AlienVault USM Anywhere provides a centralized view of your alarmsAlarms provide notification of an event or sequence of events that require attention or investigation.. Go to Activity > Alarms.
Note: You can watch the Conducting Security Analysis with AlienVault USM Anywhere customer training webcast on-demand to learn how to leverage USM Anywhere to perform security analyst duties.
The alarms page displays information on alarms. On the left you can find the search and filters options. Use filters to delimit your search.
Alarm Summary Graph
Alarms graphed by intent are sorted into five different categories, which are represented by the graphic icons in the display:
- Delivery & Attack ()
- Environmental Awareness ()
- Exploitation & Installation ()
- Reconnaissance & Probing ()
- System CompromiseState or indication that an intruder has bypassed security measures and gained unauthorized access to resources, installed malicious software, or modified existing software or configurations in an attempt to cause damage or steal information. ()
If you want to analyze the data
Use the icon to change the alarms view, which is by default Alarms by Intent. This view is a bubble graph that provides a graphical representation of alarms by intent.
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a framework for understanding attackers' behaviors and actions. USM Anywhere and AT&T Alien Labs™ Open Threat Exchange® (OTX™) include MITRE ATT&CK information. The alarms view incorporates a table with tactics and techniques to describe adversarial actions and behaviors. Techniques are specific actions an attacker might take and tactics are phases of attacker behavior. This view includes the alarms mapping to their corresponding ATT&CK techniques and helps you to understand the context and the scope of an attack. See MITRE ATT&CK for more information.
The headers of the table are the 11 ATT&CK tactics and each tactic has numerous techniques, which are the rows. The tooltips match the ID technique provided by MITRE ATT&CK. Some techniques display in several tactics. If you click in one of the techniques, the specific filters are added and the list shows the result.
USM Anywhere includes MITRE ATT&CK Dashboard to have an overview of the displayed information in this view.
The Alarm Strategies by Intent view displays a table with the purposes of the alarm, which is the intent that are the headers of the table. The rows display the strategies.