USM Anywhere includes a wide range of report templates, which are classified according to the compliance templates for alarms, vulnerabilities, and events collected in the system. The templates are grouped into
- PCI. PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. These reports are identified and based on specific PCI DSS requirements to provide the auditor with the specific information requested. For example, PCI DSS requirement 10.7.a: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
- NIST CSF. The NIST Cybersecurity Framework (NIST CSF) provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.
- HIPAA. The Health Insurance Portability and Accountability Act sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment, or operations. Subcontractors, or business associates of business associates, must also be in compliance.
- ISO 27001. ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) developed 27001 to provide requirements for an information security management system (ISMS).
- Type of Data Source. Event Type Templates allow you to easily run a general firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them., authentication, and other types of normalized queries that do not require you to build complex filters based on specific plugin or event types. USM Anywhere supports the following reports: Anomaly Detection, Antivirus, ApplicationA software program that performs some collection of tasks on a computer or some other programmable device., Application Firewall, AuthenticationProcess used to verify the identity of a user, user device, or other entity, usually through a username and password., Authentication and DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services., CloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Application, Cloud Infrastructure, DNS Server, Data Protection, Database, Endpoint Protection, Endpoint Security, Firewall, IDSNetwork device or program that monitors network traffic and logs and reports suspicious network activity indicative of an intrusion., Infrastructure MonitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity., Intrusion DetectionSecurity system capability that attempts to detect actions that may compromise the confidentiality, integrity, or availability of a resource., Intrusion Prevention, Load Balancer, Mail Security, Mail Server, Management Platform, Network Access Control, Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux., Other Devices, Proxy, Router, Router/Switch, Server, Switch, Unified Threat Management, VPN, Web Server, Wireless Security/Management.
- Data Sources. You can find templates based on the most commonly used data sources including NIDSNetwork Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the Sensors that provide management and network monitoring interfaces to networks and network devices., AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform., Amazon DynamoDB, Amazon S3, AWS VPC Flow Logs, AWS Load Balancers, AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers., Cisco Umbrella, Cylance, FireEye, Fortigate, G Suite, McAfee ePO, Office 365, Okta, Palo Alto, SonicWall, Sophos UTM, Watchguard, VMware, Windows, AlienVault Agent. There is also a template for the AlienVault Generic Plugin.
To apply a report template
- Navigate to ACTIVITY > EVENTS.
- From the Events list view, click the View pull-down menu above the filters and select Report templates.
- Select a report. You can use the search box or scroll down the list.
- Click Apply.
The result displays with the filters applied.