> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Alarms List View

<Icon icon="users" iconType="solid" /> Role Availability | ✔️ Read-Only ✔️ Investigator ✔️ Analyst ✔️ Manager

USM Anywhere provides a centralized view of your <Tooltip tip="Alarms provide notification of an event or sequence of events that require attention or investigation.">alarma</Tooltip>. Go to **Activity > Alarms** to see this centralized view.

<Note>
  You can watch the [Conducting Security Analysis with LevelBlue USM Anywhere](https://cybersecurity.att.com/customer-webcasts/conducting-security-analysis-with-alienvault-usm-anywhere) customer training webcast on-demand to learn how to leverage USM Anywhere to perform security analyst duties.
</Note>

The Alarms page displays information on alarms. These are the different parts of the Alarms page:

* On the left side of the page are the search and filters options. Use filters to delimit your search.
* At the top of the page, you can see any filters you have applied, and you have the option to create and select different views of the alarms.
* The main part of the page is the list of alarms, where each row describes an individual alarm. Click an alarm to open a summary view. See [Viewing Alarm Details](documentation/usm-anywhere/user-guide/alarms/viewing-alarms-details) for more information. Each alarm includes a checkbox that you can use to select it. You can select all alarms in the same page by clicking the checkbox in the first column of the header row. You can also select all the alarms in the system. See [Selecting Alarms in Alarm List View](documentation/usm-anywhere/user-guide/alarms/selecting-alarms) for more information.

<Warning>
  An alarm is created when USM Anywhere receives the event, which may appear later than the time when the event was created. You can verify by comparing the Time Created and Time Received field of an event.
</Warning>

## Refreshing the Page

USM Anywhere gives you the option of refreshing the page automatically in a period of time that you can configure. There is an auto-refresh countdown that refreshes the page at a regular interval. The number inside the blue circle indicates the remaining time until the next refresh. See [Select the Time for Auto-Refreshing the Alarms and Dashboard Pages](/documentation/usm-anywhere/user-guide/user-management/profile-settings#autorefresh) to configure this interval. You can click the <img src="https://mintcdn.com/levelblue-5324744e/DEYI83BQ3R80eHiB/images/usm-anywhere/refresh.svg?fit=max&auto=format&n=DEYI83BQ3R80eHiB&q=85&s=90039e58e6cfdcebbf1925ff136b04c6" className="inline m-0" width="20" height="20" data-path="images/usm-anywhere/refresh.svg" />  icon to stop the auto-refresh countdown and refresh the page manually.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/ElsAVGG4IM3pFRzT/images/usm-anywhere/autorefresh.webp?fit=max&auto=format&n=ElsAVGG4IM3pFRzT&q=85&s=1c41f42cdda183db5bd67d2cb018356f" alt="" width="858" height="391" data-path="images/usm-anywhere/autorefresh.webp" />
</Frame>

## Alarm Summary Graph

The graph at the top of the Alarms page provides a graphical representation of alarms by intent. The blue circles indicate the number of times that an alarm in an intent occurred. A bigger circle indicates a higher number of alarms. You can hover over each of the circles to get the actual number of alarms per intent. In addition, clicking a blue circle displays a list of only the alarms corresponding to that circle. You can change the displayed period of time by clicking the **Last 24 Hours** filter.

Alarms graphed by intent are sorted into five different categories, which are represented by the graphic icons in the display:

* Delivery & Attack (<img src="https://mintcdn.com/levelblue-5324744e/GNGLtzTJDb-V7POm/images/usm-anywhere/delivery-attack.svg?fit=max&auto=format&n=GNGLtzTJDb-V7POm&q=85&s=85f95ac1eeaf0c3f26db0a341fb22a27" className="inline m-0" width="28" height="28" data-path="images/usm-anywhere/delivery-attack.svg" /> )
* Environmental Awareness (<img src="https://mintcdn.com/levelblue-5324744e/wKeMy9Eiakbdo8sr/images/usm-anywhere/environ-awareness.svg?fit=max&auto=format&n=wKeMy9Eiakbdo8sr&q=85&s=79cac4e2c6a971dd0bf96adbaa938f37" className="inline m-0" width="28" height="28" data-path="images/usm-anywhere/environ-awareness.svg" /> )
* Exploitation & Installation (<img src="https://mintcdn.com/levelblue-5324744e/7_UE4nawuffikKei/images/usm-anywhere/exploit-install.svg?fit=max&auto=format&n=7_UE4nawuffikKei&q=85&s=96fd583217de6dad269fdc1057669af9" className="inline m-0" width="28" height="28" data-path="images/usm-anywhere/exploit-install.svg" /> )
* Reconnaissance & Probing (<img src="https://mintcdn.com/levelblue-5324744e/DEYI83BQ3R80eHiB/images/usm-anywhere/recon-probing.svg?fit=max&auto=format&n=DEYI83BQ3R80eHiB&q=85&s=f12120ed1fb4013b69d2afad8f6c5cd5" className="inline m-0" width="28" height="28" data-path="images/usm-anywhere/recon-probing.svg" /> )
* System Compromise (<img src="https://mintcdn.com/levelblue-5324744e/9HhQ6wK11ydctaHc/images/usm-anywhere/system-compromise.svg?fit=max&auto=format&n=9HhQ6wK11ydctaHc&q=85&s=72e72e654560d5fc9ac9eb19b60b936d" className="inline m-0" width="28" height="28" data-path="images/usm-anywhere/system-compromise.svg" /> )

If you want to analyze the data and see the additional columns without having to scroll left and right, you can maximize the screen and hide the filter pane. Click the <img src="https://mintcdn.com/levelblue-5324744e/9HhQ6wK11ydctaHc/images/usm-anywhere/to-close-filter-sidebar.svg?fit=max&auto=format&n=9HhQ6wK11ydctaHc&q=85&s=e4695936ded9952185006c91cbe05c8a" className="inline m-0" width="20" height="20" data-path="images/usm-anywhere/to-close-filter-sidebar.svg" />  icon to hide the filter pane. Click the <img src="https://mintcdn.com/levelblue-5324744e/FcyUlC8x9sXA5M24/images/usm-anywhere/to-open-filter-sidebar.svg?fit=max&auto=format&n=FcyUlC8x9sXA5M24&q=85&s=c2b9b8443065ea17eb723e6f8a8fb721" className="inline m-0" width="20" height="20" data-path="images/usm-anywhere/to-open-filter-sidebar.svg" />  icon to expand the filter pane.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/6YRWvQYX2vFHJpyA/images/usm-anywhere/alarmsgraph.webp?fit=max&auto=format&n=6YRWvQYX2vFHJpyA&q=85&s=c561effa96bf194051934d18e163b5f9" alt="" width="600" height="335" data-path="images/usm-anywhere/alarmsgraph.webp" />
</Frame>

Use the <img src="https://mintlify.s3.us-west-1.amazonaws.com/levelblue-5324744e/images/usm-anywhere" className="inline m-0" />  icon to change the alarms view.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/6YRWvQYX2vFHJpyA/images/usm-anywhere/alarmslinechart.webp?fit=max&auto=format&n=6YRWvQYX2vFHJpyA&q=85&s=4b9b9696be65ab239fd6c75c541679d5" alt="" width="835" height="260" data-path="images/usm-anywhere/alarmslinechart.webp" />
</Frame>

The <img src="https://mintlify.s3.us-west-1.amazonaws.com/levelblue-5324744e/images/usm-anywhere" className="inline m-0" />  icon accesses these options:

* Alarms by Intent: This view is a bubble graph that provides a graphical representation of alarms by intent.

* Count/Time: This view provides a graphical representation of the number of alarms in a period of time.

  <Warning>
    The period of time is mapped with the `timestamp_received` field. This field can be overwritten by the current sensor UTC timestamp if, when processing events, a delay is detected up to 15 minutes or the `timestamp_received` field is not provided.
  </Warning>

* **MITRE ATT\&CK**: The MITRE ATT\&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a framework for understanding attackers' behaviors and actions.

* **Alarm Strategies by Intent**: This view is a table that provides a representation of alarms strategies by intent.

## The MITRE ATT\&CK View

USM Anywhere and LevelBlue Labs™ Open Threat Exchange® (OTX™) include MITRE ATT\&CK information. The alarms view incorporates a table with tactics and techniques to describe adversarial actions and behaviors. Techniques are specific actions an attacker might take and tactics are phases of attacker behavior. This view includes the alarms mapping to their corresponding ATT\&CK techniques and helps you to understand the context and the scope of an attack. See [MITRE ATT\&CK](https://attack.mitre.org/) for more information.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mitreattck.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=64988f6c99729e0a372c1e363815ab28" alt="" width="863" height="233" data-path="images/usm-anywhere/mitreattck.webp" />
</Frame>

The headers of the table are the 11 ATT\&CK tactics, and each tactic has numerous techniques, which are the rows. The tooltips match the identification (ID) technique provided by MITRE ATT\&CK. Some techniques display in several tactics. If you click on one of the techniques, the specific filters are added and the list shows the result.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/JttNYaikKbN1las-/images/usm-anywhere/mitreattckfilters.webp?fit=max&auto=format&n=JttNYaikKbN1las-&q=85&s=78ae82344d0fc3a3147c9beb98f06aa2" alt="" width="2224" height="784" data-path="images/usm-anywhere/mitreattckfilters.webp" />
</Frame>

USM Anywhere includes the [MITRE ATT\&CK Dashboard](https://cybersecurity.att.com/documentation/usm-anywhere/user-guide/dashboards/mitre-att-ck.htm) to display MITRE ATT\&CK information.

## The Alarm Strategies by Intent View

The Alarm Strategies by Intent view displays a table that lists the purposes of the alarm. The table headers represent the intent of the alarms. The table rows display the strategies.

<Frame>
  <img src="https://mintcdn.com/levelblue-5324744e/6YRWvQYX2vFHJpyA/images/usm-anywhere/alarmstrategiesbyintent.webp?fit=max&auto=format&n=6YRWvQYX2vFHJpyA&q=85&s=3a7150814a7460b88c3f9e6f2b58fd23" alt="" width="873" height="528" data-path="images/usm-anywhere/alarmstrategiesbyintent.webp" />
</Frame>