AlienVault® USM Anywhere™

Searching for Asset Groups

Role Availability Read-Only Analyst Manager

USM Anywhere includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search box, which is in the upper left corner of the page.

You can configure more filters and change which filters are displayed by clicking the Configure filters link, which is located in the upper left corner of the page.

Note: The management of filters is similar to that for assets. See Managing Filters for more information.

Filters displayed by default in the main Asset Groups page
Filter Name Meaning
Asset Grouping Filter asset groupsAsset groups are administratively created objects that group similar assets for specific purposes. by "Static" and "Dynamic".
Advanced Search Use this filter for searching a specific value of a field. The advanced search is similar to that for assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. See Advanced Search on Assets for more information.
Sensor Filter asset groups by the associated sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation..
Asset Origin Type Filter asset groups by who added the asset group to the system.
Instance Type (Only for AWS sensor). Filter asset groups by AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. instance type.
Region (Only for AWS sensor). Filter asset groups by AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. region.
Operating System Filter asset groups by Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux..
Asset Type Filter asset groups by asset type, see USM Accepted Asset Types.
Associated Plugin Filter asset groups by assets which have pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. manually enabled.
Service Filter asset groups by service.
Software Filter asset groups by software.

Note: Keep in mind that the "Enter search phrase" box and the "Asset Grouping" filter make the search in the asset groups. The rest of the filters make the search in the members of the asset group. So long as a member of the asset group matches the selected filter, USM Anywhere will display the asset group, even if there is only a member matching that filter.

The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. These are the icons next to each filter title:

Icons next to the filter title
Sort the filters alphabetically.
Sort the filters by number of items that matches them.

In the upper left side of the page, you can see any filters you have applied. Remove filters by clicking the icon next to the filter. Or clear all filters by clicking Reset All Filters.

Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR.

Those filters that have more than ten options include a Filter Value search box for writing text and make the search easier.

USM Anywhere enables you to toggle the mode of search. The available modes are Standard and Advanced. You can change from one mode to the other by clicking the icon or clicking the icon located in the upper left corner of the page.

Standard Mode

This mode enables you to select one value per filter at the same time, and then the search is automatically performed. This mode is ON by default.

To activate the Standard Mode when the Advanced Mode is ON

  1. Go to Environment > Asset Groups.
  2. In the upper left corner of the page, click the icon.
  3. Note: If you exit the advanced mode and the selected filters are not compatible with the Standard Mode, a warning popup window displays to inform you the current filters will be removed.

Advanced Mode

Advanced Mode enables you to select more than one value per filter at the same time. This mode is OFF by default.

To activate the Advanced Mode

  1. Go to Environment > Asset Groups.
  2. In the upper left corner of the page, click the icon to active the advanced mode. This turns the icon green.

To perform a search in the Advanced Mode

  1. Go to Environment > Asset Groups.
  2. In the upper left corner of the page, click the icon to active the advanced mode. This turns the icon green.
  3. Click the filters that you want to select.
  4. In the lower left corner of the page, click Apply Filters.
  5. Click Apply Filters Button to execute a search

    The result of your search displays.

To search using the operator NOT

  1. Go to Environment > Asset Groups.
  2. In the upper left corner of the page, click the icon to activate the Advanced Mode.
  3. Click the filter that you want to exclude.
  4. In the filter group, click Not .
  5. Important: This operator is not available when you have selected the title.

    Note: The selected filter displays this icon and the filter chiclet is labeled in red.

To search all values of a filter

  1. Go to Environment > Asset Groups.
  2. In the upper left corner of the page, click the icon to activate the Advanced Mode.
  3. Select a filter title to select all filters below that title.

Searching Asset Groups by Using the Search Box

To search Asset Groups using the search box

  1. Go to Environment > Asset Groups .
  2. Enter your search in the Enter search phrase box.
  3. If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase.

    Note: Keep in mind that wildcard characters are considered as literals.

  4. Click the icon.
  5. The result of your search displays with the items identified.