AlienVault® USM Anywhere™

Created Events when an Asset Stops Sending Data

Role Availability Read-Only Analyst Manager

USM Anywhere gives you the option of configuring a period of time from the details of an asset. When your environment is not receiving events from an asset within the configured period of time, USM Anywhere generates monitoring events that display in the Events List View page. USM Anywhere will generate new monitoring events until the asset starts reporting again. You can see two types of monitoring events:

  • Event from asset not received: Event details to include asset name. It includes the total disconnected time and when the last message was received.
  • Event from asset received: Event details to include asset name.

Warning: Keep in mind that monitoring events are generated when your environment is not receiving events from an asset either because the asset is not sending events or because of a filtering rule. If you have a rule that filters events coming from an asset, from the perspective of USM Anywhere that asset is not sending events.

To configure the period of time

  1. Go to Environment > Assets.
  2. Next to the asset name whose details you want to review, click the icon .
  3. Select Full Details.
  4. In the upper left side of the page, set a period of time in the Create event if asset stops sending data field by clicking the icon. You can select a predefined value between None, 1 hour, 6, 12, 24, 72 hours, 1 week, 2 weeks, or 1 month.
  5. Note: By default this field is configure to None.

    Details of an asset

  6. Click the icon to set the value.
  7. The events are displayed in the Events List View page.

To see created events when an asset stops sending data

  1. Go to Activity > Events.
  2. Locate the Event Name filter and select one of the filters Event from Asset not received or Event from Asset received.
  3. The result displays with the filtered events.

  4. Click the event to see its details.