USM Central provides a consolidated view of any alarms triggered within all of your connected deployments. The displayed alarms in USM Central are compiled from the connected deployments. An alarm consists of one or more events, based on the following:
One or more rules performed by the correlationCorrelation identifies potential security threats by identifying relationships between multiple types of events occurring in two or more assets. engine of USM Anywhere or USM Appliance, which analyzes these events for behavioral patterns. These rules look at and connect events to assess their priority and reliability and, when the system identifies a pattern, it generates an alarm.
An orchestration rule defined and enabled in a deployment, which is configured to raise an alarm when a particular type of event is found.
Important: USM Central displays the first 10 events associated with an alarm. If you need to see more events, you can drill into the specific deployment that created the original alert. See Drill Down to a Specific Deployment for further information.
Topics covered in this section include the following: