AlienVault® USM Anywhere™

Running Queries from the Agents Page

Role Availability Read-Only Analyst   Manager

To run a user-initiated agent query from the Agents page

  1. Go to Data Sources > Agents.
  2. Main Agents Page

  3. Click Run Agent Query.
  4. Run Agent Queries popup window

  5. Select a query in the Action field:
  6. List of available Agent Queries
    Query Name Platform Description
    Get Docker container running processes macOS, Linux Get the list of processes running in each Docker container.
    Get Docker containers details macOS, Linux Get a list of details for each Docker container.
    Get file information Windows, Linux, and macOS Get information from the file specified in the first parameter. You must include the file path of the file.
    Get IE typed URLs Windows Get the list of Internet Explorer typed URLs.
    Get firewall configuration Windows List firewall configurations for different profiles and rules.
    Get installed packages history macOS Get the list of latest installed packages in the system.
    Get logged-in users Windows, Linux, and macOS List the current logged-in users.
    Get listening processes Windows, Linux, and macOS List the processes with listening sockets.
    Get network connections Windows, Linux, and macOS List the current network connections.
    Get network connection information Linux Get information from a network connection based on the remote address (first parameter) and the remote port (second parameter). You must include the port and the IP address.
    Get network shares Windows Get the list of network shared resources from the system.
    Get persistence registry keys Windows Get registry key values commonly used for persistence by attackers.
    Get recent files Windows Get the list of recent files.
    Get recent items macOS Lists recently opened files.
    Get running processes Windows, Linux, and macOS List running processes.
    Get running services Windows List running services.
    Get SSH authorized keys macOS, Linux Get the list of SSH authorized keys allowed in the system.
    Get users launchd services macOS Get the list of LaunchAgents and LaunchDaemons services installed in the system.
    Get wifi connection status macOS Get information from the current wifi connection.
    Get wifi preferred connections macOS Get information from the preferred wifi connections.
  7. Click Run.