| Role Availability | Read-Only | Investigator | Analyst | Manager |
Subscription Data
Go to Settings > My Subscription to open the page.
License Usage
License Usage
| Field | Description |
|---|---|
| Consumed Data | The amount of data that USM Anywhere has processed every month |
| Projected Data Consumption | The amount of data already stored for the month plus calculated data storage needs for the rest of the month. See Projected Data Consumption for more information. |
| Sensors | The number of licensed sensors and pending deployment sensors. Click Manage Sensors to open the Sensors page. See Sensors Page Overview for more information. |
| EPS | Events per second in the last 24 hours |
| Filtered EPS | Percentage of filtered EPS in the last 24 hours |
| Filtering Rules | Number of filtering rules in your environment. Click Manage Rules to open the Filtering Rules page. See Filtering Rules from the Orchestration Rules Page for more information. |
Data Consumption Status
Data Consumption Status
| Field | Description |
|---|---|
| Data Consumption Status | The health status of your subscription’s data consumption, reflecting real data consumption rates compared to your subscription tier over time: healthy, caution, warning, violation, or recovery. See Understanding Your Data Consumption Status for more information. |
License Information
License Information
| Field | Description |
|---|---|
| License Type | Refers to either the trial or subscription license |
| Service Tier | Refers to the monthly storage limit. See the LevelBlue pricing page for details or to request a quote. Important: Tier options do not have unlimited processing power, memory allotment, or disk input/output (I/O) speeds. In addition to storage per month, your deployment size’s impact on any of these factors will influence which tier option is right for your environment. LevelBlue recommends pre-deployment sizing discussions with your sales representative to help select the right tier for you. |
| License End Date | Refers to either the trial expiration date (for trial licenses) or support end date (for subscription licenses). The displayed date depends on your computer’s time zone. |
| Cold Storage | Click Manage Raw Logs to download the raw log files in zip format. See Raw Log Data for more information. By default, cold storage is unlimited for USM Anywhere customers within their service terms; but limited for LevelBlue Threat Detection and Response for Government (LevelBlue TDR for Gov) customers for three years. Remember the following: - You can export raw logs for a 31-day month. However, you are limited to a 31-day span if the range exceeds a single month. - The start time is 00:00:00 on the selected start date, and the end time is 23:59:59 on the selected end date. Example: If you select 1/1/2020 to 2/1/2020, the logs start at 00:00:00 1/1/2020 and end at 23:59:59 2/1/2020. |
| Refers to the email address associated with your license. | |
| MSSP Status | Indicates whether the USM Anywhere deployment has been successfully connected to a USM Central or not. See Connecting a USM Anywhere to a USM Central for more information. |
| MSSP Service | Name of the connected USM Central deployment |
| Historical Data Consumption | Refers to a list of data consumption by month. Click Download CSV to download a file with this information. |
| Top Data Sources | Displays a list of the top data sources. Click Download CSV to download a file with this information. |
| Top Event Names | List of the top event names related to their data source. Click Download CSV to download a file with this information. |
| Top Reporting Devices | List of top reporting devices. Click Download CSV to download a file with this information. |
Raw Log Data
Raw log data is data that has been forwarded and collected through your sensors, agents, and Cloud Connectors. USM Anywhere stores this data and enables you to extract raw log data for audit purposes or further forensic analysis. To request and extract raw log data- Go to Settings > My Subscription.
- Click Manage Raw Logs in the License Information section.
- Click Request Cold Storage Raw Logs.
- Click the dropdown to select a date range to download the raw log files (dates are in UTC). Once you have set the date, click Apply.
The start date cannot be earlier than your first day of storage. Furthermore, the date range cannot exceed 31 days.
- Click Request Cold Storage Raw Log. A message will be displayed indicating that a new request has been triggered, and the request will be displayed among the list of requests made. As the user who requested the raw logs, you will be sent an email to download the logs.
In the Manage Cold Storage Raw Logs dialog box, you can see your (latest) request at the top of the list with a Processing status. This changes to a download icon once it is ready for downloading.
-
Click the link in the email to navigate to the Raw Logs Management page. Your list of log requests (as well as those of the other users if you are logged in as a Manager) is displayed.
You need to be logged into USM Anywhere prior to clicking the link in your email. If you are not logged in, you will be prompted to log into the portal to navigate to the Raw Logs Management page.
- Click the download icon to download the log files. Select the path in which to save the logs, and the download process starts.
-
Extract the zipped bundle, and you will see the files listed as
forensics-YYYY-MM-DD.hh.log.gz, where YYYY-MM-DD.hh refers to the date and hour.
Email Notifications Concerning Your License
USM Anywhere sends the following emails to the email address associated with your license. Typically, this is the email address used to register the trial or your subscription:- A license is changed from trial to subscription.
- A license tier is upgraded.
- A license expiration date is updated.
- The number of sensors allowed is updated.
- An activated license has expired.
- An activated license is deleted.