This topic contains the minimum Azure VM configuration settings recommended for the NetWitness Platform (NW) virtual stack components.
The recommended settings in the NetWitness Platform component VM tables below were calculated under the following conditions.
- Ingestion rates of 15,000 EPS were used.
- All the components were integrated.
- The Log stream included a Log Decoder, Concentrator, and Archiver.
- Incident Management was receiving alerts from the Reporting Engine and Event Stream Analysis.
- The background load included reports, charts, alerts, investigation, and respond.
For more information, see Storage Guide for RSA NetWitness Platform 11.x on how to increase the number of volumes based on your storage requirements using the RSA Sizing & Scoping Calculator.
The following table shows the storage recommendations for NetWitness Azure VMs.
Azure Image Type Rate (EPS) CPU (Cores) RAM (GB) Instance Type (Azure Name) NW Does not apply 16 112
Log Decoder 15,000 32 128 Standard D32s_v3 Log Concentrator 15,000 16 112
Archiver 15,000 16 112 Standard D14_v2 ESA 15,000 20 140
Log Collector 15,000 8 32 Standard D8s_v3 UEBA* Does not apply 16 112
Refer to the Storage Guide for RSA NetWitness Platform for additional storage information.
Table of Contents > Azure Configuration Recommendations