Filtering Alarms in List View

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Both a high-level overview and a detailed look at individual alarm types, the List View lets you filter alarms by one of two methods:

Filtering Alarms, Using the Alarm Graph

Alarms in the graph appear correlated by intent, based on the Cyber Kill Chain model.

Blue bubbles of varying sizes indicate the relative number of alarms generated among your assets on each day within a 31-day period.

To expose the Alarm Graph

  1. On the Alarms page, look for the label Show Alarm Graph on the far right of the Search and Filter section.
  2. Click No.

    This toggles the Alarm Graph to Yes and the Alarm Graph appears.

  3. Hover over one of the bubbles to get more details.

    Each bubble represents the alarms of a specific intent for a three-hour period of one day in a 31-day cycle. Each exposes the following details:

    • Time span in three-hour increments.
    • Number of alarms.
    • Top five strategies among these alarms, for example, spyware infection or worm infection.
  4. Click one of the bubbles.

    Now the Alarms list appearing below the graph shows just the alarms of the type and window of time you selected.

    You can click on any of the alarms to see the event that triggered it. See Review Security Events.

    Filtering by Intent

To hide the Alarm Graph from view

  • Go to the Show Alarm Graph toggle (shown) and click the Yes default to toggle the setting to No.

    The Alarm Graph now no longer displays.

  • When you want to see it again, just toggle No to Yes.

Using Specific Search and Filter Criteria for Alarms

You can use the Search and Filter area of the Alarms page to search for specific alarms, based on the following criteria:

Note: At this time, USM Appliance does not offer a filter for IP Reputation-based alarms. However, you can view these within the Alarms list, where they occur.

To filter for specific alarms

  1. In the Search and Filter section of the Alarm page, select your search criteria and click Search.

    Your search results appear in the Alarms List.

    Filtering alarms

  2. To see more details, click on one of the alarms (Reviewing Alarms as a List).

    Note: Hide closed alarms is selected by default.