Applies to Product:

USM Appliance™

AlienVault OSSIM®

AlienVault USM Appliance includes hundreds of predefined reports to keep you informed about assets, level of compliance, alarms, and security events in your organization. Starting from USM Appliance version 5.2, AlienVault delivers new reports in threat intelligence updates instead of platform updates, allowing for more frequent updates and improvements on USM Appliance reports. See List of USM Appliance Reports for a complete list of reports.

Report Categories

USM Appliance groups reports into different categories for easy access. The following table summarizes the categories.

USM Appliance report categories

Report Categories	Description
Alarms	Reports on top alarms, top attackers, top attacked hosts, and top destination ports.
Assets	Reports on assets, including asset properties, vulnerabilities, events, alarms, and raw logs for selected assets.
Compliance	Reports on various compliance regulations, including FISMA, HIPAA, ISO 27001, PCI 2.0, PCI 3.0, PCI DSS 3.1, and SOX. These reports display information such as events, alarms, and asset, and map them to compliance requirements.
Raw Logs	Reports on raw logs from different sources, such as firewalls, IDS/IPS systems, mail security devices, and antivirus applications.
Security Events	Reports on security events from different sources, such as events coming from firewalls, IDS/IPS systems, mail security devices, and anti-virus applications. In USM Appliance version 5.2, reports on OTX pulses and OTXIP reputation are also included.
Security Operations	Reports on security operations including tickets, top alarms, and top security events.
Tickets	Reports on tickets opened on events, alarms, metric, vulnerabilities, and anomalies.
User Activity	Report on user activity in the USM Appliance web interface.
Custom Reports	User customized reports including cloned reports and the custom security events or custom raw logs reports.

Report Modules

The USM Appliance reports consist of two basic components:

• A module defines queries to the database or file system, in order to retrieve the data necessary for table and graph generation.

• A layout defines the graphical aspects of a report, such as logo, header and footer, and color scheme.

You can generate reports based on a combination of several modules and a single layout. By default, USM Appliance contains more than 2,600 modules and one basic layout.

The USM Appliance organizes the report modules into categories. Go to Reports > All Reports > Modules and expand the categories by clicking the green plus sign (+) next to the category name. You can further extend each subcategory, eventually reaching an individual event category in the module.