AlienVault® USM Anywhere™

Adding an Alarm to an Investigation

Role Availability Read-Only Analyst   Manager

USM Anywhere enables you to associate alarms with an investigation.

Important: You can link up to 100 alarms to each investigation.

To add an alarm to an investigation from the alarms main page

  1. Go to Activity > Alarms.
  2. Search the alarm you want to associate the investigation. See Searching Alarms for more information.
  3. Select the checkbox to the left of the alarm.
  4. Click Add To Investigation and enter the title or the number that identifies the investigation.
  5. Alarm Add To Investigations menu

  6. Click Save.

To add an alarm to an investigation from the alarms details page

  1. Go to Activity > Alarms.
  2. Locate the alarm you want to add to the investigation. See Searching Alarms for more information.
  3. In the Investigation field, click the icon to edit it and enter the title or the number that identifies the investigation.
  4. Details of an alarm, investigation field

    Note: Click Create New Investigation if you want to start a new investigation. See Creating New Investigation for more information.

  5. Click Save.
  6. The connection has been done and you can see it from Investigations. See Evidence on Investigations for more information.