 Role Availability
|
 Read-Only
|
 Analyst
|
Manager
|
USM Central includes the option of searching items of interest on the page. There are several filters displayed by default. You can either filter your search or enter what you are looking for in the search field.
You can configure more filters and change which filters to display by clicking the Configure Filters link located in the upper-left side of the page.
This table shows the filters displayed by default in the main System Events page.
| Filter Name | Meaning |
|---|---|
| Created during | Filter system events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. triggered in the last hour, last 24 hours, last 7 days, last 30 days, or last 90 days. You can also configure your own period of time by clicking the Custom Range option. This option enables you to customize a range. When you click Custom Range, a calendar opens. You can choose the first and last day to delimit your search by clicking the days on the calendar or entering the days directly. Then select the hours, minutes, and seconds by clicking the specific box. Finally, select AM or PM. |
| Event Name | Filter system events by the short, user-readable description of the system event. |
| Affected Resource | Filter system events by the email of the user that performed the action. For example, when user email@alienvault.com logs in, the source email is email@alienvault.com. |
| Source | Filter system events by the email of the user that the action is being performed on. For example, if user email@alienvault.com modifies or creates user new@alienvault.com, then the destination email is new@alienvault.com. |
| Source Address | Filter system events by IP address of the event or computer that it takes place on. |
| Event Outcome | Filter system events by the by how the action was: success and completed or failed. |
The number between brackets displayed by each filter indicates the number of items that matches the filter. You can also use the filter controls to provide a method of organizing your search and filtered results. These are the icons next to each filter title:
|
Sort the filters alphabetically. |
|
Sort the filters by the number of items that matches them. |
In the upper-left side of the page, you can see any filters you have applied. Remove filters by clicking the 
icon next to the filter. Or clear all filters by clicking Reset All Filters.
Note: When applying filters, the search uses the logical AND operator if the used filters are different. However, when the filter is of the same type, the search uses the logical OR.
Those filters that have more than ten options include a Filter Value search field for writing text and making the search easier.
Searching System Events by Using the Search Field
To search System Events using the search field
- Go to Settings > System Events.
- Enter your query in the search field.
- Click the
icon.
If you want to search for an exact phrase having two or more words, you need to put quotation marks around the words in the phrase. This includes email addresses (for example, "bob@mycompany.com").
Note: Wildcard characters are considered as literals.
The result of your search displays with the items identified.
Feedback