Skip to main content
After the basic installation and configuration of your USM Anywhere system is completed, you can use the USM Anywhere web UI to verify that it is operating properly. The following process describes tasks you can perform to verify basic operations, also walking you through information available from the primary menu options.
  1. When you first launch the USM Anywhere web UI, it displays the main dashboards page. This high-level view of summary information shows the overall state of your network, so you can get an immediate indication of the levels of events and alarms occurring in your environment.
  2. Confirm that security events are being collected, and populating the USM Anywhere correctly. To see events, go to Activity > Events. On this page, any normalized log event, or any other event received or generated by any USM Anywhere Sensor at the application, system, or network level, will show in the display, unless a suppression event has filtered it out. You can also search for and filter out specific events using time ranges and other search criteria. Click a specific event row to display additional information for the selected event, in a dialog box. You can view and examine full details about an event, in a full browser window, by clicking the event, and then clicking Full Detail. Use this link to see all the information about the event such as the details of the events, the related assets, the source and destination IP addresses, and the log of the event.
  3. Confirm that USM Anywhere is creating alarms and the alarms are displaying correctly. The USM Anywhere generates alarms from correlation rules. To see alarms in your system, go to Activity > Alarms. By default, the middle portion of the page provides a graphical representation of current alarms being generated in your environment. Blue circles indicate the number of alarms in a category that are displaying at a particular time. A bigger circle indicates a higher number of alarms. Alarms are prioritized by categories that reflect typical methods used by attackers. See Viewing Alarm Details for more information on alarm categorization. You can also search for and filter out specific alarms using time ranges and other search criteria. Click a specific alarm row to display additional information for the selected alarm, in a dialog box. You can view and examine full details about an alarm, in a full browser window, by clicking the alarm, and then clicking Full Detail. Use this link to see all the information about the alarm such as the events that triggered the alarms, source and destination IP addresses, and the recommended actions to be done.
I