| Column Field Name | Description |
|---|---|
| Alarm Summary | It displays several fields, which are the type of attack, the method of attack, and how long the alarm happened in the past. |
| Priority | Impact of the detected attack. It can be Low, Medium, or High. See Priority Field for Alarms for more information. |
| Alarm Status | Status applied to the alarm. By default, it can be Open, In Review, and Closed. See Alarm Status for more information. The alarms that have the status “Closed” are not displayed in the list. |
| Sources | Hostname or IP address of the source, (including a national flag icon if the country is known) for an event creating the alarm. |
| Destinations | Hostname or IP address of the destination, (including a national flag icon if the country is known) that received the events generating the alarm. |
| Source Users | Name of the user entity that was the source for an event creating the alarm. |
| Destination Users | Name of the user entity that was the destination of an event creating the alarm. |
| Investigations | Identification (ID) of the investigation associated to the alarm. See Adding an Alarm to an Investigation and USM Anywhere Investigations for more information. |
| Sensors | The name associated with the alarm. The type of sensor is also displayed below the sensor name. |
| Labels | Labels applied to the alarm. By default, it can be In Progress, False Positive, Open, and Closed. You can create and manage labels. See Labeling the Alarms for more information. |
- Remove Alarm Labels: This button displays if there are labels associated to any alarm. Use this button to remove a label or labels from an alarm. See Labeling the Alarms for more information.
- Apply Labels: You can add a label to an alarm, which enables you to have classified alarms. See Labeling the Alarms for more information.
- Add To Investigation: You can create an investigation for an alarm or associate an investigation to an alarm. See Adding an Alarm to an Investigation and USM Anywhere Investigations for more information.
- Alarm Status: You can add a status to an alarm. See Alarm Status for more information.
) if the asset is not in the system, or blue (
) if the asset has been added to the system.
Click the gray chevron icon () to access the following options. Your access to these options may vary based on your user role. See Role-Based Access Control (RBAC) in USM Anywhere for more information:
- Add to current filter: Use this option to add the asset name as a search filter. See Searching Events for more information.
- Find in events: Use this option to execute a search of the asset name in the Events page. See Searching Events for more information.
- Look up in OTX: This option searches the IP address of the source asset in the LevelBlue LevelBlue Labs Open Threat Exchange® (OTX™) page. See Using OTX in USM Anywhere for more information.
- Add asset to system: Use this option to create the asset in the system. See Adding Assets for more information.
) to access the following options. Your access to these options may vary based on your user role. See Role-Based Access Control (RBAC) in USM Anywhere for more information:
- Add to Current Filter: Use this option to add the asset name as a search filter. See Searching Events for more information.
- Find in Events: Use this option to execute a search of the asset name in the Events page. See Searching Events for more information.
- Look up in OTX: This option searches the IP address of the asset in the OTX page. See Using OTX in USM Anywhere for more information.
- Full Details: See Viewing Assets Details for more information.
- Configure Asset: See Editing Assets for more information.
- Delete Asset: See Deleting the Assets for more information.
- Assign Credentials: See Managing Credentials in USM Anywhere for more information.
- Authenticated Scan: This option displays depending on the USM Anywhere Sensor associated with the asset. See Running Authenticated Asset Scans for more information.
- Scan with BlueApp: This option enables you to run an asset scan through an BlueApp. See Running Asset Scans Using a BlueApp for more information.
- Configuration Issues: This option opens the Assets Details page. The Configuration Issues tab is selected in the page. See Viewing Assets Details for more information.
- Vulnerabilities: This option opens the Assets Details page. The Vulnerabilities tab is selected in the page. See Viewing Assets Details for more information.
- Alarms: This option opens the Assets Details page. The Alarms tab is selected in the page. See Viewing Assets Details for more information.
- : This option opens the Assets Details page. The Events tab is selected in the page. See Viewing Assets Details for more information.
icon to change the graph to a Count/Time, MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) or Alarms Strategies by Intent view. See Alarms List View for more information.
Click the 
icon to bookmark an item for quick access.
You can view your bookmarked items by going to the secondary menu and clicking the icon. This will display all of your bookmarked items and provide direct links to each of them.
icon. This will display all of your bookmarked items and provide direct links to each of them.
icon to filter your search by row fields. See Filtering Alarms by Row Fields for more information.
You can choose the number of items to display by selecting 20, 50, or 100 below the table. You can classify some columns by clicking the icons to the right side of the heading. You can sort the item information in ascending or descending order.