Documentation Center
AlienVault® USM Anywhere™

Searching for Assets

  Role Availability   Read-Only   Analyst   Manager

USM Anywhere includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search box, in the upper left corner of the page.

Note: The management of filters is similar to that for assets. See Managing Filters for more information.

See To add or delete filters from the Search and Filters area for more information.

Filters displayed by default in the main Assets page
Filter Name Meaning
Advanced Search Use this filter for searching a specific value of a field. See Advanced Search on Assets for more information.
Stats Filter assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. having eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall., alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., vulnerabilities or configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure..
Sensor Filter assets by the associated sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation..
Asset Origin Type Filter assets by who added the asset to the system.
Group Membership Filter assets by the associated group.
Instance Type (Only for AWS sensor). Filter assets by AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. instance type.
Region (Only for AWS sensor). Filter assets by AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. region.
Operating System Filter assets by Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux..
Asset Type Filter assets by asset type. See USM Accepted Asset Types.
Associated Plugin Filter by assets that have pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. manually enabled.
Service Filter assets by service.
Software Filter assets by software.

The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. The icons next to each filter title are:

Icons next to the filter title
Sort the filters alphabetically.
Sort the filters by number of items that matches them.

In the upper left side of the page, you can see any filters you have applied. Remove filters by clicking the icon next to the filter. Or clear all filters by clicking Reset All Filters.

Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR.

Those filters that have more than 10 options include a Filter Value search box for writing text and make the search easier.

USM Anywhere enables you to toggle the mode of search. The available modes are Standard and Advanced. You can change from one mode to the other by clicking the icon or clicking the icon located in the upper left corner of the page.

Standard Mode

This mode enables you to select one value per filter at the same time and the search is automatically performed. This mode is ON by default.

To active the Standard Mode when the Advanced Mode is ON

  1. Go to Environment > Assets.
  2. In the upper left corner of the page, click the icon.
  3. Note: If you exit the advanced mode and the selected filters are not compatible with the Standard Mode, a warning popup window displays to inform you the current filters will be removed.

Advanced Mode

This mode enables you to select more than one value per filter at the same time. This mode is OFF by default.

To active the Advanced Mode

  1. Go to Environment > Assets.
  2. In the upper left corner of the page, click the icon to active the advanced mode. This turns the icon green.

To perform a search in the advanced mode

  1. Go to Environment > Assets.
  2. In the upper left corner of the page, click the icon to active the advanced mode. This turns the icon green.
  3. Click the filters that you want to select.
  4. In the lower left corner of the page, click Apply Filters.
  5. Click Apply Filters Button to execute a search

    The result of your search displays.

To search using the operator NOT

  1. Go to Environment > Assets.
  2. In the upper left corner of the page, click the icon to activate the advanced mode.
  3. Click the filter that you want to exclude.
  4. In the filter group, click Not .
  5. Important: This operator is not available when you have selected the title.

    Note: The selected filter displays this icon and the filter chiclet is labeled in red.

To search all values of a filter

  1. Go to Environment > Assets.
  2. In the upper left corner of the page, click the icon to activate the advanced mode.
  3. Select a filter title to select all filters below that title.

Searching Assets by Using the Search Box

To search Assets using the search box

  1. Go to Environment > Assets .
  2. Enter your search in the Enter search value box.
  3. Note: If you want to search for an exact phrase having two or more words, you will need to put quotation marks around the words in the phrase.

    Note: Keep in mind that wildcard characters are considered as literals.

  4. Click the icon.
  5. The result of your search displays with the items identified.

Advanced Search on Assets

The advanced search option enables you to enter a search value on a selected field.

Advanced Search Fields (first drop-down menu)
Filter Name Meaning
Name Filter assets by the name of the asset.
Description Filter assets by the asset description.
IP/CIDR Filter assets by IP/CIDRClassless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses.. This is a method for allocating IP addresses and routing Internet Protocol packets. It is the range of IP addresses that define the network.
FQDN Filter assets by Fully Qualified Domain Name.
Device Type Filter assets by device type.
Operating Service Filter assets by Operating System.
Service Filter assets by service.
Software Filter assets by software.
Associated Plugin Filter assets by the plugin associated to the asset.
Alarm Counter Filter assets by number of alarms.
Event Counter Filter assets by number of events.
Vulnerability Counter Filter assets by number of vulnerabilities.
Configuration Issue Counter Filter assets by number of configuration issues.
PCI Asset Filter assets by PCI Asset, if the asset is included or not in the PCI DSS Asset Group. See Asset Group List View and Working with Assets and PCI DSS for more information.
HIPAA Asset Filter assets by HIPAA Asset, if the asset is included or not in the HIPAA Asset Group. See Asset Group List View for more information.
Custom User Fields Filter assets by the fields you have created. If you have not created fields, this filter will not display.
Tags (Only for AWS sensor). Identify assets by the tag assigned to an AWS resource.
Sensor Apps Fields (Only for AWS sensor). Identify assets by parameters of the AWS instance.

Note: The result of a search when you use the Alarm Counter filter or the Event Counter filter will depend on if an alarm or an event can identify the source or destination as an asset in the inventory. Your environment can have alarms or events associated with assets included in the inventory and those not included in the inventory. Assets included in the inventory display their names in blue color and assets not included in the inventory display their names in grey color. The alarm and event counter filters only count the identified (blue) assets.

View of assets in the inventory (blue) and assets not in the inventory (grey)

Important: The alarms and events counts are not updated in real time, they are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.

Advanced Search Fields (second drop-down menu)

Filter Name Meaning
> Greater than
>= Greater than or equal to
< Less than
<= Less than or equal to
Equal Equal to
IP Range Range of IP address
Like Search for the specified pattern
Not Equal Not equal to
Not Like Not true

To search assets using the advanced search

  1. Go to Environment > Assets.
  2. Below Advanced Search, click Add another filter .
  3. Select a field of the first choice.
  4. Select an option of the second choice.
  5. Enter the search value.
  6. Note: If you want to search for an exact phrase having two or more words, you will need to put quotation marks around the words in the phrase.

  7. Click the Add another filter link if you want to add a new search.
  8. Click the icon.
  9. Click the icon.

The result of your search displays with the assets identified.

Managing Filters

There are many more filters available beyond those that are shown on the Assets page by default. You can configure the filters you want to display.

To add or delete filters from the Search and Filters area

  1. Go to Environment > Assets.
  2. In the lower right area of the filters, click the Configure filters link .
  3. Use the and icons to pass the items from one column to the another one.
  4. Click Apply.

To save a filter configuration

  1. From the asset list view, select the filters you want to see.
  2. Select Save View > Save as.
  3. Enter a name for the view and click Save.
  4. Note: If you have changed the configuration of the assets columns, this configuration will be also saved together with the filter configuration. See Views for more information.