USM Appliance Reports

Applies to Product: USM Appliance™ LevelBlue OSSIM®

LevelBlue USM Appliance includes hundreds of predefined reports to keep you informed about assets, level of compliance, alarms, and security events in your organization. Starting from USM Appliance version 5.2, LevelBlue delivers new reports in threat intelligence updates instead of platform updates, allowing for more frequent updates and improvements on USM Appliance reports. See List of USM Appliance Reports for a complete list of reports.

Report Categories

USM Appliance groups reports into different categories for easy access. The following table summarizes the categories.

USM Appliance report categories

Report Categories



Reports on top alarms, top attackers, top attacked hosts, and top destination ports.


Reports on assets, including asset properties, vulnerabilities, events, alarms, and raw logs for selected assets.


Reports on various compliance regulations, including FISMA, HIPAA, ISO 27001, PCI 2.0, PCI 3.0, PCI DSS 3.1, and SOX. These reports display information such as events, alarms, and asset, and map them to compliance requirements.

Raw Logs

Reports on raw logs from different sources, such as firewalls, IDS/IPS systems, mail security devices, and antivirus applications.

Security Events

Reports on security events from different sources, such as events coming from firewalls, IDS/IPS systems, mail security devices, and anti-virus applications. In USM Appliance version 5.2, reports on OTX pulses and OTXIP reputation are also included.

Security Operations

Reports on security operations including tickets, top alarms, and top security events.


Reports on tickets opened on events, alarms, metric, vulnerabilities, and anomalies.

User Activity

Report on user activity in the USM Appliance web interface.

Custom Reports

User customized reports including cloned reports and the custom security events or custom raw logs reports.

Report Modules

The USM Appliance reports consist of two basic components:

  • A module defines queries to the database or file system, in order to retrieve the data necessary for table and graph generation.

  • A layout defines the graphical aspects of a report, such as logo, header and footer, and color scheme.

You can generate reports based on a combination of several modules and a single layout. By default, USM Appliance contains more than 2,600 modules and one basic layout.

The USM Appliance organizes the report modules into categories. Go to Reports > All Reports > Modules and expand the categories by clicking the green plus sign (+) next to the category name. You can further extend each subcategory, eventually reaching an individual event category in the module.

Modules Page with expanded category.