AlienVault® USM Anywhere™

Adding an Event to an Investigation

Role Availability Read-Only Analyst   Manager

USM Anywhere enables you to associate events with an investigation.

Important: You can link up to 100 events to each investigation.

To add an event to an investigation from the events details page

  1. Go to Activity > Event.
  2. Locate the event you want to add to the investigation. See Searching Events for more information.
  3. In the Investigation field, click the icon to edit it and enter the title or the number that identifies the investigation.
  4. Note: Click Create New Investigation if you want to start a new investigation. See Creating New Investigation for more information.

  5. Click Save.
  6. The connection has been done and you can see it from Investigations. See Evidence on Investigations for more information.