USM Anywhere includes a wide range of report templates classified according to the compliance templates for alarms, vulnerabilities, and events collected in the system. The templates are grouped into:
  • PCI. Payment Card Industry Data Security Standards (PCI DSS) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. These reports are identified and based on specific PCI DSS requirements to provide the auditor with the specific information requested. For example, PCI DSS requirement 10.7.a: Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis.
  • NIST CSF. The National Institute of Standards Technology (NIST) Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber attacks.
  • HIPAA. The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered entities, anyone who provides treatment, payment and operations in healthcare, and business associates, anyone with access to patient information and provides support in treatment, payment, or operations. Subcontractors, or business associates of business associates, must also be in compliance.
  • ISO 27001. ISO/IEC 27001 provides guidance for implementing information security controls to achieve a consistent and reliable security program. The ISO and the International Electrotechnical Commission (IEC) developed 27001 to provide requirements for an information security management system (ISMS).
  • Type of Data Source. Event Type Templates enable you to easily run a general , authentication, and other types of normalized queries that do not require you to build complex filters based on specific data source or event types. USM Anywhere supports these reports: Anomaly Detection, Antivirus, , Application Firewall, , Authentication and , Application, Cloud Infrastructure, DNS Server, Data Protection, Database, Endpoint Protection, Endpoint Security, Firewall, , Infrastructure , , Intrusion Prevention, Load Balancer, Mail Security, Mail Server, Management Platform, Network Access Control, , Other Devices, Proxy, Router, Router/Switch, Server, Switch, Unified Threat Management, VPN, Web Server, Wireless Security/Management.
  • Data Sources. You can find templates based on the most commonly used data sources including , , Amazon DynamoDB, Amazon S3, AWS VPC Flow Logs, AWS Load Balancers, , Cisco Umbrella, Cylance, FireEye, Fortigate, G Suite, McAfee ePO, Office 365, Okta, Palo Alto, SonicWall, Sophos UTM, Watchguard, VMware, Windows, LevelBlue Agent. There is also a template for the LevelBlue Generic Data Source.
To apply a report template
  1. Go to Activity > Events.
  2. From the Events list view, click View above the filters and select Report templates.
  3. Select a report. You can use the search field or scroll down the list.
  4. Click Apply. The result displays with the filters applied.