USM Central includes several filters displayed by default. These filters enable you to search for your items of interest. You can either filter your search, or enter what you are looking for in the search field, which is in the lower-left corner of the page.
If you want to analyze the data
- Go to
- Enter your query in the search field.
- Click the icon.
If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase. This includes email addresses (for example, "email@example.com").
Note: Keep in mind that wildcard characters are considered as literals.
The result of your search displays with the items identified.
You can use filters to delimit the number of alarms that are displayed in the alarm lists. Any active filters will be displayed at the top of the page. You can remove individual filters by clicking the Close icon () next to the filter, or you can clear all filters by clicking the Clear All Filters link. You can also save filter views to easily load up later. Your active filters will be used for reports exports.
|Created during||Identify alarmsAlarms provide notification of an event or sequence of events that require attention or investigation. triggered in the last hour, 24 hours, 7 days, 30 days, or 90 days. You can also configure your own period of time by clicking the icon. This option enables you to customize a range and narrow it to delimit your search per minutes and seconds.|
Filter suppressed alarms.
|Not Suppressed||Filter hiding suppressed alarms. The suppressed alarms are hidden by default.|
|Deployment||Filter alarms by the connected individual instances of USM Anywhere or USM Appliance.|
|Labels||Filter alarms by the applied labels. See Labeling the Alarms for more information.|
|Intent||Filter alarms by the purpose of the alarm. It can be Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, and System CompromiseState or indication that an intruder has bypassed security measures and gained unauthorized access to resources, installed malicious software, or modified existing software or configurations in an attempt to cause damage or steal information.. See
|Strategy||Filter alarms by the type of attack. See Strategy for more information.|
|Method||If known, filter alarms by the method of attack or infiltrationIndicator that specifies the method of attack that generated an alarm. For Open Threat Exchange® (OTX™) pulses, this method is the pulse name. associated with the indicator that generated the alarm. See Method for more information.|
|Sensors||Filter alarms by the associated USM Anywhere Sensor. See USM Anywhere Sensor Management for more information.|
The displayed number close to each filter between brackets indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. The icons below each filter box are
|Toggle the ability to select multiple values as an OR statement.|
|You can view and toggle between the currently filtered item, and other filtered items without the need to reset the search.|
|Toggle values with (0) matches.|
|Sort the information alphabetically.|
|Sort the filters by number of items that matches them.|
|Reset||Resets to the default values.|
Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR.
To search alarms using a filter
- Go to ALARMS.
Click on a filter.
The result of your search displays with alarms identified.
To save a filter configuration
- Go to ALARMS and select the filters you want to use in your saved view.
- Click the Save drop-down menu and click Save as.
- Type a name for the view and click Save. You can now load this view from the drop-down menu to the left of the Save button.
Note: If you have changed the configuration of the alarms columns, this configuration will be also saved together with the filter configuration. See Views
To add or delete filters from the Search & Filters area
- Go to ALARMS.
- Click the Configure Filters link at the bottom of the Search & Filters sidebar to open the Filters Configuration window.
- Click the arrow icons () and () to pass the items from the Available Filters and Selected Filters columns, then click Apply.