AlienVault® USM Anywhere™

Event Views

Role Availability Read-Only Analyst Manager

To create a view configuration

  1. From the Events list view, click the icon.
  2. Use the and icons to pass the items from one column to another and select the columns you want to see.
  3. Click Apply.
  4. If you want to delimit the search, select the filters you want to apply.
  5. Select Save View > Save as.

    Views dialog vox

  6. Enter a name for the view.
  7. Select Share View if you want to share your view with other users.
  8. Click Save.
  9. The created view is already selected.

To select a configured view

  1. From the Events list view, click View above the filters.
  2. Click Saved views and select the view you want to see.
  3. Note: A shared view includes the icon next to its name.

  4. Click Apply.

To delete a configured view

  1. From the Events list view, click View above the filters.
  2. Click Saved views and click the icon next to the saved view you want to delete.
  3. A dialog box displays to confirm the deletion.

    Note: You can delete the views you have created.

  4. Click Accept.
  5. Important: The icon does not display if the view is selected.

Predefined Views

USM Anywhere includes several predefined views of events based on usual environments and technologies. These views have pre-defined column headers that show the most relevant event fields. You can see a summarized event view without having to spend the time creating a custom view.

These predefined views operate the same way as the views you can create yourself. Some of these views have also predefined filters.

These views are available under the Activity option of the primary menu.

Events Menu

Predefined Views for Events

View Meaning
Azure CloudThe use of many computers connected over a network to run multiple programs or applications at the same time, instead of running them on a local device or network. Activity Displays the most relevant event fields for AzureMicrosoft Azure is a cloud computing platform and infrastructure created by Microsoft for building, deploying, and managing applications and services through a global network of Microsoft-managed data centers. environmental logs.
AWS Cloud Activity Displays the most relevant event fields for AWS Suite of cloud computing services from Amazon that make up an on-demand computing platform.CloudTrailAWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you., AWS S3 Access, and ELBElastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances in the cloud. Access.
Firewall Events Displays the most relevant fields for firewallVirtual or physical device designed to defend against unauthorized access to data, resources, or a private network. A firewall’s primary purpose is to create segregation between two or more network resources, blocking undesirable traffic between them. events. For instance request URL, source username, destination username, etc. depending on the set of fields that is most common to the list of supported firewall pluginsIntegrations specify how to collect and normalize raw information from devices to create events that can then be analyzed to determine threats and vulnerabilities..
AlienVault Generic Plugin Displays log data when the USM Anywhere Sensor is unable to match them with plugins based on hints and manual associations.
Linux Events Displays the most relevant fields for Linux Events generated by the Linux CRON, SSHProgram to securely log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another through Secure Copy (SCP)., and SUDOA program for UNIX-like computer operating systems that allows users to run programs with the security privileges of another user, by default the superuser. plugins.
Network IDS Displays the most relevant event fields for NIDSNetwork Intrusion Dectection System (NIDS) monitors network traffic and events for suspicious or malicious activity using the sensors that provide management and network monitoring interfaces to networks and network devices..
Open Threat Exchange Displays the most relevant feeds that the pulse has matched.
Web Server Events Displays the most relevant fields for Web Server Events, which include Apache, NGinx, and Windows IIS.
Windows Events

Displays the most relevant fields for Windows Events forwarded by NXLog.