With a USM Anywhere license, you can always view your subscription data in one place. Use the My Subscription page to access your license information, event Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. data, and raw log data and to connect to a USM Central A federation console that enables centralized security monitoring for multiple AlienVault USM Anywhere and AlienVault USM Appliance deployments. instance.
Go to Settings > My Subscription to open the page.
The following table lists the fields you see on the page.
|The amount of data USM Anywhere has processed every month.
|Projected Data Consumption
|The amount of data already stored for the month plus calculated data storage needs for the rest of the month. See Projected Data Consumption for more information.
|The number of licensed sensors Sensors are deployed into an on-premises, cloud, or multi-cloud environment to collect logs and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation. and pending deployment sensors. Click Manage Sensors to open the Sensors page. See Sensors Page Overview for more information.
|Events per second (EPS) in the last 24 hours.
|Percentage of filtered EPS in the last 24 hours.
|Number of filtering rules in your environment. Click Manage Rules to open the Filtering Rules page. See Filtering Rules from the Orchestration Rules Page for more information.
|Data Consumption Status
|Data Consumption Status
|The health status of your subscription's data consumption, reflecting real data consumption rates compared to your subscription tier over time: healthy, caution, warning, violation, or recovery. See Understanding Your Data Consumption Status for more information.
|Either the trial or subscription license.
The monthly storage limit. See the AT&T Cybersecurity pricing page for details or to request a quote.
Important: Tier options do not have unlimited processing power, memory allotment, or disk input/output (I/O) speeds. In addition to storage per month, your deployment size's impact on any of these factors will influence which tier option is right for your environment. AT&T Cybersecurity recommends pre-deployment sizing discussions with your sales representative to help select the right tier for you.
|License End Date
|Either the trial expiration date (for trial licenses) or support end date (for subscription licenses). The displayed date depends on your computer's time zone.
Click Export Raw Logs to download the raw log files in ZIP format. See Raw Log Data for more information. By default, cold storage A secure long-term log retention mechanism. By default, AT&T Cybersecurity stores all data associated with a customer’s subdomain in cold storage for the life of the active USM Anywhere subscription at no additional charge. is unlimited for USM Anywhere customers within their service terms but unlimited for AT&T Threat Detection and Response for Government (AT&T TDR for Gov) customers for three years. Keep in mind these points:
|Email address associated with your license.
|Indicates whether the USM Anywhere deployment Entire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment. has been successfully connected to a USM Central or not. See Connecting a USM Anywhere to a USM Central for more information.
|Name of the connected USM Central deployment.
|Historical Data Consumption
|A list of data consumption by month. Click Download CSV to download a file with this information.
|Top Data Sources
|Displays a list of the top data sources. Click Download CSV to download a file with this information.
|Top Event Names
|List of the top event names related to their data source. Click Download CSV to download a file with this information.
|Top Reporting Devices
|List of top reporting devices. Click Download CSV to download a file with this information.
Raw log data is data that has been forwarded and collected through your sensors, agents, and Cloud Connectors. USM Anywhere stores this data and enables you to extract raw log data for audit purposes or further forensic analysis.
Important: AT&T Cybersecurity recommends that you download the raw log data on a monthly basis.
When requesting raw log files, the date range cannot exceed 31 days. To download more than 31 days' worth of data, you must make multiple requests. Refrain from making all requests at the same time, which may tie up your USM Anywhere instance. You can make two or three requests, wait for the emails to arrive, and then make your next requests.
To extract raw log data
- Go to Settings > My Subscription.
Inside License Information, click Export Raw Logs.
The Export Raw Log Files dialog box opens.
Select a date range to download the raw log files in ZIP format (dates are in UTC).
Note: The date range cannot exceed 31 days.
Click Request Download.
The Log Files Requested dialog box opens to inform you that your request is being processed. This process can take up to 24 hours.
Important: The beginning date can't be earlier than your first day of storage.
- Click OK.
- Click the link in the email to download the ZIP file.
- Extract the zipped bundle, and you will see the files listed as
forensics-YYYY-MM-DD.hh.log.gz, where YYYY-MM-DD.hh refers to the date and hour.
You will receive an email with a link to your file.
Important: This link will expire in 48 hours.
Email Notifications Concerning Your License
USM Anywhere sends the following notification Communication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. emails to the email address associated with your license. Typically, this is the email address used to register the trial or your subscription:
- A license is changed from trial to subscription.
- A license tier is upgraded.
- A license expiration date is updated.
- The number of sensors allowed is updated.
- An activated license has expired.
- An activated license is deleted.