Professional Documents
Culture Documents
S O LU T I O N B R I E F
In addition to predefined reports, USM Anywhere gives you powerful security investigation capabilities at your finger
tips. Its intuitive and flexible interface allows you to quickly search and analyze your security data, plus you can create
and save custom views and export them as executive-ready reports. Because USM Anywhere gives you centralized
visibility of all your cloud and on-premises assets, vulnerabilities, threats, and log data from your firewalls and other
security tools, you have the most complete and contextual data set at your disposal.
This data sheet describes the predefined reports available in USM Anywhere. It also describes search and analytics
capabilities in USM Anywhere that empower you to quickly produce your own custom reports.
USM Anywhere delivers the following set of predefined compliance reports that map directly to common regulatory
compliance requirements and frameworks, so you can quickly and easily provide evidence of compliance during your
next audit.
In addition, you can easily customize any of the predefined compliance reports in USM Anywhere, adding dynamic
graphs and charts to create a professional, executive-ready report.
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
1
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
PCI DSS
In USM Anywhere™, once you define the PCI Asset Group—the servers, applications, and storage entities across your
environment that are considered in-scope of a PCI DSS card-holder data environment (CDE)—then, you can readily
view, export, and customize the following predefined reports.
PCI DSS
ALIENVAULT USM ANYWHERE REPORT
REQUIREMENT
Summary of USM Anywhere hot and cold storage. Audit trail history for 12 months; three 10.7.a
months for immediate analysis
Changes, additions, or deletions to any account by a root user on Linux systems 10.2.5.c
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
2
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
HIPAA
In USM Anywhere™, once you define your HIPAA Asset Group—the part of your environment that touches protected
health information (PHI) data—then you can readily view, export, and customize the following predefined reports.
Demonstrate that ePHI has not been altered, modified, or destroyed in an unauthorized §164.312(c)(1)
manner — Windows
Demonstrate that ePHI has not been altered, modified, or destroyed in an unauthorized §164.312(c)(1)
manner — Linux
Does your practice have policies and procedures establishing retention requirements for §164.312(b)
audit purposes?
Does your practice analyze the activities performed by all of its workforce and service §164.312 (a)(1)
providers to identify the extent to which each needs access to ePHI?
Does your practice categorize its information systems based on the potential impact to your §164.308(a)(1)(ii)(A)
practice should they become unavailable?
Asset Management
Physical devices and systems within the organization are inventoried ID.AM-1
Resources (e.g., hardware, devices, data, and software) are prioritized based on their ID.AM-5
classification, criticality, and business value
Risk Assessment
Threat and vulnerability information is received from information sharing forums and ID.RA-2
sources
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
3
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
Access Control
Identities and credentials are managed for authorized devices and users PR.AC-1
Protective Technology
Detected events are analyzed to understand attack targets and method DE.AE-2
Event data are aggregated and correlated from multiple sources DE.AE-3
Detection Processes
Analysis
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
4
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
ISO 27001
Out of the box, USM Anywhere includes pre-built compliance reporting templates that map to multiple ISO 27001
requirements, making it fast and simple to review the state of your deployed technical controls and help satisfy
requests during an audit. You can easily customize, save, and export any report as needed.
The ISO 27001 reporting templates in USM Anywhere can also serve as general guidelines as you prepare to satisfy
the requirements of industry standards and regulations like the European Union’s GDPR, or in gaining ISO 27001
certification. Because ISO 27001 serves as a globally accepted framework for information security management, it can
be helpful in demonstrating how you manage your cyber security and compliance program.
Appropriate contacts with special interest groups or other specialist security A.6.1.4
forums and professional associations shall be maintained.
Inventory of assets
Assets associated with information and information processing facilities shall be A.8.1.1
identified and an inventory of these assets shall be drawn up and maintained.
Ownership of assets
Classification of information
Information shall be classified in terms of legal requirements, value, criticality, and A.8.2.1
sensitivity to unauthorised disclosure or modification.
Labeling of information
An appropriate set of procedures for information labeling shall be developed and A.8.2.2
implemented in accordance with the information classification scheme adopted by
the organization.
Security shall be applied to off-site assets, taking into account the different risks of A.11.2.6
working outside the organization’s premises.
Detection, prevention, and recovery controls to protect against malware shall be A.12.2.1
implemented, combined with appropriate user awareness.
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
5
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
Event logging
Event logs recording user activities, exceptions, faults, and information security A.12.4.1
events shall be produced, kept, and regularly reviewed.
Logging facilities and log information shall be protected against tampering and A.12.4.2
unauthorized access.
Logging facilities and log information shall be protected against tampering and A.12.4.2
unauthorized access.
Information security events shall be assessed and it shall be decided if they are to A.16.1.4
be classified as information security incidents.
Managers shall regularly review the compliance of information processing and A.18.2.2
procedures within their area of responsibility with the appropriate security
policies, standards, and any other security requirements.
Information systems shall be regularly reviewed for compliance with the A.18.2.3
organization’s information security policies and standards.
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
6
S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™
AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
7
DATA S H E E T: S I M P LI F Y R E P O R T I N G W I T H A LI E N VAU LT ® U S M A N Y W H E R E ™
Custom Reports
With AlienVault® USM Anywhere™, you can easily create custom reports as you need.
USM Anywhere’s powerful log management capabilities give you a highly efficient way to search, filter, and analyze
your security-related data. From either the Events or Alarms views, you can filter the view by any data field or time
frame or by entering your own search phrase. Because USM Anywhere stores your recent log and event data within
its Elasticsearch hot storage, you can be assured that your search results generate extraordinarily fast.
In your filtered (or “custom”) data view, you can drill down to view the details of any event or alarm to investigate it.
You can select the data fields you want to display, and adjust the order in which they appear in the custom list view.
And, you can sort the list based on key data fields, such as time created.
When you finish building the custom view that best suits your needs, you can click to save the custom data view for
quick and continued access. For example, you may wish to save a custom data view that shows all login activities of a
flagged suspicious user, so that you can review it daily.
You also have the option to export any predefined or custom data view in an HTML or CSV format, with options to
define the report name and description, date range, number of records, and more. You can select from several rich
predefined graphs to add visual elements to your data, perfect for analyzing trends or presenting an executive-level
summary.
About AlienVault
AlienVault has simplified the way organizations detect and respond to today’s ever-evolving threat
landscape. Our unique and award-winning approach, trusted by thousands of customers, combines
the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with
the power of AlienVault’s Open Threat Exchange®, the world’s largest crowd-sourced threat intelligence
community, making effective and affordable threat detection attainable for resource-constrained IT teams.
AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital,
Kleiner Perkins Caufield & Byers, Institutional Venture Partners, GGV Capital, Intel Capital, Jackson Square
Ventures, Adara Venture Partners, Top Tier Capital and Correlation Ventures.