An eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. is a record of activity that contains information and resides in a log file. USM Anywhere collects, normalizes, and enriches logs with additional metadataInformation about other associated data, used to help organize information, provide identification, support archiving of data, and other functions., which are called events.

USM Anywhere enables you to display system events. These events are any events generated within your environment. They are not actionsIn USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured AlienApp. associated with any of the monitored assetsAsset from which logs and other system status and event information is collected and processed. or networks collected by your environment. For instance, the system generates a system event when an assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers., a user, or a node is created, updated, or deleted or when you modify your multifactor authentication (MFAA method of access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge, possession, and inherence.) subscription.

This topic discusses these subtopics: