Your environment has a limited data consumption tier depending on your subscription tier. If your environment is going to exceed your data consumption tier, a yellow announcement displays in your USM Anywhere to warn you about it. All users can see this yellow announcement in your environment, and you can close it by clicking the icon in the upper right side of the page.
Important: Keep in mind that by closing the announcement, you acknowledge that a Manager user is aware that the license is reaching its threshold for the current month.
If your environment has exceeded your data consumption tier, your USM Anywhere starts operating in transient mode. When running in transient mode, USM Anywhere no longer stores events in the searchable data store, but will still generate alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., run authenticated assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scans, and store raw logs associated with Events in cold storage. This transient mode finishes when you start a new month (based on your anniversary start date) or if you upgrade your subscription tier.
Note: Please contact the AT&T Cybersecurity Sales department to upgrade your subscription tier and modify your license.
Through the My Subscription page you can purge your earliest seven days of data from the current month. This can be done twice a month. Keep in mind that the button that enables you to purge the data will only be active after you hit your limit and your system is operating in transient mode. If you purge data to go back under your data limit, the transient mode will end as of the date that the purge was enacted. The purge will not retroactively remove transient mode for the days that the limit had been exceeded.
Note: USM Anywhere will display an early and persistent warning to inform you that you are going to exceed your monthly tiered usage.
To purge seven days of event data