Minumr Requirements ( RAM, HD and CPU)
I found this documento: Virtual Appliance: Overview and in the following board
|Virtual Appliance Type||Quantity of CPUs||CPU Specifications||RAM||Disk|
|Decoder||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Log Decoder||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Concentrator||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Archiver||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Broker||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Warehouse Connector||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
|Security Analytics Server||4||Intel Xeon CPU @2.93 Ghz||16 GB||320 GB|
I cant understand which is the disk size required for ESA and if the Decoder is only the Decoder and if Log Decoder includes Log Collector and Log Decoder.
Can anyone help?
> There is one Good tool available for ESA called 'esatool'. This tool provides statistics directly from the Mongo database & performs actions on the Database.
> Have a check on this link 'https://community.rsa.com/docs/DOC-53300'. The Script & document (on how to use this tool) is also attached in this link.
> One basic rule, Make sure there are Not too many non-useful (false positive) alerts firing & you DB space will be good.
If you see any alert firing High number of non-useful alerts, you can delete them by using this ESAtool.
I see that the configuration of ESA are set up to 90.000EPS but currently we have: 1500EPS.
What kind of specs should the ESA have?