Overview Dashboard

Role Availability Read-Only Investigator Analyst Manager

This dashboard includes three separate sections.

SIEM Section

SIEM Security Information and Event Management (SIEM) systems employ a variety of separate tools to monitor host and network resources for threat activity and compliance status. security intelligence combines and correlates collected logs and other data to find malicious Activity in a system that exceeds or misuses that access in a manner that negatively affects the confidentiality, integrity, or availability of the organization's information systems. patterns in network traffic and within host Reference to a computer on a network. activity.

Overview Dashboard

Widgets in the SIEM Section1
Widgets Description
Alarms Alarms provide notification of an event or sequence of events that require attention or investigation. Total number of alarms Alarms provide notification of an event or sequence of events that require attention or investigation. for the current day and for the current week.
Alarms by Intent Alarms correlated by intent and related to a range of dates. The size of the bubbles depends on the number of issues.
Top Alarms by Method List of the top 5 alarms ordered by the method of attack or infiltration Indicator that specifies the method of attack that generated an alarm. For Open Threat Exchange® (OTX™) pulses, this method is the pulse name. and including the total number of alarms.
Event Data Sources Most seen data sources to normalize events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall..
Events Trend Graph that displays the trend in events.
Sensor Activity Top sensor Sensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. activity by events and alarms.

Asset Discovery Section

Asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. Discovery discovers assets in your environment, detects changes in assets, and discovers malicious assets in the network.

Overview Dashboard

Widgets in the Asset Discovery Section
Widgets Description
Top Operating Systems List of the top operating systems Software that manages computer hardware resources and provides common services for computer programs. Examples include Microsoft Windows, Macintosh OS X, UNIX, and Linux. on assets.
Asset Information

Software Inventory refers to the total number of assets having software installed

Assets Discovered refers to the total number of assets discovered by the user.

Top Assets with Alarms List of the top 5 assets having the most alarms.

Vulnerability Assessment Section

Vulnerability Assessment Vulnerability assessment uses active network vulnerability scanning and continuous vulnerability monitoring to provide one of the five essential capabilities. identify vulnerabilities or compliance by comparing the installed software on assets with a database of known vulnerabilities.

Overview Dashboards

Widgets in the Vulnerability Assessment Section
Widgets Description
Assets with Vulnerabilities Total number of assets having vulnerabilities for the current day and for the current week.
Vulnerabilities Total number of vulnerabilities in your environment.
Vulnerabilities by Severity Top vulnerabilities ordered by severity. See About Vulnerability Severity
Most Vulnerable Assets List of most vulnerable assets.