USM Anywhere™

Searching for Assets

Role Availability Read-Only Analyst Manager

USM Anywhere includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search field, which is in the lower-left corner of the page.

You can configure more filters and change which filters display by clicking the Configure filters link, which is located in the upper-left corner of the page. See Managing Filters for more information.

Filters Displayed by Default in the Main Assets Page
Filter Name Meaning
Advanced Search Use this filter for searching a specific value of a field. See Advanced Search Filter on Assets for more information.
Stats Filter assetsAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. having eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., vulnerabilities, or configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure..
Sensor Filter assets by the associated USM Anywhere sensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation..
Asset Origin Type Filter assets by who added the asset to the system.
Group Membership Filter assets by the associated group.
Instance Type (Only for the AWS Sensor). Filter assets by Amazon Web Services (AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform.) instance type.
Region (Only for the AWS Sensor). Filter assets by AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. region.
Operating System Filter assets by Operating SystemSoftware that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux..
Asset Type Filter assets by asset type. See USM Accepted Asset Types for more information.

The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. These are the icons next to each filter title:

Icons Next to the Filter Title
Sort the filters alphabetically.
Sort the filters by the number of items that matches them.

In the upper-left side of the page, you can see any filters you have applied. Remove filters by clicking the icon next to the filter. Or clear all filters by clicking Reset.

Selected Filters on the Assets Main Page

Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR operator.

Those filters that have more than ten options include a Filter Value search field for writing text and making the search easier.

USM Anywhere enables you to toggle the mode of search. The available modes are Standard and Advanced. You can change from one mode to the other by clicking the icon or clicking the icon located in the upper left corner of the page.

Standard Mode

This mode enables you to select one value per filter at the same time, and then the search is automatically performed. This mode is ON by default.

To activate the Standard Mode when the Advanced Mode is ON

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the icon.
  3. Note: If you exit the advanced mode and the selected filters are not compatible with the Standard Mode, a warning dialog box displays to inform you the current filters will be removed.

Advanced Mode

Advanced mode enables you to select more than one value per filter at the same time. This mode is off by default.

To activate the advanced mode

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the icon to activate the advanced mode. This turns the icon green.

To perform a search in the advanced mode

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the icon to activate the advanced mode.
  3. This turns the icon green.

  4. Click the filters that you want to select.

    The selected filters display inside a dashed rectangle.

    Selected Filters on the Advanced Search Mode

  5. In the lower-left corner of the page, click Apply Filters. Or in the upper side of the page, click Apply.
  6. The result of your search displays.

To search using the NOT operator

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the icon to activate the advanced mode.
  3. Click the filter that you want to exclude.
  4. In the filter group, click Not.
  5. Important: This operator is not available when you have selected the title.

    Note: The selected filter displays this icon and the filter chiclet is labeled in red.

To search all values of a filter

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the icon to activate the advanced mode.
  3. Select a filter title to select all filters below that title.

Advanced Search Filter on Assets

The Advanced Search filter enables you to enter a search value on a selected field.

Advanced Search Fields (First Drop-Down List)
Filter Name Meaning
Name Filter assets by the name of the asset.
Description Filter assets by the asset description.
UUID Filter assets by the universally unique identifier (UUID).
IP/CIDR Filter assets by IP and Classless Inter-Domain Routing (CIDRClassless Inter-Domain Routing, which provides a method for allocating IP addresses, routing Internet protocol packets, and subdividing networks. CIDR notation provides a syntax for specifying a range of IP addresses.). This is a method for allocating IP addresses and routing IP packets. It is the range of IP addresses that define the network.
FQDN Filter assets by Fully Qualified Domain Name (FQDN).
Asset Type Filter assets by asset type.
Instance Type Filter assets by instance type.
Region Filter assets by region.
Operating System Filter assets by operating system.
Service Filter assets by service.
Software Filter assets by software.
Associated Plugin Filter assets by the plugin associated to the asset.
Alarm Counter Filter assets by the number of alarms.
Event Counter Filter assets by the number of events.
Vulnerability Counter Filter assets by the number of vulnerabilities.
Configuration Issue Counter Filter assets by the number of configuration issues.
PCI Asset Filter assets by Payment Card Industry (PCI) Asset, if the asset is included or not in the PCI Data Security Standards (DSS) Asset Group. See Asset Group List View and Working with Assets and PCI DSS for more information.
HIPAA Asset Filter assets by Health Insurance Portability and Accountability Act (HIPAA) Asset, whether or not the asset is included in the HIPAA Asset Group. See Asset Group List View for more information.
Custom User Fields Filter assets by the fields you have created. If you have not created fields, this filter does not display.

Note: The result of a search when you use the Alarm Counter filter or the Event Counter filter depends on if an alarm or an event can identify the source or destination as an asset in the inventory. Your environment can have alarms or events associated with assets both included in the inventory and those not included in the inventory. Assets included in the inventory display their names in blue, and assets not included in the inventory display their names in gray. The alarm and event counter filters only count the identified (blue) assets.

View of assets in the inventory (blue) and assets not in the inventory (grey)

Important: The alarm and event counts are not updated in real time, but are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.

Advanced Search Fields (Second Drop-Down List)

Operator Meaning
> Greater than.
>= Greater than or equal to.
< Less than.
<= Less than or equal to.
Equal Equal to.
IP Range Range of IP addresses.
Is Empty Include assets with no IP addresses. This operator is available only for IP/CIDR.
Is Not Empty Include assets with IP addresses. This operator is available only for IP/CIDR.
Like Search for the specified pattern.
Not Equal Not equal to.
Not Like Not true.

To search assets using the advanced search filter

  1. Go to Environment > Assets.
  2. Below Advanced Search filter, click Add Filter.

    Advanced Search on the Asset Main Page

  3. Select a field from the drop-down list.
  4. Select an operator from the drop-down list.
  5. Enter the search value.
  6. If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase. This includes email addresses (for example, "bob@mycompany.com").

  7. Click the icon.
  8. Click Add Filter if you want to add a new search.
  9. Click the icon.
  10. Click Apply.

The result of your search displays with the assets identified.

Managing Filters

There are many more filters available beyond those that are shown on the page by default. You can configure the filters you want to display.

To add or delete filters from the Search and Filters area

  1. Go to Environment > Assets.
  2. In the upper-left corner of the page, click the Configure Filters link.

    Filter Configuration Dialog Box

  3. Use the and icons to pass the items from one column to another.
  4. Note: The first three filters in the available column are suggestions and they are not listed in alphabetical order.

  5. Click Apply.

To save a filter configuration

  1. From the Asset List view, select the filters you want to see.
  2. Select Save View > Save as.
  3. Enter a name for the view.
  4. Select Share View if you want to share your view with other users.
  5. Click Save.
  6. Note: If you have changed the configuration of the assets columns, this configuration will also be saved together with the filter configuration. See Views for more information.