Documentation Center
AlienVault® USM Anywhere™

What Expectations Should I Have of Security Monitoring?

Security monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. is often about monitoring often-overlooked things such as hostReference to a computer on a network., device, and application vulnerabilities, because those are typically the same things that attackersOne who maliciously attempts to bypass security restrictions or negatively impact a system or resource. will leverage against you later in carrying out attacks or attempting unauthorized accessAn incident-type categorization that may be a precursor to other actions or stages of an attack. to data or resources. A good network security monitoring system discovers things every day that provide value to security efforts. USM Anywhere can help to locate or identify

USM Anywhere priorities for network security operations are determined primarily by correlation rulesA correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source.. The rules link eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. together into meaningful bundles and turn data into useful information. Correlation is a function of USM Anywhere, which configures automated analysis of correlated events for identifying potential security threats and produces alerts to notify recipients of immediate issues. You can also create orchestration and suppression rules to secure your network security operations.