Documentation Center
AlienVault® USM Anywhere™

Alarms Management

An alarmAlarms provide notification of an event or sequence of events that require attention or investigation. in USM Anywhere consists of one or more eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall., based on one of the following

Note: USM Anywhere stores 10 of the events which have generated the alarm, for 365 days. If the alarm was generated by more than 10 events, USM Anywhere stores the first and the last 9 events.

USM Anywhere allows you to drive actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. in response to incoming alarms. Perhaps the most common action is sending an email to administrators to provide real-time notificationCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. of a critical security incident. Each user can decide if wants to receive alarm notifications, see Managing Your User Account Settings for knowing how to do it.

This topic discusses the following subtopics