Documentation Center
AlienVault® USM Anywhere™

Alarms List View

  Role Availability   Read-Only   Analyst   Manager

AlienVault USM Anywhere provides a centralized view of your alarmsAlarms provide notification of an event or sequence of events that require attention or investigation.. Navigate to ACTIVITY > ALARMS.

The alarms page displays information on alarms. On the left you can find the search and filters options. Use filters to delimit your search. See Searching Alarms for further information. Across the top, you can see any filters you have applied, and you have the option to create and select different views of the alarms. The main part of the page is the actual list of alarms. Each row describes an individual alarm and includes a check box on the left side of each one for selecting it. You can select all alarms on the same page by clicking the check box in the first column of the header row.

Alarm Summary Graph

The section above the page includes a bubble graph that provides a graphical representation of alarms by intent. Blue circles indicate the number of times that an alarm in an intent showed. A bigger circle indicates a higher number of alarms. You can hover over each of the circles to get the actual number of different types of intent. In addition, if you click any of the blue circles, USM Anywhere displays only the alarms corresponding to that circle. You can change the displayed period of time by clicking the Created during filter.

Alarms graphed by intent are sorted into five different categories, which are represented by the graphic icons in the display

If you want to analyze the data and see the additional columns without having to scroll left and right, you can maximize the screen and hide the filter panel. Click the Expanded Filter Panel icon () to hide the filter panel. Click the Collapsed Filter Panel icon () to expand the filter panel.

Alarm Summary Graph

Use the Line Chart icon () to change the alarms view, which is by default Alarms by Intent. This view is a bubble graph that provides a graphical representation of alarms by intent.

Line Chart Icon

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a framework for understanding attackers' behaviors and actions. USM Anywhere and Open Threat Exchange include MITRE ATT&CK information. The alarms view incorporates a table with tactics and techniques to describe adversarial actions and behaviors. Techniques are specific actions an attacker might take and tactics are phases of attacker behavior. This view includes the alarms mapping to their corresponding ATT&CK techniques and helps you to understand the context and the scope of an attack. See MITRE ATT&CK for further information.

The MITRE&CK™ alarm view

The headers of the table are the eleven ATT&CK tactics and each tactic has numerous techniques, which are the rows. The tooltips match the ID Technique provided by MITRE ATT&CK. Some techniques display in several tactics. If you click in one of the techniques, the specific filters are added and the list shows the result.

Applied filters in the MITTRE ATT&CK™ alarm view

USM Anywhere includes The MITRE ATT&CK Dashboard to have an overview of the displayed information on this view.

The Alarm Strategies by Intent view displays a table with the purposes of the alarm, which is the Intent that are the headers of the table. The rows display the strategies.

Alarm Strategies by Intent