Viewing Alarms with Applied Cisco Umbrella Response Actions

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere uses labels as a mechanism to classify alarms Alarms provide notification of an event or sequence of events that require attention or investigation.. These labels make it easy to filter items by an applied label so that you can locate them easily and track their status. When the BlueApp for Cisco Umbrella executes a response action In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured BlueApp. for an alarm, it automatically applies the Cisco Umbrella label to it. You can select this label as a filter so that a page displays data for only the items related to an BlueApp for Cisco Umbrella response action.

To view alarms with applied Cisco Umbrella response actions

  1. Open the Alarms page.
  2. If the Search & Filters panel is not displayed, click the icon to expand it.

    USM Anywhere includes several filters displayed by default.

  3. Locate the Labels filter and select the Cisco Umbrella label.

    Use the Labels filter to view items with the Cisco Umbrella label

    If the Labels filter is not displayed, click Configure Filters at the bottom of the Search & Filters pane to configure filters for the page. See Managing Filters for more information about configuring filters for the page display.

    In the displayed list, you can scroll the list to the right and view the Labels column.

    Scroll the list to the right to view the Labels column