AlienVault® USM Anywhere™

Adding an Alarm to an Investigation

  Role Availability   Read-Only   Analyst   Manager

USM Anywhere allows you to associate an alarm with an investigation.

To add an alarm to an investigation

  1. Navigate to ACTIVITY > ALARMS.
  2. Search for the alarm or alarms you want to add to the investigation and select them. For assistance, see Searching Alarms.
  3. Click Add to Investigation.
  4. Add to investigation

  5. Search the investigation. You can enter the title or the number that identifies each investigation.
  6. Note: Click Create New Investigation if you want to start a new investigation. See Creating New Investigation for further information.

  7. Click Save.
  8. The connection has been done and you can see it from INVESTIGATIONS, see Evidence on Investigations for more information.