System Events Management

An event Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. is a record of activity that contains information and resides in a log file. USM Anywhere collects, normalizes, and enriches logs with additional metadata Information about other associated data, used to help organize information, provide identification, support archiving of data, and other functions., which are called events.

USM Anywhere enables you to display system events. These events are any events generated within your environment. They are not actions In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. associated with any of the monitored assets Asset from which logs and other system status and event information is collected and processed. or networks collected by your environment. For instance, the system generates a system event when an asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers., a user, or a node is created, updated, or deleted or when you modify your multifactor authentication (MFA A method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.) subscription.

This topic discusses these subtopics: