USM Central provides a centralized view of your system eventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall.. Go to Settings > System Events.
The system events page displays information on any events generated within your environment. On the left you can find the search and filters options. In the upper-left side of the page, you can see any filters you have applied, and you have the option to create and select different views of the system events. The main part of the page is the actual list of system events. Each row describes an individual system event.
If you want to analyze the data, you can maximize the screen and hide the filter pane. Click the icon to hide the filter pane. Click the icon to expand the filter pane.
Note: By default, the list will display all System Events created during the last 24 hours.
The following table displays the list of the default columns found in the List view.
|Column Field Name||Description|
|Event Name||Name of the event.|
|Time Created||The date and time of the creation of the event. The displayed date depends on your computer's time zone.|
IP address of the event or computer that it takes place on.
|Source||Email of the user that the action is being performed on. For example, if user firstname.lastname@example.org modifies or creates user email@example.com, then the destination email is firstname.lastname@example.org.|
|Affected Resource||Email of the user that performed the action. For example, when user email@example.com logs in, the source email is firstname.lastname@example.org.|
Indicates if the action was success and completed or if it failed.
It is a small description of what was changed in the system event.
It only gets populated for certain actions and indicates what is being changed. Most of these are user changes (for example, when a user is suspended, a locked status is reset, MFAA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence. is enabled or disabled, or a password is updated.
Click the icon to bookmark an item for quick access.
You can choose the number of items to display by selecting 20, 50, or 100 below the table.