USM Anywhere™

Reaching the Monthly Usage Limit

Role Availability Read-Only Analyst Manager

Your environment has a limited data consumption tier depending on your subscription tier. If your environment is going to exceed your data consumption tier, a yellow announcement displays in your USM Anywhere to warn you about it. All users can see this yellow announcement in your environment, and you can close it by clicking the icon in the upper right side of the page. USM Anywhere sends three emails four days apart to warn you that you are going to reach your data consumption tier. USM Anywhere sends these emails to the address assigned to the license.

Important: By closing the announcement, you acknowledge that a Manager user is aware that the license is reaching its threshold for the current month.

Yellow banner

If your environment has exceeded your data consumption tier, your USM Anywhere starts operating in transient mode. When running in transient mode, USM Anywhere no longer stores events in the hot storage, or searchable data store, but will still generate alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., run authenticated assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scans, and store raw logs associated with events in cold storage. This transient mode ends when you start a new month (based on your anniversary start date) or if you upgrade your subscription tier. USM Anywhere sends an email to warn you that it has reached your data consumption tier. The account receiving this kind of emails is the one associated with your license.

Note: Please contact the AT&T Cybersecurity Sales department to upgrade your subscription tier and modify your license.

To refrain from reaching your monthly limit, AT&T Cybersecurity recommends that you create filtering rules to restrict data collection. If you've reached the monthly limit, you can purge your earliest seven days of data from the current month through the My Subscription page. This can be done twice a month. The button to purge data will only be active after you hit your limit and your system is operating in transient mode. If you purge data to go back under your data limit, the transient mode will end as of the date that the purge was enacted. The purge won't retroactively remove transient mode for the days that the limit had been exceeded.

To purge seven days of event data

  1. Go to Settings > My Subscription.
  2. Click Purge 7 Days of Event Data.

    Purge 7 Days of Event Data

  3. Note: The 7 days of event data refer to the first 7 days of the current month. If you choose to purge again in the same month, then the second 7 days will be purged (the 8th of the month through the 14th).