You can configure the view you want for the list of items in the page. To create a view configuration
  1. From the list view, click the icon.
  2. Use the and icons to pass the items from one column to another and select the columns you want to see.
  3. Click Apply.
  4. If you want to delimit the search, select the filters you want to apply.
  5. Go to Save View > Save As. The Save Current View dialog box opens.
  6. Enter a name for the view.
  7. (Optional) Select Share View if you want to share your view with other users.
  8. Click Save. The created view is already selected.
Note: Only users in the Analyst, Manager, or Investigator roles can create a view configuration.
To select a configured view
  1. From the ist view, click View above the filters.
  2. Click Saved Views, and then select the view you want to see.
    Note: A shared view includes the icon next to its name.
  3. Click Apply.
To delete a configured view
  1. From the Events list view, click View above the filters.
  2. Click Saved Views, and then click the icon next to the saved view you want to delete.
  3. A Settings Delete dialog box opens to confirm the deletion.
  4. Click Accept.
    Important: The icon does not display if the view is selected.
Note: Only Manager and Analyst users can delete any configured view. You can only delete the views you have created in an Investigator role.

Predefined Views

USM Anywhere includes several predefined views of events based on usual environments and technologies. These views have pre-defined column headers that show the most relevant event fields. You can see a summarized event view without having to spend the time creating a custom view. These predefined views operate the same way as the views you can create yourself. Some of these views have also predefined filters. To open the predefined views
  1. Go to Activity > Events.
  2. Open the View option and select Saved Views.
Predefined Views for Events
ViewMeaning
LevelBlue Generic PluginDisplays log data when the USM Anywhere Sensor is unable to match them with BlueApps based on hints and manual associations.
AWS Cloud ActivityDisplays the most relevant event fields for , AWS S3 Access, and Access.
Azure ActivityDisplays the most relevant event fields for environmental logs.
Firewall EventsDisplays the most relevant fields for events. For instance request URL, source username, destination username, etc. depending on the set of fields that is most common to the list of supported firewall BlueApps.
Linux EventsDisplays the most relevant fields for Linux Events generated by the Linux CRON, , and BlueApps.
Network IDSDisplays the most relevant event fields for .
Open Threat ExchangeDisplays the most relevant feeds that the pulse has matched.
Web Server EventsDisplays the most relevant fields for Web Server Events, which include Apache, NGinx, and Windows IIS.
Windows Events

Displays the most relevant fields for Windows Events forwarded by NXLog.