Documentation Center
AlienVault® USM Anywhere™

Subscription Management

Once you have a USM Anywhere license you can always view your subscriptions in one place. Use the My Subscriptions page to access your license information, eventAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall. data, raw log data, and connect to a USM CentralA federation console that enables centralized security monitoring for multiple AlienVault USM Anywhere and AlienVault USM Appliance deployments. instance.

To open the My Subscription page

  1. Navigate to SETTINGS > MY SUBSCRIPTION.
  2. The My Subscription page displays.

    Information on the 'My Subscription' page
    Field Description
    License Type Trial or Subscription
    License End Date Trial Expiration date (Trial Licenses) or Support End Date (Subscription Licenses). The displayed date depends on your computer's time zone
    Service Tier Storage per month (250 GB per month, 500 GB per month, 1 TB per month, 1.5 TB per month, 2 TB per month, 3 TB per month, 4 TB per month)
    Licensed Sensors Number of licensed sensorsSensors are deployed into an on-premises, cloud, or multi-cloud environment to collect log and other security-related data. This data is normalized and then securely forwarded to USM Anywhere for analysis and correlation.
    Active Sensors Number of active sensors
    Months of cold storage for raw logs 12 months of cold storage by default
    Total Data Consumed Amount of data USM Anywhere has processed on a monthly basis
    Remaining Data Available Amount of remaining data you have available for this month
    Projected Data Consumption Average amount of data you have consumed on a monthly basis
    Historical Data Consumption List of data consumption by month
    Total Event Data Amount total of data USM Anywhere has processed
    View Data Consumption by Data Source

    Link that opens a popup window to display the data consumption by data source. The displayed information shows raw data collected from each source. It does not represent the fully enriched and correlated data that is sent to USM Anywhere.

    You can filter the information by date

    Total Days of Storage Capability

    Total days of storage capacity available

    First Day of Data Storage First day on which data started to be stored
    Connection to USM Central Displays if the deploymentEntire process involved in installation, configuration, startup, and testing of hardware and software in a specific environment. has been connected to a USM Central or not. See Connecting a USM Anywhere to a USM Central for further information

Raw Log Data

Raw Log Data is data that has been forwarded through your sensors. USM Anywhere stores this data and allows you to extract Raw Log Data for audit purposes or further forensic analysis.

To extract Raw Log Data

  1. Navigate to SETTINGS > MY SUBSCRIPTION.
  2. Click Request Raw Log Files.
  3. Select a date range to download the raw log files in zip format.
  4. Click Request Download.
  5. A popup window informs you that your request is being processed and it is in progress. Keep in mind this process can take up to 6 hours.

  6. Click OK.
  7. In a few minutes you will receive an email with a link to download your files (zip file).

  8. Click the link you have in the email to download the zip file.
  9. Extract the zipped bundle and you see the files listed as forensics.log.YYYY-MM-DD.bz2.

Reaching the Monthly Usage Limit Space

If your environment has exceeded your data consumption tier, your USM Anywhere starts operating in transient mode. When running in transient mode, USM Anywhere no longer stores events in the searchable data store, but will still generate alarmsAlarms provide notification of an event or sequence of events that require attention or investigation., run authenticated assetAn IP-addressable host, including but not limited to network devices, virtual servers, and physical servers. scans, and store raw logs associated with Events in cold storage. This transient mode finishes when you start a new month (based on your anniversary start date) or if you upgrade your subscription tier.

Note: Please contact the AlienVault Sales Department to upgrade your subscription tier and modify your license.

The My Subscription page allows you to purge your earliest seven days of data from the current month. Keep in mind that the button that allows you to purge the data will only be active after you hit your limit and your system is operating in a transient mode.

Note: USM Anywhere will display an early and persistent warning to inform you that you are going to exceed your monthly tiered usage.

To purge seven days of event data

  1. Navigate to SETTINGS > MY SUBSCRIPTION.
  2. Click Purge 7 Days of Event Data.
  3. Note: The 7 days of event data refer to the current month.

Receiving Email Notifications Concerning my License

USM Anywhere will send you notificationCommunication of an important event, typically through an email message or other desktop display. In USM Appliance, notifications are typically triggered by events, policies, and correlation directives, and in USM Anywhere, they are typically triggered by notification rules or directly from alarms. emails related to your license

  • A license is changed from trial to subscription
  • A license tier is upgraded
  • A license expiration date is updated
  • The number of sensors allowed is updated
  • An activated license enters its grace period
  • An activated license is deleted