USM Anywhere™

Viewing Assets Details

Role Availability Read-Only Analyst Manager

To view the details of an asset

  1. Go to Environment > Assets.
  2. Next to the asset name whose details you want to review, click the icon .
  3. Select Full Details.

Details of an asset

Click the icon to bookmark an item for quick access. Clicking the icon on the secondary menu shows the bookmarked items and provides links to them.

In the upper left side of the page, you see the name and IP address, along with other fields that describe the particular assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers.. One of these fields is the Create event if asset stops sending data. Use this field to configure a period of time. USM Anywhere starts generating events when the asset has not received messages within the configured period of time. See Events Created When an Asset Stops Sending Data for more information.

On the right, you see the status summary for your asset. It displays the total number of alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., vulnerabilities, and configuration issuesAn identified configuration of software that is deployed, or features of software that is in use, which is known to be insecure.. The circle can display in orange (for alarms and configuration issues), blue for events, and red for vulnerabilities. The number inside each circle indicates the number of alarms, events, vulnerabilities, and configuration issues for the asset. You can click each circle to explore the information of each one.

Note: Configuration Issues are only available for AWSSuite of cloud computing services from Amazon that make up an on-demand computing platform. and AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. Sensors.

Important: The alarms and events counts are not updated in real time, they are calculated every hour. If the counts are not updated, it can happen because new events or alarms are in your environment after the last count.

Important: The vulnerabilities and configuration issues counts are updated after every scan.

Below the status summary, you can see this information:

  • Agent Status. If there is a deployed agent, it displays the connection status of the AlienVault Agent. You can deploy an agent from here. See The AlienVault Agent
  • Credentials. If the credential has been associated to the asset, it displays its name. You can assign and create the credential from here. See Managing Credentials in USM Anywhere for more information.
  • Last Scanned. If it exists, the date of the latest scan. You can schedule jobs from here. See Scheduling Asset Scans for more information.

In the lower side of the page, there is a table area with tabs, some of them correspond to the circles. Each tab contains a table with records, if present, for your asset.

Asset Details view tab description
Tab Information Shown
Asset Groups Asset groupsAsset groups are administratively created objects that group similar assets for specific purposes. on which the asset is included.

Software that is installed on the asset.

Note: You need to run an authenticated asset scan to have a complete list of installed software.


Services that are available on the asset.

Note: You need to run an authenticated asset scan to have a complete list of available services.

AlienApps AlienApps enabled for the asset.
Alarms Alarms related to the asset. There is a bubble graph that provides a graphical representation of alarms by intent. Blue circles indicate the number of times that an alarm in an intent showed. A bigger circle indicates a higher number of alarms. You can hover over each of the circles to get the actual number of different types of intent. In addition, if you click any of the blue circles, USM Anywhere displays only the alarms corresponding to that circle. You can change the displayed period of time by clicking the Last 24 Hours filter.
Events Events related to the asset. Click an event to see its details.
Vulnerabilities Vulnerabilities related to the asset. You can filter the active or inactive vulnerabilities by clicking the specific radio button. Click a vulnerabilityA known issue or weakness in a system, procedure, internal control, software package, or hardware that could be used to compromise security. to see its details.
Configuration Issues Information about operational processes. You can filter the active or inactive configuration issues by clicking the specific radio button. Click a configuration issue to see its details.
Scan History List of the asset scans already run. It includes a time-stamp of the scan, the scan type, the status, and the details of each scan. You can also click the Scan Details link here to download a file containing the details of the most recent authenticated asset scan here for up to a week after the scan was run.
File Integrity This tab is available if the AlienVault Agent has been deployed in the asset. It displays stats about File Integrity Monitoring Events. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. See File Integrity Monitoring for more information.

This tab is available if the AlienVault Agent has been deployed in the asset. It displays information about the agent. You can see the status of the agent (connected or not) and the current version. You can configure a time slot on which the events were received. These slots can be last hour, 24 hours, 7 days, 30 days, or 90 days. You can also see the query history. See The AlienVault Agent for more information. Users whose role is Manager, can also change the configuration profile. See AlienVault Agent Configuration Profiles for more information.

In the upper right side of the page is the Actions button. Use this button to perform actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. on the asset. These consist of: