Documentation Center
AlienVault® USM Anywhere™

Events List View

  Role Availability   Read-Only   Analyst   Manager

AlienVault USM Anywhere provides a centralized view of your events. Navigate to ACTIVITY > EVENTS.

The events page displays information on events. On the left you can find the search and filter options. Across the top, you can see any filters you have applied, and you have the option to create and select different views of the events. The main part of the page is the actual list of events. Each row describes an individual event.

If you want to analyze the data and see the additional columns without having to scroll left and right, you can maximize the screen and hide the filter panel. Click the Expanded Filter Panel icon () to hide the filter panel. Click the Collapsed Filter Panel icon () to expand the filter panel.

List of the default columns in Events
Column / Field Name Description
Event Name Name of the event
Time Created The date and time of the creation of the event. The displayed date depends on your computer's time zone
OTX Indicate if it is an OTXThe world’s first truly open threat intelligence community. Enables collaborative defense with open access, collaborative research, seamless integration with USM Anywhere and USM Appliance, and plugin capabilities for other security products. event or not. If the icon displays active, click on it to go the OTX site
Source AssetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.

HostnameA hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network. or IP address of the hostReference to a computer on a network., with national flag if country is known, that initiates the event

Destination Asset Hostname or IP address of the host, with national flag if country is known, that receives the event
Sensor

Name of the USM Anywhere SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. detecting the event The type of sensor is also displayed below the sensor name.

Username Username associated with the event

The asset name includes a chevron icon that can be grey () if the asset is not in the system, or blue () if the asset has been added to the system.

Click the grey chevron icon () to access to the following options

  • Add to current filter. Use this option to add the asset name as a search filter. See Searching Events.
  • Look up in OTX. This option searches the IP address of the source asset in the Open Threat Exchange page. See Using OTX in USM Anywhere
  • Add asset to system. Use this option to create the asset in the system. See Adding Assets.

Click the blue chevron icon () to access the following options

You can configure the view you want for the list of events, see Event Views for more information.

Click Generate Report to export events. See Exporting Events for further details.

The graph above the events list displays the amount of events in a period of time. You can change this period by clicking Created during filter.

Click this button to access to the following options

Events Count/Time options

Option Meaning
Actions / User Reports USM Anywhere account activity based on specific account users and summarized by Create, Read, Update, and Delete categories
Count / Time Provides a chart that shows the number of issues over a period of time
Auth / User Reports authorization actions
Source Map Provides the number of events associated with each country on a global map

Click the star symbol to the left of an item to mark it as a bookmark for quick access. Clicking the Star icon () on the secondary menu shows the bookmarked items and a link to them.

Click the filter icon () to filter your search by row fields. See Filtering Events by Row Fields for further information.

You can also sort items by selecting 20, 50, or 100 below the result table. Some columns can be classified if you click the icons to the right side of the heading. You will sort the item information in ascending and/or descending order.

Configuring Columns

You can configure the columns/fields that display in the list and save your columns configuration to get back to it whenever you need it.

To configure your columns

  1. From the events list view, click the Manage Columns icon () to open the Columns Configuration popup window.
  2. Search the columns you want to have in the list view. You can type your search in the search box.
  3. Use the icons () and () to pass the items from one column to the other and select the columns you want to see.
  4. Click Apply.

Note: If you export a report when you have set custom columns, your report will keep the columns you have configured.

Important: If you want to keep your configuration, you need to save it by clicking the pull-down menu Save View > Save as. Otherwise, your custom view will not be kept when you move to another feature.