The USM Anywhere web user interface (or web UI) provides access to all the tools and capabilities that USM Anywhere makes available for managing the security of your organization’s network and the devices in it. From the USM Anywhere web UI, you can view all essential information about network devices, applicationsA software program that performs some collection of tasks on a computer or some other programmable device., user activity, and network traffic in your environment. You can begin monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. information coming from devices and then go about defining orchestration rules to fine tune the behavior of your system. USM Anywhere includes by default correlation rulesA correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source. to alert you of potential security issues and vulnerabilities.
The USM Anywhere web UI runs in a standard web browser. Your system administrator can provide the web address and credentials to log inLog in (verb): Process in which an individual gains access to a computer system after providing sufficient credentials to authenticate their unique identity. Login (noun): User credentials, typically a username and matching password. and access the features and functions appropriate to your roleTasks and responsibilities based on job description and position within an organization. A user's role is often used to define access to functionality and privileges to perform specific tasks and operations. in your organization’s security operation.
When you first log in, the USM Anywhere web UI displays the main window.
By default, the web UI displays a collection of high-level graphs and charts summarizing activity in your organization’s network. From this main window, you can choose different menu options or click other selectable links and buttons.
Callouts on the screen identify the main navigable elements and selections that are provided consistently through the web UI.
Provides access to the main functions or operations of USM Anywhere. These include
- Dashboards. Display of all SIEMSecurity Information and Event Management (SIEM) systems employ a variety of separate tools to monitor host and network resources for threat activity and compliance status., AssetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. Discovery, Vulnerability AssessmentVulnerability assessment uses active network vulnerability scanning and continuous vulnerability monitoring to provide one of the five essential capabilities., and Vulnerabilities charts, tables, and graphs. There are dashboards that will be displayed depending on the sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. you have installed; there are also dashboards related to the AlienAppAlienApps extend the threat detection and security orchestration capabilities of the USM Anywhere platform to other security tools that your IT team uses, providing a consolidated approach to threat detection and response. you have configured and that will be visible if you have data for them.
- Activity. Display providing search, sorting, filtered selection, and visualization of AlarmsAlarms provide notification of an event or sequence of events that require attention or investigation. and EventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall..
- Environment. Provides display and management of Assets, Asset GroupsAsset groups are administratively created objects that group similar assets for specific purposes., Vulnerabilities, and Configuration IssuesAn identified configuration of software deployed, or features of software in use, which is known to be insecure..
- Reports. Provides display and management of reports which are the result of export data that you can find in assets, asset groups, alarms, events, vulnerabilities, and configuration issues. You can also choose the format of the report (HTML and CSV). There are also Compliance and Event Type Templates.
- Data Sources. Provides options to view and manage deployed USM Anywhere Sensors, the AlienVault Agent, AlienApp, PluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities., and Sensor Apps.
- Settings. Provides options to view and manage credentials and system events. There are administration options which let you manage users and asset fields, display the system status, schedule jobs, and manage orchestration rules. You can also display the data about your subscription and connect your USM AnywhereA SaaS security monitoring solution that centralizes threat detection, incident response, and compliance management across your cloud and on-premises environments. to USM CentralA federation console that enables centralized security monitoring for multiple AlienVault USM Anywhere and AlienVault USM Appliance deployments. environments.
Provides access to the system configuration, the user profile information, the help link, and the bookmarked items:
- Favorites icon (). This icon allows you to see and access alarms, events, or assets that you (or another user) bookmarked for easy access. The number on the icon indicates the number of items bookmarked.
- Help icon (). This icon includes the following options:
- Envelope icon () provides USM Anywhere's notificationsCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. and messages such as maintenance information and product update.
- User icon () menu shows the settings (email, full name, and the possibility of changing the password) of the user who logged into the system, the configuration of receiving alarm notifications, and the ability to log out of the system.
The remainder of this guide describes best practices in performing common network security operations and provides step-by-step instructions for performing specific tasks. Following sections also describe the USM Anywhere web UI from which you can monitor network security and access all of USM Anywhere’s security operation features and functionality.