AlienVault® USM Anywhere™

Searching Events from the Details of an Alarm

USM Anywhere enables you to search for events from the details of an alarm using the selected value as a filter in the search.

The HTTP Hostname or the DNS RR Name fields

All alarms that include the fields HTTP Hostname or the DNS RR Name give you the option of searching for events by using these fields. The alarm needs to include these fields.

Alarm Details, HTTP Hostname field Alarms Details, DNS RR Name field

To configure the HTTP Hostname or the DNS RR Name filters

  1. Go to Activity > Alarms.
  2. In the upper left corner of the page, click the Configure Filters link.
  3. Filters Configuration dialog box on Alarms

  4. In the search filters box, enter HTTP or DNS and select the desired filter.
  5. Use the and icons to pass the items from one column to the other.
  6. Click Apply.
  7. The selected filters display.

    HTTP Hostname and DNS RR Name filters selected

To use the search pivot in the HTTP Hostname or the DNS RR Name fields

  1. Go to Activity > Alarms.
  2. Click an alarm that includes the fields HTTP Hostname or the DNS RR Name to see its details.
  3. Click the icon located next to the asset name in one of these fields.
  4. Alarm details, search pivot option

  5. Choose a date range:
    • Last 24 hours: Run the search in the last 24 hours.
    • Custom Range: Customize a range and narrow it to delimit your search per minutes and seconds.
  6. Click Find in events to display the events list page with the specific events.

Searching for Events by Using the Source or Destination Fields

USM Anywhere gives you the option of searching for events by using the Source or the Destination fields.

To search for events using the Source field

  1. Go to Activity > Alarms.
  2. Click an alarm to see its details.
  3. Click the icon next to the Source field.
  4. Alarm details, Search Pivot option

  5. Choose a date range:
    • Last 24 hours: Run the search in the last 24 hours.
    • Custom Range: Customize a range and narrow it to delimit your search per minutes and seconds.
  6. Click one of these links:
    • Find Source in Events: Use this link to search events having the same source as the alarm.
    • Find Source & Destination in Events: Use this link to search events having the same source and destination as the alarm.

    The result of your search displays with the filters applied.