AlienVault® USM Anywhere™

Alarm Status

Role Availability Read-Only Analyst   Manager

USM Anywhere includes a set of statuses, which you can use to classify your alarms, track alarm status, and search alarms using statuses as a filter For more information on how to search alarms, see Searching Alarms.

You can not edit or delete the set of default statuses:

  • Open
  • In Review
  • Closed

USM Anywhere enables you to apply just one status to an alarm. You can not apply multiple statuses to the same alarm. To distinguish between label and status, see Differences between Statuses and Labels.

Note: The alarms having the status as 'Closed' will not be displayed in the Alarm list view.

Alarm Status Column inside the Alarms List View

To apply a status to an alarm from the alarms main page

  1. Go to Activity > Alarms.
  2. Search the alarm you want to apply a status. See Searching Alarms for more information.
  3. Select the checkbox to the left of the alarm.
  4. Click Alarm Status and select a status.
  5. Alarm Status menu

  6. Click Apply.

To apply a status to an alarm from the alarms details page

  1. Go to Activity > Alarms.
  2. Search the alarm you want to apply a status. See Searching Alarms for more information.
  3. Click the alarm.
  4. In the Status field, click the icon to edit it.
  5. Select a status and click the icon.

To bulk set the alarm status

  1. Go to Activity > Alarms.
  2. Select all of the alarms to which you want to apply a status. See Searching Alarms for more information. Select the checkbox to the left of an alarm. You can also select several of them or select all alarms at the same time by selecting the first checkbox in the column.
  3. Click Alarm Status and select a status.
  4. Click Apply.

To search alarms having a status

  1. Go to Activity > Alarms.
  2. Click the filter to select the name of the status on the left panel.
  3. The alarm list will display the alarms having the selected status.

Differences between Statuses and Labels

USM Anywhere include several statuses and several labels to classify your alarms. A status is a property of the alarm and a label is a tag the user can assign to an alarm.

These are the main differences:

  • You can add all the labels you need to, but you are not allowed to create a new alarm status.
  • You can apply a label to more than one alarm, but you are not able to apply more than one status to an alarm.
  • Alarms having the status as "Closed" will not be displayed in the Alarm list view.