USM Anywhere™

Event Views

Role Availability Read-Only Analyst Manager

You can configure the view you want for the list of items in the page.

To create a view configuration

  1. From the List view, click the icon.
  2. Use the and icons to pass the items from one column to another and select the columns you want to see.
  3. Click Apply.
  4. If you want to delimit the search, select the filters you want to apply.
  5. Select Save View > Save as.

    The Save Current View dialog box opens.

    Views dialog vox

  6. Enter a name for the view.
  7. Select Share View if you want to share your view with other users.
  8. Click Save.
  9. The created view is already selected.

To select a configured view

  1. From the List view, click View above the filters.
  2. Click Saved views and select the view you want to see.

    Alarms Main Page, saved views

  3. Note: A shared view includes the icon next to its name.

  4. Click Apply.

To delete a configured view

  1. From the Events list view, click View above the filters.
  2. Click Saved views and click the icon next to the saved view you want to delete.
  3. A dialog box opens to confirm the deletion.

    Note: You can delete the views you have created.

  4. Click Accept.
  5. Important: The icon does not display if the view is selected.

Predefined Views

USM Anywhere includes several predefined views of events based on usual environments and technologies. These views have pre-defined column headers that show the most relevant event fields. You can see a summarized event view without having to spend the time creating a custom view.

These predefined views operate the same way as the views you can create yourself. Some of these views have also predefined filters.

To open the predefined views

  1. Go to Activity > Events.
  2. Open the View option and select Saved Views.

    Saved Views

  3. Select a view and click Apply.

Predefined Views for Events

View Meaning
AlienVault Generic Plugin Displays log data when the USM Anywhere Sensor is unable to match them with AlienApps based on hints and manual associations.
AWS Cloud Activity Displays the most relevant event fields for AWS Amazon Web Services (AWS) is a suite of cloud computing services from Amazon that make up an on-demand platform giving users access to their computing resources.CloudTrailAWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., AWS S3 Access, and ELBElastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. Access.
Azure CloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Activity Displays the most relevant event fields for AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. environmental logs.
Firewall Events Displays the most relevant fields for firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. events. For instance request URL, source username, destination username, etc. depending on the set of fields that is most common to the list of supported firewall AlienApps.
Linux Events Displays the most relevant fields for Linux Events generated by the Linux CRON, SSHProgram to securely log into another computer over a network, execute commands in a remote machine, and move files from one machine to another through Secure Copy (SCP)., and SUDOA program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. AlienApps.
Network IDS Displays the most relevant event fields for NIDSNetwork-based intrusion detection system (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices..
Open Threat Exchange Displays the most relevant feeds that the pulse has matched.
Web Server Events Displays the most relevant fields for Web Server Events, which include Apache, NGinx, and Windows IIS.
Windows Events

Displays the most relevant fields for Windows Events forwarded by NXLog.