Documentation Center
AlienVault® USM Anywhere™

Alarms List Columns

  Role Availability   Read-Only   Analyst   Manager

For each alarm in the alarm columns list, USM Anywhere displays useful information to help you determine the best response.

List of the default columns in Alarms
Column Field Name Description
Alarm Summary It displays several fields, which are the type of attack, the method of attack, and how long the alarm happened in the past.
Priority Impact of the detected attack. Can be Low, Medium, or High. See Priority Field for Alarms for more information.
Alarm Status Status applied to the alarm. By default, it can be Open, In Review, and Closed. See Alarm Status for further information. The alarms having the status as 'Closed' will not be displayed in the list.
Sources HostnameA hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network. or IP address of the source, with national flag if country is known, for an event creating the alarm.
Destinations Hostname or IP address of the destination, with national flag if country is known, that received the events generating the alarm.
Sensors SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. name associated with the alarm. The type of sensor is also displayed below the sensor name.
Labels Label(s) applied to the alarm. By default, it can be In Progress, False Positive, Open, and Closed. The user can create and manage labels, see Labeling the Alarms

From the list of alarms, you can click on any individual alarm row to display more information on the selected alarm, including individual events that actually triggered the alarm. See Viewing Alarm Details for further details.

The asset name includes a chevron icon that can be grey () if the asset is not in the system, or blue () if the asset has been added to the system.

Click the grey chevron icon () to access to the following options

  • Add to current filter — Use this option to add the asset name as a search filter, see Searching Events for more information.
  • Find in events — Use this option to execute a search of the asset name in the Events page, see Searching Events for more information.
  • Look up in OTX — This option searches the IP address of the source asset in the Open Threat Exchange page, see Using OTX in USM Anywhere for more information.
  • Add asset to system — Use this option to create the asset in the system, see Adding Assets for more information.

Click the blue chevron icon () to access the following options

You can configure the view you want for the list of alarms, see Alarms Views for more information.

Click Generate Report to export alarms. See Exporting Alarms for further details.

You can add a label to an alarm, which allows you to have classified alarms. See Labeling the Alarms for further information. There is also the possibility of adding a status to an alarm. See Alarm Status for further information. To distinguish between label and status, see What are the differences between Statuses and Labels?.

Click this button to change the graph to a Count/Time view, which provides a chart that shows the number of issues over a period of time.

Click the star symbol to the left of an item to mark it as a bookmark for quick access. Clicking the icon on the secondary menu shows the bookmarked items and a link to them.

Click the filter icon () to filter your search by row fields. See Filtering Alarms by Row Fields for further information.

You can also sort items by selecting 20, 50, or 100 below the result table. Some columns can be classified if you click the icons to the right side of the heading. You will sort the item information in ascending and/or descending order.