Documentation Center
AlienVault® USM Central™

Alarms List View

USM Central's Alarms page provides an overview of alarms triggered within connected deployments of USM Anywhere and USM Appliance. Here you can review all alarm activity, view only a select number of deployment alarms, of filter the alarms by specific details. The main Alarms page displays a graph showing an overview of recent alarm activity, and a list of the most recent alarms below it.

Across the top, you can see any filters you have applied, and you have the option to create and select different views of the alarms. The main part of the page is the list of alarms. Each row describes an individual alarm and includes a check box on the left side of each one for selecting it. You can select all alarms on the same page by clicking the check box in the first column of the header row.

Alarm Summary Graph

The section above the page includes There is a bubble graph that provides a graphical representation of alarms by intent. Blue circles indicate the number of times that an alarm in an intent showed. A bigger circle indicates a higher number of alarms. You can mouse over each of the circles to get the actual number of different types of intent. In addition, if you click any of the blue circles, USM Central displays only the alarms corresponding to that circle. You can change the displayed period of time by clicking the Created during filter.

Alarms graphed by intent are sorted into five different categories, which are represented by the graphic icons in the display

Delivery & Attack
Environmental Awareness
Exploitation & Installation
Reconnaissance & Probing
System Compromise

Alarm List Columns

For each alarm in the alarm columns list, USM Central displays useful information to help you determine the best response.

List of the default columns in Alarms
Column / Field Name Description
Intent Describes the attack pattern of indicators intruding on your system
Strategy Type of attack
Method If known, the method of attack or infiltration associated with the indicator that generated the alarm
Deployment Name of the deployment on which the alarm has been triggered
Time Created The date and time of the creation of the alarm. The displayed date depends on your computer's time zone
OTX Indicates if it is an OTX alarm or not. If the icon is active, click on it to go the OTX site
Sources Hostname or IP address of the source
Destinations Hostname or IP address of the destination
Labels Label(s) applied to the alarm
Sensors Sensor associated with the alarm
Priority Impact of the detected attack. Can be Low, Medium, or High. See Priority Field for Alarms for more information

From the list of alarms, you can click on any individual alarm row to display more information on the selected alarm, including individual events that actually triggered the alarm. See View Alarm Details for further details.

You can also sort items by selecting 20, 50, or 100 below the result table. Some columns can be classified if you click the icons to the right side of the heading. You will sort the item information in ascending and/or descending order.

Click the Export as Report Icon () to export alarmseventsassetsasset groupsvulnerabilitiesconfiguration issues.

Configure Columns

You can configure the columns/fields that display in the list and save your columns configuration to get back to it whenever you need it.

To configure the agent your columns

  1. From the alarmsAlienVault Generic Plugin list view, click the Manage Columns icon () to open the Columns Configuration popup window.
  2. Search the columns you want to have in the list view. You can type your search in the search boxagent in the available columns.
  3. Use the icons () and () to pass the items from one column to the other and select the columns you want to see.
  4. Use the icon () to pass the items from one column to the other.
  5. Click Apply.

Note: If you export a report when you have set custom columns, your report will keep the columns you have configured.

Important: If you want to keep your configuration, you need to save it by clicking the pull-down menu Save View > Save as. Otherwise, your custom view will not be kept when you move to another feature.

Views

To create a view configuration

  1. From the Alarms AlienVault Generic Plugin list view, click the Manage Columns icon () .
  2. Use the icons () and () to pass the items from one column to another and select the columns you want to see.
  3. Click Apply.
  4. If you want to delimit the search, select the filters you want to apply.
  5. Click the pull-down menu Save View > Save as.
  6. Type a name for the view and click Save.

To select a configured view

  1. From the AlarmsAlienVault Generic Plugin list view, click the View pull-down menu above the filters.
  2. Click Saved views and select the view you want to see.
  3. Click Apply.