AlienVault® USM Anywhere™

Managing the AlienVault Agent Events

Role Availability Read-Only Analyst Manager

USM Anywhere enables you to use the AlienVault pluginsIntegrations specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities. to filter the agent-related eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall..

These Data Source Plugins are related to the AlienVault Agent:

  • AlienVault Agent. This plugin parses the events from the agent, with the exception of Windows events.
  • AlienVault Agent - Windows EventLog. This plugin parses Windows events re-sent through the Agent.

To search events using the filter related to the Agent

  1. Go to Activity > Events.
  2. Locate the Data Source Plugin section.

    Events List View

  3. Click one of them and the result of your search displays.