Sizing Parameters for deploying SIEM

Blason · April 16, 2020, 4:29am

Hi Guys,

I am planning to test out SIEM app in production and I have around 70-80 servers [60 of are those Windows/rest are all Linux/Unix] then have PAN Firewall, 4-5 Cisco routers.

So around 90 off devices that needs to be monitored. the log retention period will be around 6 months.

Can someone please give me insight about elastic search host sizing parameters like

How many hosts I must adapt? Like one for Elastic search, other for logstash etc.
If I must adopt elasticsearch cluster for data resiliency
What should be the ideal memory/cpu/cores each node must have?
Any other advice?

TIA
Blason R

system · May 14, 2020, 4:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Designing elasticsearch cluster for a SOC Elasticsearch	5	873	February 19, 2023
Infrarelated query Elastic Security	3	210	July 5, 2023
Elasticsearch sizing for Production POC Elasticsearch	1	385	January 18, 2021
Best specification server Elastic Security	7	985	November 4, 2022
Hardware requirements for Elasticsearch Elasticsearch	2	715	November 13, 2019

Sizing Parameters for deploying SIEM

Related topics