USM Central™

View Alarm Details

The alarmAlarms provide notification of an event or sequence of events that require attention or investigation. details view provides in-depth information on an alarm and provides easy access to the alarm within the related deployment. When you use this feature to access the alarm at the deployment level, you can perform further investigation, as well as create associated rules for that deployment based on characteristics of the alarm.

To view the details of an alarm

  1. Go to Alarms.
  2. Click the alarm to display its details.
  3. Details of an Alarm

    Click the icon to bookmark an item for quick access. Clicking the icon on the secondary menu shows the bookmarked items and provides links to them.

    Not all alarms found during monitoringProcess of collecting all device status and event information and processing normalized events for evidence of vulnerabilities, possible attacks, and other malicious activity. are necessary in managing your environment because they do not pose a security threat. Frequently, there are alarms that create a noisy environment, making it difficult to monitor other alarms that require more attention. You can identify these alarms and suppress them by using a rule.

    The alarms details page includes alarm management functions that are supported for your assigned user roleTasks and responsibilities based on job description and position within an organization. A user's role is often used to define access to functionality and privileges to perform specific tasks and operations.:

    • Alarm Status: This field indicates the status for the alarm: open, in review, or closed. See Alarm Status for more information.
    • Apply Label: This field indicates if the alarm has been classified by using a label. You can click the icon to manage the labels of the alarm. See Labeling the Alarms for more information.
    • HTTP Hostname: If the alarm includes this field, you can search for events by using it. See Searching Events from the Details of an Alarm for more information.
    • DNS RR Name: If the alarm includes this field, you can search for events by using it. See Searching Events from the Details of an Alarm for more information.

    To investigate the alarm in its specific deployment environment, click the link in the Deployment field.

    Below the alarm details, you can see the source, the destination, the associated alarm if it exists, the associated eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall., a description, and, in the case of an alarm with a high priority, a recommendation to fix the problem.

    Your environment can have sources and destinations included in the inventory and those not included in the inventory. Assets included in the inventory display their names in blue, and assets not included in the inventory display their names in gray.

    The icon located next to the asset enables you to access these options:

    • Add to current filter: Use this option to add the asset name as a search filter.
    • Look up in OTX: This option searches the IP address of the source asset in the Open Threat Exchange page. See Using OTX in USM Anywhere for more information.
    • Full Details: See Viewing Assets Details for more information.

    The icon located next to the asset enables you to access these options:

    • Add to current filter: Use this option to add the asset name as a search filter.
    • Look up in OTX: This option searches the IP address of the source asset in the Open Threat Exchange page. See Using OTX in USM Anywhere for more information.
  4. Click the link of an associated event to open its details page. The Associated Events list displays all events associated with the alarm.
  5. In the upper right corner, click the previous and next buttons to navigate between items.
  6. Click the icon to close the dialog box.
  7. Click the alarm title to expand its details.
  8. Click Generate Report button to open the Configure Report dialog box. See Create Alarms Report for more information.