USM Central provides a consolidated view of any alarms Alarms provide notification of an event or sequence of events that require attention or investigation. triggered within all of your connected deployments. The displayed alarms in USM Central are compiled from the connected deployments. An alarm consists of one or more events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall., based on the following:
-
One or more rules performed by the correlation Correlation identifies potential security threats by identifying relationships between multiple types of events occurring in two or more assets. engine of USM Anywhere or USM Appliance, which analyzes these events for behavioral patterns. These rules look at and connect events to assess their priority and reliability and, when the system identifies a pattern, it generates an alarm, which requires attention and investigation. See Correlation Rules for more information.
-
One orchestration rule, which is designed to raise an alarm when a particular type of event is found. See Orchestration Rules Management for more information.
USM Central displays the first 10 events associated with an alarm. If you need to see more events, you can drill into the specific deployment that created the original alert. See Drill Down to a Specific Deployment for more information.
Alarms in USM Anywhere that are suppressed or have a closed status are, by default, not forwarded to USM Central. You can have them forwarded from USM Anywhere by going to Settings > My Subscription in USM Anywhere and clicking the Suppressed Alarm Synchronization toggle.
Topics covered in this section include: