remove the label from the alarm
This action removes the label from the alarm.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Alarm ID | Enter the Alarm Identification Number. | Text | Required | |
Label ID | Enter the Label Identification Number. | Text | Required |
Example Request
[
{
"alarm_id": "33ab5554-196c-457a-b035-379d0bb2fb6f",
"label_id": "0add9c47-0d0c-de27-5a07-b41cfbbf8404"
}
]Action: Get alarms
This action obtains the list of alarms. The results can be filtered based on multiple parameters (Example, Time Range).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters to filter retrieved results. | Key Value | Optional |
Example Request
[
{
"name": "events",
"displayName": "events",
"typePropertyKind": "TYPE_EXPRESSION",
"required": true
}
]Action: Get events
This action obtains a list of events. The results can be filtered based on multiple parameters (Example, Time Range).
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Additional parameters | Enter the additional parameters to filter retrieved results. | Key Value | Optional |
Example Request
[
{
"name": "events",
"displayName": "events",
"typePropertyKind": "TYPE_EXPRESSION",
"required": true
}
]Action: Get event details
This action obtains details of an event using the Event ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Event ID | Enter the Event Identification Number. | Text | Required |
Example Request
[
{
"event_id": "fab00eac-fc35-f04b-1c54-1d6f8d683e02"
}
]