In USM Anywhere all alarms have a priority field, which indicates the importance of the alarm. This is a measurement to determine the impact of the alarm in our network.
The priority field can display the text Low, Medium, or High. These texts come from correlationCorrelation identifies potential security threats by identifying relationships between multiple types of events occurring in two or more assets. and orchestration rules. When you create an orchestration rule, you have to type a priority value between 0 and 100. AT&T Alien Labs™ creates the correlation rulesA correlation rule correlates incoming events based on previously defined relationships defined in the correlation directive, associating multiple events, of the same or different event types, from the same data source. and they already include a value. The Alien Labs team sets the value for the correlation rules depending on how critical the alarm is.
The displayed text on the column of alarms depends on the value that the rule has according to this table:
|Displayed text||Value in the rule|
|Low||Between 0 and 33|
|Medium||Between 34 and 66|
|High||Between 67 and 100|
Open the details of an alarm to learn the exact value of the priority level. See Viewing Alarm Details for more information. After you are in the alarm details page, hover over the priority text and a dialog box will show you the exact value.