Event Views

Role Availability Read-Only Investigator Analyst Manager

You can configure the view you want for the list of items in the page.

To create a view configuration

  1. From the list view, click the icon.
  2. Use the and icons to pass the items from one column to another and select the columns you want to see.
  3. Click Apply.
  4. If you want to delimit the search, select the filters you want to apply.
  5. Go to Save View > Save As.

    The Save Current View dialog box opens.

    Views dialog vox

  6. Enter a name for the view.
  7. (Optional.) Select Share View if you want to share your view with other users.
  8. Click Save.
  9. The created view is already selected.

Note: Only users in the Analyst, Manager, or Investigator roles can create a view configuration.

To select a configured view

  1. From the ist view, click View above the filters.
  2. Click Saved Views, and then select the view you want to see.

  3. Note: A shared view includes the icon next to its name.

  4. Click Apply.

To delete a configured view

  1. From the Events list view, click View above the filters.
  2. Click Saved Views, and then click the icon next to the saved view you want to delete.
  3. A Settings Delete dialog box opens to confirm the deletion.

  4. Click Accept.
  5. Important: The icon does not display if the view is selected.

Note: Only Manager and Analyst users can delete any configured view. You can only delete the views you have created in an Investigator role.

Predefined Views

USM Anywhere includes several predefined views of events based on usual environments and technologies. These views have pre-defined column headers that show the most relevant event fields. You can see a summarized event view without having to spend the time creating a custom view.

These predefined views operate the same way as the views you can create yourself. Some of these views have also predefined filters.

To open the predefined views

  1. Go to Activity > Events.
  2. Open the View option and select Saved Views.

    Saved Views

  3. Select a view and click Apply.

Predefined Views for Events

View Meaning
LevelBlue Generic Plugin Displays log data when the USM Anywhere Sensor is unable to match them with BlueApps based on hints and manual associations.
AWS Cloud Activity Displays the most relevant event fields for AWS Suite of cloud computing services from Amazon that make up an on-demand computing platform.CloudTrail AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., AWS S3 Access, and ELB Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. Access.
Azure Cloud The use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Activity Displays the most relevant event fields for Azure Microsoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. environmental logs.
Firewall Events Displays the most relevant fields for firewall Virtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. events. For instance request URL, source username, destination username, etc. depending on the set of fields that is most common to the list of supported firewall BlueApps.
Linux Events Displays the most relevant fields for Linux Events generated by the Linux CRON, SSH Program to securely log into another computer over a network, execute commands in a remote machine, and move files from one machine to another through Secure Copy (SCP)., and SUDO A program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. BlueApps.
Network IDS Displays the most relevant event fields for NIDS Network Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices..
Open Threat Exchange Displays the most relevant feeds that the pulse has matched.
Web Server Events Displays the most relevant fields for Web Server Events, which include Apache, NGinx, and Windows IIS.
Windows Events

Displays the most relevant fields for Windows Events forwarded by NXLog.