AlienVault® USM Appliance™

Raw Log Management

When you select the Analysis > Raw Logs option, USM Appliance displays the following page.

Raw Logs Display

This page provides access and display of all the normalized events that the USM Appliance Logger saved to its archived log files for long-term storage and forensic investigation. The USM Appliance Logger digitally signs and timestamps the archived log files to ensure their integrity and guarantee, for compliance reporting, that the data in log files has not been tampered with. From the Raw Logs page, you can click the Validate () icon to validate that any particular event has not been altered.

By default, the Raw Logs page displays a raw log event trending graph, which shows the number of events occurring within a specified interval of time. You can click on any of the bars to display only the events that occurred within that time frame.

The USM Appliance web UI provides another option, SHOW THE MAIN CHART, which provides another view of raw log events. You can also click the View Pie Graphs () icon to alternate the display to a collection of pie charts that show the distribution of events by sensor, event types, sources, and destinations.

Below the trending chart, you can specify the duration of the time frame, such as last 2 hours, last 24 hours, or last week. In addition, you can specify a logical expression search string query to filter the event display. Below the trending chart, and Search areas, the web UI provides a tabular display of events matching a selected time frame, or matching an indexed or raw query.