An is a record of activity, which contains information and that resides in a log file. USM Anywhere collects, normalizes, and enriches logs with additional , which are called events. After USM Anywhere is installed in your environment, events start flowing through your system, so you can start gaining visibility into the type of events that are occurring, what natural or non-threatening activity is taking place, and what activity can be a possible attack. This topic discusses these subtopics: Workflow of the USM Anywhere Event Process Events List View Event Views Report Templates in Events LevelBlue Generic Data Source Searching Events Searching Events by Using the Search Field Standard and Advanced Modes on Events About the No Value Option Viewing Event Details Applying Actions to Events Creating Rules from Events Adding an Event to an Investigation Create an Events Report Protecting Your Sensor’s Performance with EPS Adaptive Response Raw Logs in Events Managing Collected CloudTrail Event Logs Event Keys