S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

S O LU T I O N B R I E F

Simplify Reporting with

AlienVault® USM Anywhere™

The reporting features in AlienVault® USM Anywhere™ make it fast and

simple to get the visibility you need to maintain a strong security posture
and to satisfy the reporting requirements of your compliance auditors,
your executives, and your Board of Directors.
USM Anywhere delivers a comprehensive library of predefined report templates for PCI DSS, HIPAA, NIST CSF, and
ISO 27001, so you can accelerate your security and compliance programs and be audit-ready faster. It also includes
50+ predefined event reports by data source and data source type, helping to make your daily monitoring and
reporting activities more efficient.

In addition to predefined reports, USM Anywhere gives you powerful security investigation capabilities at your finger
tips. Its intuitive and flexible interface allows you to quickly search and analyze your security data, plus you can create
and save custom views and export them as executive-ready reports. Because USM Anywhere gives you centralized
visibility of all your cloud and on-premises assets, vulnerabilities, threats, and log data from your firewalls and other
security tools, you have the most complete and contextual data set at your disposal.

This data sheet describes the predefined reports available in USM Anywhere. It also describes search and analytics
capabilities in USM Anywhere that empower you to quickly produce your own custom reports.

Predefined Compliance Reports

To meet regulatory compliance requirements like PCI DSS and HIPAA and to ensure that you continuously meet those
requirements, you must demonstrate that you regularly monitor your environments. This demands rigorous reporting
to gain insight into your assets, vulnerabilities, and potential threats, which can be extremely time-consuming if
executed manually.

USM Anywhere delivers the following set of predefined compliance reports that map directly to common regulatory
compliance requirements and frameworks, so you can quickly and easily provide evidence of compliance during your
next audit.

In addition, you can easily customize any of the predefined compliance reports in USM Anywhere, adding dynamic
graphs and charts to create a professional, executive-ready report.

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
1
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

PCI DSS
In USM Anywhere™, once you define the PCI Asset Group—the servers, applications, and storage entities across your
environment that are considered in-scope of a PCI DSS card-holder data environment (CDE)—then, you can readily
view, export, and customize the following predefined reports.

PCI DSS
ALIENVAULT USM ANYWHERE REPORT
REQUIREMENT

Summary of USM Anywhere hot and cold storage. Audit trail history for 12 months; three 10.7.a
months for immediate analysis

Last 90 days of events available for analysis 10.7.c

File Integrity Monitoring (FIM) events on Windows systems 11.5.a

File Integrity Monitoring (FIM) events on Linux systems 11.5.a

Login failure events on Windows systems 10.2.4

Login failure events on Linux systems 10.2.4

Privilege escalations on Windows systems 10.2.5.b

Privilege escalations on Linux systems 10.2.5.b

Changes, additions, or deletions to any account by an administrator on Windows systems 10.2.5.c

Changes, additions, or deletions to any account by a root user on Linux systems 10.2.5.c

Account lockouts on Windows systems 8.1.6.a

Instances of plain text passwords on the network 8.2.1.c

Vulnerabilities identified across all environments 5.1.2

Vulnerabilities with risk rankings 6.1

Vulnerability scan history against all assets Supplemental

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
2
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

HIPAA
In USM Anywhere™, once you define your HIPAA Asset Group—the part of your environment that touches protected
health information (PHI) data—then you can readily view, export, and customize the following predefined reports.

ALIENVAULT USM ANYWHERE REPORT HIPAA CONTROL

Demonstrate that ePHI has not been altered, modified, or destroyed in an unauthorized §164.312(c)(1)
manner — Windows

Demonstrate that ePHI has not been altered, modified, or destroyed in an unauthorized §164.312(c)(1)
manner — Linux

Does your practice have policies and procedures establishing retention requirements for §164.312(b)
audit purposes?

Does your practice analyze the activities performed by all of its workforce and service §164.312 (a)(1)
providers to identify the extent to which each needs access to ePHI?

Does your practice categorize its information systems based on the potential impact to your §164.308(a)(1)(ii)(A)
practice should they become unavailable?

NIST Cybersecurity Framework (CSF)

USM Anywhere allows you to quickly and easily report out the status of controls across the NIST CSF functions
of Identify, Protect, Detect, and Respond. The following predefined NIST CSF are available out of the box in USM
Anywhere.

ALIENVAULT USM ANYWHERE REPORT NIST CSF CONTROL

Asset Management

Physical devices and systems within the organization are inventoried ID.AM-1

Resources (e.g., hardware, devices, data, and software) are prioritized based on their ID.AM-5
classification, criticality, and business value

Risk Assessment

Asset vulnerabilities are identified and documented ID.RA-1

Threat and vulnerability information is received from information sharing forums and ID.RA-2
sources

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
3
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

ALIENVAULT USM ANYWHERE REPORT NIST CSF CONTROL

Access Control

Identities and credentials are managed for authorized devices and users PR.AC-1

Information Protection Processes and Procedures

A vulnerability management plan is developed and implemented PR.IP-12

Protective Technology

Audit/log records are determined, documented, implemented, and reviewed in PR.PT-1

accordance with policy

Anomalies and Events

Detected events are analyzed to understand attack targets and method DE.AE-2

Event data are aggregated and correlated from multiple sources DE.AE-3

Incident alert thresholds are established DE.AE-5

Security Continuous Monitoring

Personnel activity is monitored to detect potential cybersecurity events DE.CM-3

Malicious code is detected DE.CM-4

Monitoring for unauthorized personnel, connections, devices, and software DE.CM-7

Vulnerability scans are performed DE.CM-8

Detection Processes

Event detection information is communicated to appropriate parties DE.DP-4

Analysis

Forensics are performed RS.AN-3

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
4
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

ISO 27001
Out of the box, USM Anywhere includes pre-built compliance reporting templates that map to multiple ISO 27001
requirements, making it fast and simple to review the state of your deployed technical controls and help satisfy
requests during an audit. You can easily customize, save, and export any report as needed.

The ISO 27001 reporting templates in USM Anywhere can also serve as general guidelines as you prepare to satisfy
the requirements of industry standards and regulations like the European Union’s GDPR, or in gaining ISO 27001
certification. Because ISO 27001 serves as a globally accepted framework for information security management, it can
be helpful in demonstrating how you manage your cyber security and compliance program.

ALIENVAULT USM ANYWHERE REPORT ISO 27001 REQUIREMENT

Contact with special interest groups

Appropriate contacts with special interest groups or other specialist security A.6.1.4
forums and professional associations shall be maintained.

Inventory of assets

Assets associated with information and information processing facilities shall be A.8.1.1
identified and an inventory of these assets shall be drawn up and maintained.

Ownership of assets

Assets maintained in the inventory shall be owned. A.8.1.2

Classification of information

Information shall be classified in terms of legal requirements, value, criticality, and A.8.2.1
sensitivity to unauthorised disclosure or modification.

Labeling of information

An appropriate set of procedures for information labeling shall be developed and A.8.2.2
implemented in accordance with the information classification scheme adopted by
the organization.

Security of equipment and assets off-premises

Security shall be applied to off-site assets, taking into account the different risks of A.11.2.6
working outside the organization’s premises.

Controls against malware

Detection, prevention, and recovery controls to protect against malware shall be A.12.2.1
implemented, combined with appropriate user awareness.

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
5
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

ALIENVAULT USM ANYWHERE REPORT ISO 27001 REQUIREMENT

Event logging

Event logs recording user activities, exceptions, faults, and information security A.12.4.1
events shall be produced, kept, and regularly reviewed.

Linux: Protection of log information

Logging facilities and log information shall be protected against tampering and A.12.4.2
unauthorized access.

Windows: Protection of log information

Logging facilities and log information shall be protected against tampering and A.12.4.2
unauthorized access.

Information systems audit controls

Audit requirements and activities involving verification of operational systems A.12.7.1

shall be carefully planned and agreed to minimize disruptions to business
processes.

Reporting information security events

Information security events shall be reported through appropriate management A.16.1.2

channels as quickly as possible.

Assessment of and decision on information security events

Information security events shall be assessed and it shall be decided if they are to A.16.1.4
be classified as information security incidents.

Compliance with security policies and standards

Managers shall regularly review the compliance of information processing and A.18.2.2
procedures within their area of responsibility with the appropriate security
policies, standards, and any other security requirements.

Technical compliance review

Information systems shall be regularly reviewed for compliance with the A.18.2.3
organization’s information security policies and standards.

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
6
 S O LU T I O N B R I E F : S I M P L I F Y R E P O R T I N G W I T H A L I E N VAU LT ® U S M A N Y W H E R E ™

Predefined Event Reports

To give you insights into key events by different data source types or by specific solutions, AlienVault® USM
Anywhere™ delivers the following predefined event reports out of the box.

EVENT REPORTS BY TYPE OF DATA SOURCE

›› Anomaly Detection Events ›› Intrusion Prevention Events

›› Anti-virus Events ›› Load Balancer Events
›› Application Events ›› Mail Security Events
›› Application Firewall Events ›› Mail Server Events
›› Authentication Events ›› Management Platform Events
›› Authentication and DHCP Events ›› Network Access Control Events,
›› Cloud Application Events ›› Operating System Events
›› Cloud Infrastructure Events ›› Other Devices Events
›› DNS Server Events ›› Proxy Events
›› Data Protection Events ›› Router Events
›› Database Events ›› Router/Switch Events
›› Endpoint Protection Events, ›› Server Events
›› Endpoint Security Events ›› Switch Events
›› Firewall Events ›› Unified Threat Management Events
›› IDS Events ›› VPN Events
›› Infrastructure Monitoring Events ›› Web Server Events
›› Intrusion Detection Events ›› Wireless Security / Management Events

EVENTS REPORTS BY DATA SOURCE

›› AlienVault NIDS ›› G Suite

›› AWS ›› McAfee ePO
›› Amazon DynamoDB ›› Office 365
›› Amazon S3 ›› Okta
›› AWS VPC Flow Logs ›› Palo Alto Networks
›› AWS Load Balancers ›› SonicWall
›› Azure ›› Sophos UTM
›› Cisco Umbrella ›› Watchguard
›› Cylance ›› VMware
›› FireEye ›› Windows
›› Fortigate

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance,
and USM Central, are trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.
7
 DATA S H E E T: S I M P LI F Y R E P O R T I N G W I T H A LI E N VAU LT ® U S M A N Y W H E R E ™

Custom Reports
With AlienVault® USM Anywhere™, you can easily create custom reports as you need.

USM Anywhere’s powerful log management capabilities give you a highly efficient way to search, filter, and analyze
your security-related data. From either the Events or Alarms views, you can filter the view by any data field or time
frame or by entering your own search phrase. Because USM Anywhere stores your recent log and event data within
its Elasticsearch hot storage, you can be assured that your search results generate extraordinarily fast.

In your filtered (or “custom”) data view, you can drill down to view the details of any event or alarm to investigate it.
You can select the data fields you want to display, and adjust the order in which they appear in the custom list view.
And, you can sort the list based on key data fields, such as time created.

When you finish building the custom view that best suits your needs, you can click to save the custom data view for
quick and continued access. For example, you may wish to save a custom data view that shows all login activities of a
flagged suspicious user, so that you can review it daily.

You also have the option to export any predefined or custom data view in an HTML or CSV format, with options to
define the report name and description, date range, number of records, and more. You can select from several rich
predefined graphs to add visual elements to your data, perfect for analyzing trends or presenting an executive-level
summary.

Explore USM Anywhere to Discover How Simple Reporting Can Be!

About AlienVault
AlienVault has simplified the way organizations detect and respond to today’s ever-evolving threat
landscape. Our unique and award-winning approach, trusted by thousands of customers, combines
the essential security controls of our all-in-one platform, AlienVault Unified Security Management, with
the power of AlienVault’s Open Threat Exchange®, the world’s largest crowd-sourced threat intelligence
community, making effective and affordable threat detection attainable for resource-constrained IT teams.
AlienVault is a privately held company headquartered in Silicon Valley and backed by Trident Capital,
Kleiner Perkins Caufield & Byers, Institutional Venture Partners, GGV Capital, Intel Capital, Jackson Square
Ventures, Adara Venture Partners, Top Tier Capital and Correlation Ventures.

AlienVault, AlienApp, AlienApps, AlienVault OSSIM, Open Threat Exchange, OTX, OTX Endpoint Threat

Hunter, Unified Security Management, USM, USM Anywhere, USM Appliance, and USM Central, are
trademarks of AlienVault and/or its affiliates. Other names may be trademarks of their respective owners.