Good day security gurus,
I have a query on correctly sizing a QRadar SIEM installation.
As an example, IBM typically budgets a factor of 25x EPS per DNS server, 10x FPM for a workstation and 120x FPM for a server.
Are these numbers reasonable and a fair reflection of how resources consume EPS and FPM licenses?
The reason for the question is that we have a customer that is claiming they consume ~600x EPS for a DNS server, and their workstations and servers are using roughly 5x the FPM quotas.
I can't believe that IBM gets these estimates out by such a large factor as they have been sizing QRadar installations for years and have many customer installations to base these factors from.
Your experiences please?
Could there be something specific to my customer's network environment that is triggering these large EPS and FPM counts?
Let me know if you need further info.
------------------------------
Geoff Bosman
Senior IT Consultant
Silverfern IT
Perth
------------------------------