Snare Central and Sizing
SUMMARY
Aug 17, 2017
The Snare Central hardware requirements are significantly dependent on the volume of audit received by the Snare Central, and the type and number of audit objectives defined.
There are minimum hardware requirements available in the Installation Guide for Snare Central for smaller and larger configurations. However for large to very large environments please contact your Snare Sales representative. The following questions may help us determine optimal hardware sizes:
How long do you wish to retain data on the Snare Server?
How many user workstations do you wish to collect from?
How many servers are likely to send data to Snare Central?
Do you have any services (eg: IIS, ISA, apache, MSSQL, Oracle) that need to send data to Snare Central? How many events per day would they generate in aggregate?
Do you need to meet any particularly regulatory, national or international security requirements or regulations?
Do you need to audit access to file assets on your servers and/or workstations?
Are there any slow remote links to consider?
Do you normally deploy on physical or virtual hardware?
Do you need to collect from network equipment such as firewalls, routers or switches?
Do you have a feel for the total aggregate number of events per day for your workstations, and servers?
Do you need to perform batch mode reporting, or do you have a requirement for realtime?
Are you intending to use local storage, fast SAN, or NAS for any backing disks?
Do you need to reflect event data to other Servers (eg: SIEM, Network monitoring systems)