With a USM Anywhere license, you can always view your subscription data in one place. Use the My Subscription page to access your license information, eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. data, and raw log data, and to connect to a USM CentralA federation console that enables centralized security monitoring for multiple AlienVault USM Anywhere and AlienVault USM Appliance deployments. instance.
Go to Settings > My Subscription to open the page.
The following table lists the fields you see on the page.
|Total Searchable Data||The total remaining data available in the hot storage.|
|Consumed Data||The amount of data USM Anywhere has processed every month.|
|Projected Data Consumption||The amount of data already stored for the month plus calculated data storage needs for the rest of the month. See Projected Data Consumption for more information.|
|Sensors||The number of licensed sensorsSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. and pending deployment sensors. Click Manage Sensors to open the Sensors page. See Sensors Page Overview for more information.|
|Purge Event Data||The ability to purge data will soon be deprecated.|
|EPS||Events per second (EPS) in the last 24 hours.|
|Filtered EPS||Percentage of filtered EPS in the last 24 hours.|
|Filtering Rules||Number of filtering rules in your environment. Click Manage Rules to open the Filtering Rules page. See Filtering Rules from the Orchestration Rules Page for more information.|
|License Type||Either the trial or subscription license.|
The monthly storage limit. See AT&T Cybersecurity pricing page for details or to request a quote.
Important: Tier options do not have unlimited processing power, memory allotment, or disk input/output (I/O) speeds. In addition to storage per month, your deployment size's impact on any of these factors will influence which tier option is right for your environment. AT&T Cybersecurity recommends pre-deployment sizing discussions with your sales representative to help select the right tier for you.
|License End Date||Either the trial expiration date (for trial licenses) or support end date (for subscription licenses). The displayed date depends on your computer's time zone.|
Click Export Raw Logs to download the raw log files in ZIP format. See Raw Log Data for more information. By default, cold storageA secure long-term log retention mechanism. By default, AT&T Cybersecurity stores all data associated with a customer’s subdomain in cold storage for the life of the active USM Anywhere subscription at no additional charge. is unlimited for USM Anywhere customers within their service terms, but unlimited for AT&T Threat Detection and Response for Government (AT&T TDR for Gov) customers for three years. Keep in mind these points:
|Email address associated with your license.|
|MSSP Status||Indicates whether the USM Anywhere deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment. has been successfully connected to a USM Central or not. See Connecting a USM Anywhere to a USM Central for more information.|
|MSSP Service||Name of the connected USM Central deployment.|
|Historical Data Consumption||A list of data consumption by month. Click Download CSV for downloading a file with this information.|
|Top Data Sources||Displays a list of the top data sources. Click Download CSV for downloading a file with this information.|
|Top Event Names||List of the top event names related to their data source. Click Download CSV for downloading a file with this information.|
|Top Reporting Devices||List of top reporting devices. Click Download CSV for downloading a file with this information.|
Raw log data is data that has been forwarded through your sensors. USM Anywhere stores this data and enables you to extract raw log data for audit purposes or further forensic analysis.
Important: AT&T Cybersecurity recommends that you download the raw log data on a monthly basis.
When requesting raw log files, the date range cannot exceed 30 days. To download more than 30 days' worth of data, you must make multiple requests. Refrain from making all requests at the same time, which may tie up your USM Anywhere instance. You can make 2 or 3 requests, wait for the emails to arrive, and then make your next requests.
To extract raw log data
- Go to Settings > My Subscription.
Click Export Raw Logs inside License Information.
The Export Raw Log Files dialog box opens.
Select a date range to download the raw log files in ZIP format.
Note: The date range cannot exceed 30 days.
Click Request Download.
The Log Files Requested dialog box opens to inform you that your request is being processed. This process can take up to 24 hours.
Important: The beginning date can't be earlier than your first day of storage.
- Click OK.
- Click the link in the email to download the ZIP file.
- Extract the zipped bundle, and you see the files listed as
forensics-YYYY-MM-DD.hh.log.gz, where YYYY-MM-DD.hh refers to the date and hour.
You will receive an email with a link to your file.
Email Notifications Concerning Your License
USM Anywhere sends the following notificationCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. emails to the email address associated with your license. Typically, this is the email address used to register the trial or your subscription:
- A license is changed from trial to subscription.
- A license tier is upgraded.
- A license expiration date is updated.
- The number of sensors allowed is updated.
- An activated license has expired.
- An activated license is deleted.