Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt

Use this file to discover all available pages before exploring further.

The BlueApp for LevelBlue Forensics and Response enables you to automate intrusion detection and response activities between USM Anywhere and your asset host systems. This BlueApp enhances the threat detection capabilities of USM Anywhere by collecting and providing Microsoft Windows and Linux system information, and provides orchestration actions to streamline incident response activities for Windows systems based on risks identified in USM Anywhere.
Edition: The BlueApp for LevelBlue Forensics and Response is available in the Standard and Premium editions of USM Anywhere. See the Affordable pricing to fit every budget page for more information about the features and support provided by each of the USM Anywhere editions.
Warning: If the BlueApp fails and you receive a message informing you that it has not been loaded, please contact LevelBlue Technical Support to solve the problem.
This topic discusses these subtopics: Configuring the BlueApp for LevelBlue Forensics and Response Using the BlueApp for LevelBlue Forensics and Response Actions Data Collection Functions Enforcement System Functions Defining a Launch Query Action Scheduling a Forensics and Response Job Launching a Forensics and Response Action from an Event or Alarm Creating a Forensics and Response Rule Viewing Forensics and Response Events and Alarms