Licensing Overview

You must have Root scope to use this feature.

Stellar Cyber has licenses for the DP and for features. The DP licenses are:

  • Volume – The DP is licensed based on the volume of data processed.
  • Assets – The DP is licensed based on the number of daily active assets.

The license types are:

  • Count – A given number of units is licensed.
  • Device – A given number of units is licensed.
  • Enable/Disable – The feature is either enabled or disabled, regardless of capacity.
  • Volume – The feature is licensed for a given amount/time of work.

Each license has an expiration time. The license information is automatically downloaded from the cloud license server as needed. The information is filed under the One Time Password (OTP) assigned to the system at installation time.

Contact Stellar Cyber sales for pricing information.

About the Licenses Tab

Select System | ORGANIZATION MANAGEMENT | Licensing to see a list of current licenses.

Expired and invalid licenses are included. If there is more than one block display mentioning the same license, the operational value is the sum of all license values applied.

Note that if the Support License is expired, any licenses for features that perform updates of definitions (such as the Exploit Detection and Malware Analysis licenses) will show a status of No Updates.

Select Tenant Allocation, Asset Usage or Volume Usage to see details on the amount of capacity used. You can also select Usage Detail for the Platform License on the Licenses tab.

You can schedule or export PDF/CSV reports for these tabs from the Reporting | Reports | License Usage page.

About the OTP Key

The Licenses tab also includes an OTP Key field that lists the One-Time Password (OTP) used for the initial authorization of this DP and its associated sensors.

Getting More Information with License Usage Reports

In addition to the information provided in the Licensing page, Stellar Cyber also provides several useful reports to help you understand your asset and volume usage over different time intervals. Navigate to the Reporting | Reports | License Usage tab to work with the reports listed below:

  • Asset Usage

  • Volume Usage

About the Tenant Allocation Tab

The Tenant Allocation tab (System | ORGANIZATION MANAGEMENT | Licensing) lets you view and manage how the licensed capacity for your Stellar Cyber Platform license is distributed among tenants. The capacity shown here comes from the License Threshold in the Licenses tab.

The content in this tab is divided into two sections: important data listed across the top of the tab in Top Summary and a Tenant Allocation table with more detailed information.

Top Summary

The Top Summary consists of the following

  • Total Licenses – Displays the License Threshold from the Licenses tab for the active license type. For ingestion-based licenses, this is the maximum daily ingestion volume in GB/day that your Stellar Cyber Platform license allows. For asset-based licenses, this is the maximum number of assets allowed.

  • Available / Allocated (Root level only) – Shows the amount of licensed capacity that is unassigned (Available) and assigned to tenants (Allocated). Allocations are measured in the same units as the License Threshold. Allocated capacity can exceed the License Threshold if you intentionally over-subscribe.

    When actual usage exceeds the License Threshold, the License State in the Licenses tab changes to Warning. Also a warning banner appears at the top of the UI alerting you that daily usage exceeds licensed limits.

  • Total Usage – Displays the percentage of the License Threshold currently being consumed across all tenants. A value above 100% means total usage exceeds the licensed daily capacity.

Table Columns

The following are the columns that appear in the Tenant Allocation table:

  • Tenant Name – Name of the tenant.

  • Tenant Group – Tenant group that the tenant belongs to.

  • Allocation Quota – The licensed capacity assigned to the tenant. A dash ( – ) means no specific quota is set. Values are in the same units as the License Threshold (GB/day for ingestion-based licenses or asset count for asset-based licenses).

  • Usage – The actual daily usage for the tenant.

  • Usage Level – A color-coded bar showing the tenant’s usage as a percentage of its allocation quota:

    Blue – Usage is within allocation.

    Pink – Usage exceeds allocation.

    Tenants without a quota display a blue bar showing usage relative to their own peak usage.

Screen capture of the Tenant Allocation tab

Interpretation of the screen capture shown above:

  • The License Threshold from the Licenses tab is 5 GB/day, which appears as Total Licenses = 5.

  • Allocations total 60.8016 GB/day across all tenants, meaning the capacity has been over-subscribed more than twelvefold.

  • Tenant-01 has a quota of 42.555 GB/day but is consuming 43.8378 GB/day, so its bar is pink.

  • Tenant-04 has a quota of 1.1111 GB/day and is using 1.7987 GB/day, also shown in pink.

  • Tenant-07 has a quota of 0.2222 GB/day and is using 0.1484 GB/day, so its bar is blue because usage is within allocation.

  • The Total Usage bar is 967.9677%, meaning actual usage across all tenants is more than nine times the licensed limit.

Allocating Capacity to Tenants

To set or change the capacity allocated to a tenant:

  1. In the Allocation Quota column, select the Edit icon next to the tenant’s current value (or dash).

  2. Enter a capacity quota in the same units as your License Threshold (GB/day or asset count).

  3. Save your changes.

Guidelines for Determining Allocations

When deciding how much capacity to allocate to each tenant:

  • Analyze historical usage – Review the Usage column and Volume Usage or Asset Usage tabs to see each tenant’s recent trends.

  • Use the Ingestion Target as a reference – If set when creating the tenant, the Ingestion Target value can serve as a reference point for allocation decisions. This value is for informational purposes only and does not enforce or automatically set the Allocation Quota.

  • Account for growth – Add buffer capacity for tenants expected to grow in assets or ingestion volume.

  • Prioritize critical tenants – Ensure mission-critical tenants receive enough allocation to handle peak load without exceeding their quota.

  • Avoid excessive over-subscription – While over-subscription can improve flexibility, it increases the risk of exceeding the license threshold and triggering warnings.

  • Review regularly – Revisit allocations periodically to adjust for changes in tenant usage patterns.

Role-Based Access Control (RBAC) for Tenant Allocation

Access to the Tenant Allocation tab is governed by both scope and role:

  • Scope levels – Root/Organization, Tenant Group, and Tenant. Users can only view and manage allocations within their assigned scope.

  • Roles – Four default privilege profiles determine the level of access within a scope:

  • Super Admin – Full access, including changing allocations for all tenants in scope.

  • Platform Admin – Subset of Super Admin permissions, can edit allocations within scope.

  • Security Admin – More limited permissions; may have read-only access to this tab depending on configuration.

  • User – Typically view-only access.

    Partner users operate at the Tenant Group scope and can manage allocations for tenants in that group. Only root-level users can manage allocations across all tenants in the platform.

About the Asset Usage Tab

The Asset Usage tab shows you the daily maximum active assets over the preceding 30 days. If you have an asset-based license, your license limit is based on that average.

As shown in the image below, separate tabs in the Daily Asset Count By Tenant table let you view asset usage By Tenant or By Tenant Groups.

Each entry in the Daily Asset Count By Tenant table with a non-zero count includes a View Assets button. This button works differently depending on whether you are using Stellar Cyber classic asset counting implementation or the new approach available in 5.3.0 and later:

  • Classic Asset Counting – Selecting View Assets lets you drill to an Threat Hunting | Interflow Search filtered on the Assets index for the selected tenant and time range. This gives you an easy way to see the exact assets counted for licensing purposes in a given window of time

  • Entity-Based Asset Counting – Selecting View Assets pops up an Asset Details view showing the entities detected for asset counting purposes for the specified tenant and time range.

Refer to Understanding Asset-Based Licensing for details on how assets are discovered, managed, and counted for licensing purposes, as well as the differences between Classic and Entity-Based asset counting.

About the Volume Usage Tab

The Volume Usage tab shows you the data volume consumed for licensing purposes over the past 30 days by tenant.

Keep in mind that licensing volume is different than ingestion:

  • Ingestion – Ingestion refers to the quantity of data sent by connectors and sensors to the DP prior to enrichment and compression.

  • Licensing Volume Once data arrives at the DP, it undergoes additional enrichment and compression before it is stored on disk in the DP. Licensing volume refers to the quantity of actual data stored on disk, post-enrichment and compression. These are the counts used for licensing purposes.

Because of this distinction, the byte counts shown in the System | ORGANIZATION MANAGEMENT | Licensing | Volume Usage tab will not match those shown in the Dashboards | PREDEFINED | Ingestion Dashboard.

The table at the bottom provides the same information plus the index used.

Sorting the table by tenant makes it easy to see trends for each tenant.

Volume Usage Calculations Require 24 Hours for Completion

Keep in mind that it takes 24 hours to complete the volume usage calculations for a given UTC day. When a day ends in UTC time, its volume calculations are not final and may show small changes until the end of the next day in UTC time.

For example, consider the day of March 15, 2023. Stellar Cyber shows ingestion values for this day as soon as it concludes in UTC time. However, those values can and will show small changes for another 24 hours and are not complete until the end of March 16, 2023 in UTC time.

Payment Overdue Banners

If for some reason your account becomes overdue and must be paid, Stellar Cyber displays a banner to users with a Scope of Root, encouraging you to maintain your account in good standing. In the case of seriously overdue accounts, the banner may also indicate the date by which a payment must be made in order to avoid system disruption. These messages are only displayed once per session. You can acknowledge the notification and continue your work. Please make a payment as soon as possible to keep your account current.