> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Alarms Management

An <Tooltip tip="Alarms provide notification of an event or sequence of events that require attention or investigation.">alarm</Tooltip> in USM Anywhere consists of one or more <Tooltip tip="Any traffic or data exchange detected by LevelBlue products through a sensor or external devices such as a firewall.">events</Tooltip>, based on one of the following:

* One or more rules performed by the <Tooltip tip="Used in systems management tools to aggregate, normalize, and analyze event log data, using predictive analytics and fuzzy logic to alert the systems administrator when there is a problem.">correlation engine</Tooltip> of USM Anywhere, which analyzes these events for behavioral patterns. These rules look at and connect events to assess their priority and reliability. When the engine identifies a pattern, it generates an alarm, which requires attention and investigation. See [Correlation Rules](/documentation/usm-anywhere/user-guide/rules-management/correlation-rules) for more information.

  <Warning>
    The "Suspicious Behavior - OTX Indicators of Compromise" correlation rule generates alarms if the pulse comes from the LevelBlue OTX account.
  </Warning>
* One orchestration rule, which is designed to raise an alarm when a particular type of event is found. See [Orchestration Rules](/documentation/usm-anywhere/user-guide/rules-management/orchestration-rules) for more information.

<Note>
  USM Anywhere stores 10 of the events which have generated the alarm, for 365 days. If the alarm was generated by more than 10 events, USM Anywhere stores the first and the last 9 events. Alarms themselves are stored for 365 days.
</Note>

USM Anywhere enables you to drive <Tooltip tip="In USM Anywhere you can execute an action from alarms, events, and vulnerabilities to run a scan, get forensic information, or execute a response for a configured BlueApp.">actions</Tooltip> in response to incoming alarms. Perhaps the most common action is sending an email to administrators to provide real-time <Tooltip tip="Communication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms.">notification</Tooltip> of a critical security incident. Each user can decide if they want to receive alarm notifications. See [Managing Your Profile Settings](/documentation/usm-anywhere/user-guide/user-management/profile-settings) for more information.

<Note>
  You can watch the [Conducting Security Analysis with LevelBlue USM Anywhere](https://cybersecurity.att.com/customer-webcasts/conducting-security-analysis-with-alienvault-usm-anywhere) customer training webcast on-demand to learn how to leverage USM Anywhere to perform security analyst duties.
</Note>

This topic discusses these subtopics:

* [Alarms List View](/documentation/usm-anywhere/user-guide/alarms/alarms-list-view)
  * [Columns within List Views](/documentation/usm-anywhere/user-guide/alarms/alarms-list-columns)
  * [Configuring Columns within List View](/documentation/usm-anywhere/user-guide/alarms/alarms-list-conf-columns)
  * [Priority Field for Alarms](/documentation/usm-anywhere/user-guide/alarms/alarms-list-priority-field)
  * [Alarms Views](/documentation/usm-anywhere/user-guide/alarms/views)
  * [Report Templates in Alarms](/documentation/usm-anywhere/user-guide/alarms/report-templates)
* [Selecting Alarms in Alarm List View](/documentation/usm-anywhere/user-guide/alarms/selecting-alarms)
* [Searching Alarms](/documentation/usm-anywhere/user-guide/alarms/searching-alarms)
  * [Searching Alarms by Using the Search Field](/documentation/usm-anywhere/user-guide/alarms/searching-box)
  * [Standard and Advanced Modes on Alarms](/documentation/usm-anywhere/user-guide/alarms/standard-advanced-modes)
  * [About the No Value Option](/documentation/usm-anywhere/user-guide/alarms/no-value)
* [Viewing Alarm Details](/documentation/usm-anywhere/user-guide/alarms/viewing-alarms-details)
  * [Applying Actions to Alarms](/documentation/usm-anywhere/user-guide/alarms/actions-to-alarms)
  * [Creating Rules from Alarms](/documentation/usm-anywhere/user-guide/alarms/creating-rules-from-alarms.htm?TocPath=Documentation%7CUSM%20Anywhere%E2%84%A2%7CUSM%20Anywhere%20User%20Guide%7CAlarms%20Management%7CViewing%20Alarm%20Details%7CCreating%20Rules%20from%20Alarms%7C_____0)
  * [Adding an Alarm to an Investigation](/documentation/usm-anywhere/user-guide/alarms/investigation)
  * [Searching Events from the Details of an Alarm](/documentation/usm-anywhere/user-guide/alarms/searching-details-alarms)
* [Labeling the Alarms](/documentation/usm-anywhere/user-guide/alarms/labeling-alarms)
* [Alarm Status](/documentation/usm-anywhere/user-guide/alarms/alarms-status)
* [Create an Alarms Report](/documentation/usm-anywhere/user-guide/alarms/exporting-alarms)
* [Alarms Settings](/documentation/usm-anywhere/user-guide/alarms/alarms-settings)