Documentation Center
AlienVault® USM Anywhere™

Investigations List View

  Role Availability   Read-Only   Analyst   Manager

The Investigations page provides a list of all of the investigations created in your environment. Go to Investigations to open a centralized view of your investigations. Each row describes an individual investigation.

The Investigations page includes navigation and filtering elements to help you locate the investigations you want to review. When you go to Investigations, the page displays all of the open and in review items by default.

List of the default columns in the Investigations page
Column / Field Name Description
Title Name identifying the investigation.
ID ID identifying the investigation. This is a sequential and automatic number assigned by the system.
Severity Severity of the investigation. Values are Low, Medium, and High.
Status

Status applied to the investigation. It can be Open, In Review, and Closed. See Viewing Investigations Details if you want to change the status.

Intent Classify your investigation. It can be Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, and System Compromise. See Intent for more information.
Created The date and time of the creation of the investigation. The displayed date depends on your computer's time zone.
Assignee Email of the person to whom the investigation has been assigned.
Last Updated The date and time that the Investigation page was last updated. The displayed date depends on your computer's time zone.
Last Updated by Email of the last person who has updated the investigation.

Use the icon if you want to modify some information, see Editing Investigations.

Use the icon if you want to delete an investigation, see Deleting Investigations.

Sort and Filter the Displayed Investigations

To change the sort order of the displayed list, click the column label for the field that you want to use to sort the list. Use the filters at the top of the list to change the displayed list so that it includes only the jobs you want to see.

Available filters on the Investigations page

  • Filter by Title or ID — Enter a search string for the name of the investigation or ID identifying the investigation to display only matching jobs.
  • Severity — Select a value between Low, Medium, or High. You also have the option All to display all of the severities that you have in your environment.
  • Intents — Select a value between Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, and System Compromise.
  • Assignee — Select the email of the person of whom you want to display its assigned investigations.
  • Open — Select this checkbox if you only want to display the investigations that are open.
  • In Review — Select this checkbox if you only want to display the investigations that are in review.
  • Closed — Select this checkbox if you only want to display the investigations that are closed.