USM Anywhere includes a set of predefined templates based on the classification of eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. data source types and based on data sources.
You can find these templates on Reports > Event Type Templates.
Note: For more information about pluginsPlugins specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities., see the Plugin Management page.
There are these types of templates:
- Type of Data Source. Event Type Templates allow you to easily run a general firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them., authentication, and other types of normalized queries that do not require you to build complex filters based on specific plugin or event types. USM Anywhere supports these reports: Anomaly Detection, Antivirus, ApplicationA software program that performs some collection of tasks on a computer or some other programmable device., Application Firewall, AuthenticationProcess used to verify the identity of a user, user device, or other entity, usually through a username and password., Authentication and DHCPNetwork protocol used to dynamically distribute network configuration parameters, such as IP addresses, for interfaces and services., CloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Application, Cloud Infrastructure, DNS Server, Data Protection, Database, Endpoint Protection, Endpoint Security, Firewall, IDSNetwork device or program that monitors network traffic and logs and reports suspicious network activity indicative of an intrusion., Infrastructure MonitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity., Intrusion DetectionSecurity system capability that attempts to detect actions that may compromise the confidentiality, integrity, or availability of a resource., Intrusion Prevention, Load Balancer, Mail Security, Mail Server, Management Platform, Network Access Control, Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux., Other Devices, Proxy, Router, Router/Switch, Server, Switch, Unified Threat Management, VPN, Web Server, Wireless Security/Management.
- Data Sources. You can find templates based on the most commonly used data sources including NIDSNetwork Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the Sensors that provide management and network monitoring interfaces to networks and network devices., AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform., Amazon DynamoDB, Amazon S3, AWS VPC Flow Logs, AWS Load Balancers, AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers., Cisco Umbrella, Cylance, FireEye, Fortigate, G Suite, McAfee ePO, Office 365, Okta, Palo Alto, SonicWall, Sophos UTM, Watchguard, VMware, Windows, AlienVault Agent. There is also a template for the AlienVault Generic Plugin.
Each report listing includes the Generate Report link, which opens which opens the Create Report popup window. You can define a name, a description, a date range, the output format, the number of records, and the additional view you want to include in your report.
To generate a report
- Go to Reports > Event Type Templates to open the page.
- Select a type of template.
Click the Generate Report link on the report you want to run.
- The report name is populated, but you can modify it.
- (Optional.) A description of the report is provided, but you can modify the text.
- If your report has been included in the AlarmsAlarms provide notification of an event or sequence of events that require attention or investigation. or Events Category, you can choose a date range. You can select a predefined range between Last Hour, Last 24 Hours, Last 7 Days, Last 30 Days, or Last 90 Days. You can also set your own date range by clicking the icon.
- If your report has been included in the Vulnerabilities or Configuration IssuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure. Category, you can use the boxes having a date to set your own date range.
- Choose the export format, CSV or HTML.
- Choose the number of records to export.
- If you have chosen the HTML format, you will see the Graphs section. Use this section to include additional views. There are some defaults views already selected, but you can select or remove the graphs you want to include in the report by clicking the and the icons.
- Select Save Report if you want to generate a new report with your modifications.
- Click Generate Report.
- If you have chosen the CVS export format, your browser downloads the exported file automatically.
- If you have chosen the HTML export format, your browser opens a new tab containing the report. You can print it by clicking Print, or save it as PDF.
The Create Report popup window displays.
If you choose CSV, your browser downloads the exported file automatically.
Note: AdBlock blocks the download of CSV reports. To avoid this, you need to add the URL of your USM Anywhere Control Node as an exception in AdBlock.
If you choose HTML, a new tab opens in your browser, displaying the report. You can print it by clicking Print or you can save it as PDF.
Note: If you have checked Save Report, you can see the export reports