USM Anywhere includes the option of searching items of interest on the page. There are several filters displayed by default. You can either filter your search or enter what you are looking for in the search field.
You can configure more filters and change which filters to display by clicking the Configure Filters link located in the upper-left side of the page.
The following table lists the filters you see on the page.
|Last 24 Hours||Identify alarmsAlarms provide notification of an event or sequence of events that require attention or investigation. triggered in the last hour, 24 hours, 7 days, 30 days, or 90 days. You can also configure your own period of time by clicking the Custom Range option. This option enables you to customize a range. When you click Custom Range, a calendar opens. You can choose the first and last day to delimit your search by clicking the days on the calendar or entering the days directly. Then select the hours, minutes, and seconds by clicking the specific box. Finally, select AM or PM.|
|Open/In Review/Closed||Filter alarms by Alarm Status. See Alarm Status for more information.|
Filter suppressed alarms.
|Not Suppressed||Filter hidden suppressed alarms. The suppressed alarms are hidden by default.|
|Labels||Filter alarms by the applied labels. See
|Intent||Filter alarms by the purpose of the alarm. It can be Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, and System CompromiseState or indication that an intruder has bypassed security measures and gained unauthorized access to resources, installed malicious software, or modified existing software or configurations in an attempt to cause damage or steal information.. See Intent for more information.|
|Strategy||Filter alarms by the type of attack. See
|Method||If known, filter alarms by the method of attack or infiltrationIndicator that specifies the method of attack that generated an alarm. For Open Threat Exchange® (OTX™) pulses, this method is the pulse name. associated with the indicator that generated the alarm. See Method for more information.|
|Sensors||Filter alarms by the associated USM Anywhere Sensor. See USM Anywhere Sensor Management for more information.|
|Asset Groups||Filter alarms by asset groupAsset groups are administratively created objects that group similar assets for specific purposes..|
|Priority||Filter alarms by low, medium, or high priority. See Priority Field for Alarms for more information.|
Note: Filtering large asset groups will only return data from the most recent 1024 assets. See Creating An Asset Group for more information about this limitation.
The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results.
The following table shows the icons displayed with each filter box.
|Sort the filters alphabetically.|
|Sort the filters by number of items that matches them.|
In the upper-left side of the page, you can see any filters you have applied. Remove filters by clicking theicon next to the filter. Or clear all filters by clicking Reset.
Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR operator.
Those filters that have more than 10 options include a Filter Values search field for writing text and making the search easier. If there are more than 50 search results, a icon appears to the right of the Filter Values search field. Click this icon to download a CSV containing up to 1024 results.
Filtering Alarms by Row Fields
USM Anywhere includes a column with the icon in the list view in the