Documentation Center
AlienVault® USM Anywhere™

USM Anywhere System Events List View

  Role Availability   Read-Only   Analyst   Manager

AlienVault USM Anywhere provides a centralized view of your system eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.. Navigate to SETTINGS > SYSTEM EVENTS.

The system events page displays information on any events generated within your environment. On the left you can find the search and filters options. Across the top, you can see any filters you have applied, and you have the option to create and select different views of the system events. The main part of the page is the actual list of system events. Each row describes an individual system event.

If you want to analyze the data, you can maximize the screen and hide the filter panel. Click the icon to hide the filter panel. Click the icon to expand the filter panel.

Note: By default, the list will display all System Events created during the last 24 hours.

List of the default columns in Events
Column Field Name Description
Event Name Name of the event
Time Created The date and time of the creation of the event. The displayed date depends on your computer's time zone
Source User Email Email of the user that performed the action. For example, when user [email protected] logs in, the source email is [email protected]
Destination User Email Email of the user that the action is being performed on. For example, if user [email protected] modifies or creates user [email protected], then the destination email is [email protected]
Event Outcome Indicates if the action was success and completed or if it failed
Event Change

It is a small description of what was changed in the system event.

It only gets populated for certain actions and indicates what is being changed. Most of these are user changes. For example, when a user is suspended, locked status is reset, MFAA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence. is enabled/disabled, password updated, etc.

identity Source Address IP address of the event or computer that it takes place on

Click the star symbol to the left of an item to mark it as a bookmark for quick access. Clicking the icon on the secondary menu shows the bookmarked items and a link to them.

You can also sort items by selecting 20, 50, or 100 below the result table. Some columns can be classified if you click the icons to the right side of the heading. You will sort the item information in ascending and/or descending order.


USM Anywhere allows you to define and save a custom System Events view to have your own selected filters.

To create a view configuration

  1. Navigate to SETTINGS > SYSTEM EVENTS.
  2. If you want to delimit the search, select the filters you want to apply.
  3. Click the pull-down menu Save View > Save as.
  4. Type a name for the view and click Save.
  5. The created view is already selected.

To select a configured view

  1. From the System Events list view, click the View pull-down menu above the filters.
  2. Click Saved views and select the view you want to see.
  3. Click Apply.

To delete a configured view

  1. From the System Events list view, click the View pull-down menu above the filters.
  2. Click Saved views and click the icon next to the saved view you want to delete.
  3. A popup window displays to confirm the deletion.

    Note: You are allowed to delete the views you have created.

  4. Click Accept.
  5. Important: The icon will not display if the view is selected.