AlienVault® USM Anywhere™

Searching Alarms

Role Availability Read-Only Analyst Manager

USM Anywhere includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search box, which is in the upper left corner of the page.

You can configure more filters and change which filters are displayed by clicking the Configure filters link, which is located in the upper left corner of the page.

Note: The management of filters is similar to that for assets. See Managing Filters for more information.

Filters displayed by default in the main Alarms page

Filter Name Meaning
Created during Identify alarmsAlarms provide notification of an event or sequence of events that require attention or investigation. triggered in the last hour, 24 hours, 7 days, 30 days, or 90 days. You can also configure your own period of time by clicking the icon. This option enables you to customize a range and narrow it to delimit your search per minutes and seconds.
Suppressed

Filter suppressed alarms. See Creating Suppression Rules from the Alarms Page for more information.

Not Suppressed Filter hiding suppressed alarms. The suppressed alarms are hidden by default.
Open/In Review/Closed Filter alarm by Alarm Status. See Alarm Status for more information.
Labels Filter alarms by the applied labels. See Labeling the Alarms for more information.
Intent Filter alarms by the purpose of the alarm. It can be Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, and System CompromiseState or indication that an intruder has bypassed security measures and gained unauthorized access to resources, installed malicious software, or modified existing software or configurations in an attempt to cause damage or steal information.. See Intent for more information.
Strategy Filter alarms by the type of attack. See Strategy for more information.
Method If known, filter alarms by the method of attack or infiltrationIndicator that specifies the method of attack that generated an alarm. For Open Threat Exchange® (OTX™) pulses, this method is the pulse name. associated with the indicator that generated the alarm. See Method for more information.
Sensors Filter alarms by the associated USM Anywhere Sensor. See USM Anywhere Sensor Management for more information.
Asset Groups Filter alarms by asset groupAsset groups are administratively created objects that group similar assets for specific purposes..
Priority Filter alarms by low, medium, or high priority. See Priority Field for Alarms for more information.

The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. These are the icons next to each filter title:

Icons next to the filter title
Sort the filters alphabetically.
Sort the filters by number of items that matches them.

In the upper left side of the page, you can see any filters you have applied. Remove filters by clicking the icon next to the filter. Or clear all filters by clicking Reset All Filters.

Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR.

Those filters that have more than ten options include a Filter Value search box for writing text and make the search easier.

Filtering Alarms by Row Fields

USM Anywhere includes a column with the icon in the Alarms List View page. Use this icon to add filters to your search. When you click this icon, a popup window displays with the specific fields of that row.

To filter alarms by row fields

  1. Go to Activity > Alarms to open the Alarms List View page.
  2. Click the icon of the row you want to add the filters to.
  3. The Add Filters popup window appears.

    Add filters to your search of alarms by row fields

  4. Select the fields that you want to filter during your search. Click Equals or Not to limit your search.
  5. Click Apply.
  6. The result of your search displays with the filters applied.