USM Central's Alarms page provides an overview of alarms triggered within connected deployments of USM Anywhere and USM Appliance. Here you can review all alarm activity, view only a select number of deployment alarms, or filter the alarms by specific details.

The Alarms page displays information on alarms. These are the different parts of the Alarms page:

• On the left side of the page are the search and filters options. Use filters to delimit your search.
• At the top of the page, you can see any filters you have applied, and you have the option to create and select different views of the alarms.
• The main part of the page is the list of alarms, where each row describes an individual alarm. Click an alarm to open a summary view. See Viewing Alarm Details for more information. Each alarm includes a check box that you can use to select it. You can select all alarms in the same page by clicking the check box in the first column of the header row. You can also select all the alarms in the system. See Selecting Alarms in Alarm List View for more information.

If you want to analyze the data, you can maximize the screen and hide the filter pane. Click the icon to hide the filter pane. Click the icon to expand the filter pane.

Refreshing the page

USM Central gives you the option of refreshing the page automatically in a period of time that you can configure.

Following the name of the view, you can click the icon to stop the auto-refresh countdown and refresh the page manually.

There is an auto-refresh countdown that refreshes the page at a regular interval. The number inside the blue circle indicates the remaining time until the next refresh. See Managing Your Profile Settings to configure this interval.

To enable the auto refresh option

1. At the bottom of the expanded pane of the USM Central web user interface (UI), hover over the profile settings options, and select Profile.

2. Click the Alarms Auto Refresh field and select Every 15 Minutes, Every 30 Minutes, Every Hour, or Every 2 Hours. Select is Disabled if you don't want the alarms to automatically refresh.

   

3. Click Save.

Alarm by Intent Graph

The Alarms by Intent graph in the middle of the page provides a graphical representation of alarms by intent. Blue circles indicate the number of times that an alarm in an intent showed. A bigger circle indicates a higher number of alarms. You can hover over each of the circles to get the actual number of different types of intent. In addition, if you click any of the blue circles, they display only the alarms corresponding to that circle. You can change the displayed period of time by clicking the Last 24 Hours filter.

Alarms graphed by intent are sorted into five different categories, which are represented by the graphic icons in the display:

• Delivery & Attack ()
• Environmental Awareness ()
• Exploitation & Installation ()
• Reconnaissance & Probing ()
• System Compromise State or indication that an intruder has bypassed security measures and gained unauthorized access to resources, installed malicious software, or modified existing software or configurations in an attempt to cause damage or steal information. ()

If you want to analyze the data and see the additional columns without having to scroll left and right, you can maximize the screen and hide the filter pane. Click the icon to hide the filter pane. Click the icon to expand the filter pane.

Use the icon to change the alarms view, which is by default, Alarms by Intent.