USM Anywhere™

Reaching the Monthly Usage Limit

Role Availability Read-Only Analyst Manager

Important: Tier options do not have unlimited processing power, memory allotment, or disk I/O speeds. In addition to storage per month, your deployment size's impact on any of these factors will influence which tier option is right for your environment. AT&T Cybersecurity recommends pre-deployment sizing discussions with your sales representative to help select the right tier for you.

Your environment has a limited data consumption tier depending on your subscription tier. If your environment is going to exceed your data consumption tier, a yellow announcement displays in your USM Anywhere to warn you about it. All users can see this yellow announcement in your environment, and you can close it by clicking the icon in the upper right side of the page.

Yellow banner

USM Anywhere sends three emails four days apart to warn you that you are going to reach your data consumption tier. USM Anywhere sends these emails to the address assigned to the license.

Important: By closing the announcement, you acknowledge that a Manager user is aware that the license is reaching its threshold for the current month.

Besides the yellow announcement, a dialog box opens if your environment is going to exceed your data consumption tier each time you log in to USM Anywhere.

System Data Usage Alert Dialog Box

If your environment has exceeded your data consumption tier, your USM Anywhere starts operating in transient mode. When running in transient mode, USM Anywhere no longer stores events in the hot storage or searchable data store, but will still generate alarms Alarms provide notification of an event or sequence of events that require attention or investigation., run authenticated asset An IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scans, and store raw logs associated with events in cold storage. This transient mode ends when you start a new month (based on your anniversary start date) or if you upgrade your subscription tier. If your environment has exceeded your data consumption tier, a red announcement displays in your USM Anywhere to warn you about it. All users can see this red announcement in your environment, and you can't close it.

Banner to inform you have exceed your tier

USM Anywhere sends an email to warn you that it has reached your data consumption tier. The account receiving this kind of emails is the one associated with your license.

Besides the red announcement, a dialog box opens if your environment has exceeded your data consumption tier each time you log in to USM Anywhere.

System Data Usage Warning Dialog Box

Note: Please contact the AT&T Cybersecurity Sales department if you need to upgrade your subscription tier or modify your license.

To refrain from reaching your monthly limit, AT&T Cybersecurity recommends that you create filtering rules to restrict data collection. If you've reached the monthly limit, you can purge your earliest seven days of data from the current month through the My Subscription page. This can be done twice a month. The button to purge data will only be active after you have reached your limit and your system is operating in transient mode. If you purge data to go back under your data limit, the transient mode will end as of the date that you enacted the purge. The purge won't retroactively remove transient mode for the days that the limit had been exceeded.

To purge seven days of event data

  1. Go to Settings > My Subscription.
  2. Click Purge 7 Days of Event Data.

    Purge 7 Days of Event Data

  3. Note: The 7 days of event data refer to the first 7 days of the current month. If you choose to purge again in the same month, then the second 7 days will be purged (the 8th of the month through the 14th).