Documentation Center
AlienVault® USM Anywhere™

Running Queries from the Details View of an Asset

  Role Availability   Read-Only   Analyst   Manager

To run a user-initiated agent query from the details view of an Asset

  1. Go to ENVIRONMENT > ASSETS.
  2. Search the asset, click the blue chevron icon () located next to the asset name you want to run the agent query and select Full Details.
  3. Click Actions > Agent Query.
  4. Menu for the Agent Query

  5. Select the query you want to run. The available queries include
    • Get file information. Get information from the file specified in the first parameter. You must include the file path of the file.
    • Get network connection information. Get information from a network connection based on the remote address (first parameter) and the remote port (second parameter). You must include the port and the IP address.
    • List listening processes. List the processes with listening sockets.
    • List logged-in users. List the current logged-in users.
    • List network connections. List the current network connections.
    • List running processes. List running processes.

    Important: The Get network connection information query is only available for the Linux agents.

  6. Click Run.
  7. A green message will display at the top to inform you the query is in progress. When the query is complete, the results are visible in events. You can also click the Agent tab in the details of the asset to see the Query History. You can see the name of the query, the date on which the query was run, the status (Query In Progress, Processing Events, and Completed), and, once the query is complete, there is the View Results link. This link goes to the filtered events.

    Viewing the Query History through the Assets Details

    Note: The queries generate events when you run them. They do not generate events continuously; you have to run the query again if you want to generate new events.