With a USM Anywhere license you can always view your subscription data in one place. Use the My Subscriptions page to access your license information, eventAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. data, raw log data, and connect to a USM CentralA federation console that enables centralized security monitoring for multiple AlienVault USM Anywhere and AlienVault USM Appliance deployments. instance.
Go to Settings > My Subscription to open the page. The following table lists the fields you see on the page:
|License Type||Trial or Subscription.|
|License End Date||Trial Expiration date (Trial Licenses) or Support End Date (Subscription Licenses). The displayed date depends on your computer's time zone.|
|Service Tier||Storage per month (250 GB per month, 500 GB per month, 1 TB per month, 1.5 TB per month, 2 TB per month, 3 TB per month, 4 TB per month).|
|Licensed Sensors||Number of licensed sensorsSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation..|
|Active Sensors||Number of active sensors.|
|Months of cold storage for raw logs||
By default, cold storageA secure long-term log retention mechanism. By default, AT&T Cybersecurity stores all data associated with a customer’s subdomain in cold storage for the life of the active USM Anywhere subscription at no additional charge. is unlimited for USM Anywhere customers within their service terms, but unlimited for AT&T TDR for Gov customers for three years. Keep in mind these points:
|Total Data Consumed||Amount of data USM Anywhere has processed on a monthly basis.|
|Remaining Data Available||Amount of remaining data you have available for this month.|
|Projected Data Consumption||Amount of data already stored for the month plus calculated data storage needs for the rest of the month. See Projected Data Consumption for more information.|
|Historical Data Consumption||List of data consumption by month.|
|Total Event Data||Amount total of data USM Anywhere has processed.|
|View Data Consumption by Data Source||
Link that opens a dialog box to display the data consumption by data source. The displayed information shows raw data collected from each source. It does not represent the fully enriched and correlated data that is sent to USM Anywhere.
You can filter the information by date.
|Total Days of Storage Capability||
Total days of storage capacity available.
|First Day of Data Storage||First day on which data started to be stored.|
|Connection to USM Central||Displays if the deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment. has been connected to a USM Central or not. See Connecting a USM Anywhere to a USM Central for more information.|
|Suppressed Alarm Synchronization||Forward suppressed alarms and alarms with a closed status to USM Central.|
Raw Log Data
Raw Log Data is data that has been forwarded through your sensors. USM Anywhere stores this data and enables you to extract Raw Log Data for audit purposes or further forensic analysis.
Important: It is good practice to occasionally download your raw logs. Data is unable to be collected during the renewal grace period after license expiration.
To extract Raw Log Data
- Go to Settings > My Subscription.
- Click Request Raw Log Files.
- Select a date range to download the raw log files in zip format.
- Click Request Download.
- Click OK.
- Click the link you have in the email to download the zip file.
- Extract the zipped bundle and you see the files listed as
The Export Raw Log Files dialog box displays.
A dialog box informs you that your request is being processed and it is in progress. Keep in mind this process can take up to six hours.
Important: The beginning date can't be earlier than your first day of storage.
In a few minutes you will receive an email with a link to download your files (zip file).
Receiving Email Notifications Concerning my License
USM Anywhere sends the following notificationCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. emails to the email address associated with your license. Typically, this is the email address used to register the trial or your subscription:
- A license is changed from trial to subscription.
- A license tier is upgraded.
- A license expiration date is updated.
- The number of sensors allowed is updated.
- An activated license has expired.
- An activated license is deleted.