For each alarm in the alarm columns list, USM Central displays useful information to help you determine the best response.
This is the list of the default columns in alarms:
|Column / Field Name||Description|
|Intent||Describes the attack pattern of indicators intruding on your system.|
|Strategy||Type of attack.|
|Method||If known, the method of attack or infiltration associated with the indicator that generated the alarm.|
|Deployment||Name of the deployment on which the alarm has been triggered.|
|Time Created||The date and time of the creation of the alarm. The displayed date depends on your computer's time zone.|
|OTX||Indicates if it is an AT&T Alien Labs™ Open Threat Exchange® (OTX™) alarm or not. If the icon is active, click it to go the OTX site.|
|Sources||HostnameA hostname is a label that is assigned to a device connected to a computer network and is used to identify the device on the network. or IP address of the source (with a national flag if the country is known) for an event creating the alarm.|
|Destinations||Hostname or IP address of the destination (with a national flag if the country is known) that received the events generating the alarm.|
|Labels||Labels applied to the alarm. By default, it can be In Progress, False Positive, Open, and Closed. The user can create and manage labels. See Labeling the Alarms for more information.|
|Sensors||SensorSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. name associated with the alarm.|
|Priority||Impact of the detected attack. Can be Low, Medium, or High. See Priority Field for Alarms for more information.|
From the list of alarms, you can click any individual alarm row to display more information on the selected alarm, including individual events that actually triggered the alarm. See View Alarm Details for more information.
To select an alarm, select the checkbox to the left of the alarm. You can select all alarms at the same time by selecting the first checkbox in the column. These buttons display when you select an alarm:
- Remove Alarm Labels: This button displays if there are labels associated to any alarm. Use this button to remove a label or labels from an alarm. See Labeling the Alarms for more information.
- Apply Labels: You can add a label to an alarm, which enables you to have classified alarms. See Labeling the Alarms for more information.
- Alarm Status: You can add a status to an alarm. See Alarm Status for more information.
See Differences between Statuses and Labels to distinguish between label and status.
The asset name includes a chevron icon that can be gray () if the asset is not in the system, or blue () if the asset has been added to the system.
Click the gray chevron icon () to access these options:
- Add to current filter: Use this option to add the asset name as a search filter. See Searching Events for more information.
- Look up in OTX: This option searches the IP address of the source asset in the AT&T Cybersecurity Alien Labs Open Threat Exchange® (OTX™) page. See Using OTX in USM Anywhere for more information.
Click the blue chevron icon () to access these options:
- Add to current filter: Use this option to add the asset name as a search filter.
- Look up in OTX: This option searches the IP address of the asset in the AT&T Cybersecurity Alien Labs Open Threat Exchange® (OTX™) page. See Using OTX in USM Anywhere for more information.
- Full Details: See Viewing Assets Details for more information.
You can configure the view you want for the list of alarms. See Alarms Views for more information.
Click Generate Report to export data. See Create Alarms Report for more details.
Click the icon to change the graph to a Count/Time or Alarms by Intent view. See Alarms List View for more information.
Click the icon to bookmark an item for quick access. Clicking the icon on the secondary menu shows the bookmarked items and provides links to them.
Click the icon to filter your search by row fields. See Searching Alarms for more information.
You can also sort items by selecting 20, 50, or 100 below the result table.