Documentation Center
AlienVault® USM Anywhere™

The Overview Dashboard

  Role Availability   Read-Only   Analyst   Manager

This dashboard includes three separate sections.

SIEM Section

SIEMSecurity Information and Event Management (SIEM) systems employ a variety of separate tools to monitor host and network resources for threat activity and compliance status. security intelligence combines and correlates collected logs and other data to find maliciousActivity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. patterns in network traffic and within hostReference to a computer on a network. activity.

Overview Dashboard

Widgets in the SIEM Section1Some widgets include a filter. You can hover over the filter to see the details.
Widgets Description
AlarmsAlarms provide notification of an event or sequence of events that require attention or investigation. Total number of alarms for the current day and for the current week
Alarms by Intent Alarms correlated by intent and related to a range of dates. The size of the bubbles depends on the number of issues
Top Alarms by Method List of the top 5 alarms ordered by the method of attack or infiltrationIndicator that specifies method of attack that generated an alarm. For OTX pulses, this method is the pulse name. and including the total number of alarms
Event Data Sources Top pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. to normalize the eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.
Events Trend Graph that displays the trend in events
Sensor Activity Top sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. activity by events and alarms

Asset Discovery Section

AssetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. Discovery discovers assets in your environment, detects changes in assets, and discovers malicious assets in the network.

Overview Dashboard

Widgets in the Asset Discovery Section
Widgets Description
Top Operating Systems List of the top operating systemsSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux. on assets
Asset Information

Software Inventory refers to the total number of assets having software installed

Assets Discovered refers to the total number of assets discovered by the user

Top Assets with Alarms List of the top 5 assets having the most alarms

Vulnerability Assessment Section

Vulnerability AssessmentVulnerability assessment uses active network vulnerability scanning and continuous vulnerability monitoring to provide one of the five essential capabilities. identify vulnerabilities or compliance by comparing the installed software on assets with a database of known vulnerabilities.

Overview Dashboards

Widgets in the Vulnerability Assessment Section
Widgets Description
Assets with Vulnerabilities Total number of assets having vulnerabilities for the current day and for the current week
Vulnerabilities Total number of vulnerabilities in your environment
Vulnerabilities by Severity Top vulnerabilities ordered by severity. See About Vulnerability Severity
Most Vulnerable Assets List of most vulnerable assets