Sizing Parameters for deploying SIEM

Hi Guys,

I am planning to test out SIEM app in production and I have around 70-80 servers [60 of are those Windows/rest are all Linux/Unix] then have PAN Firewall, 4-5 Cisco routers.

So around 90 off devices that needs to be monitored. the log retention period will be around 6 months.

Can someone please give me insight about elastic search host sizing parameters like

  1. How many hosts I must adapt? Like one for Elastic search, other for logstash etc.
  2. If I must adopt elasticsearch cluster for data resiliency
  3. What should be the ideal memory/cpu/cores each node must have?
  4. Any other advice?

Blason R

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.