NEW RSA NetWitness Platform Scenario Planner - V11.5.4.2021

NETWO METERE RSA | NETWITNESS SCENARIO PLANNER
NETWORK
RK S I EM D
Input Omit Decoder Meta Disk Approximate Bill of Materials

Utilization ≈ 60% Throughput Subscription Omit MA Add ESA Omit UEBA
Line Rate 1,000 Mbps
Hour Utilization Hour Utilization Hybrid Hardware
12:00 AM 30% 12:00 PM 95% SKU Count SKU
Utilization 60% 1:00 AM 30% 1:00 PM 85% 6 SA-NETMON-S-T1
2:00 AM 35% 2:00 PM 80% 1 NW-S6E-CORE-NL (node zero)
Metadata Ratio 8% 3:00 AM 45% 3:00 PM 75% 1 NW-S6E-ANALYTIC-NL (esa)
4:00 AM 50% 4:00 PM 70% 1 NW-S6H-NHYBRID-NL
Raw Retention 7 Days
5:00 AM 55% 5:00 PM 65% 1 NW-PV-A
6:00 AM 60% 6:00 PM 60% #VALUE! #VALUE!
Meta Retention 30 Days
7:00 AM 65% 7:00 PM 55% #VALUE! #VALUE!
8:00 AM 70% 8:00 PM 50% #VALUE! #VALUE!
Meta Compression disabled 9:00 AM 75% 9:00 PM 45% #VALUE! #VALUE!
Per Day Per Period 10:00 AM 80% 10:00 PM 40% #VALUE! #VALUE!
PacketDB MetaDB Index PacketDB MetaDB 11:00 AM 85% 11:00 PM 30% #VALUE! #VALUE!
5.89 TB 0.47 TB 0.42 TB 41.25 TB 14.14 TB #VALUE! #VALUE!
6,035 GB 483 GB 435 GB 42,245 GB 14,484 GB #VALUE! #VALUE!
Network Monitoring Throughput ≈ 5.89 TB/Day #VALUE! #VALUE!
Equivalent Sustained Line Rate 600 Mbps Online Physical Host Installation Guide
Decoder Appliance Concentrator Appliance Hybrid Appliance

Raw Retention Manual Override Meta Retention Manual Override Raw & Meta Retention Manual Override
Total PV-A Total PV-D Total S6 + 1x PV-A
Decoders 1 Concentrators
1 Hybrids + PV 1
PowerVaults 1 PowerVaults 1 Raw Retention ≈ 18.5 Days
≈ 13.8 Days ≈ 150.8 Days Meta Retention ≈ 84.6 Days
■□ ■□ ■□
Qty Description PacketDB Days Qty Description MetaDB Days Qty Description Raw Days Meta Days
1 PV-A 51% 13.78 1 PV-D 20% 150.80 1 S6 + 1x PV-A 18.54 84.57
2 PV-A 23% 31.01 2 PV-D 10% 301.61 2 S6 + 1x PV-A 37.09 169.15
3 PV-A 15% 48.25 3 PV-D 7% 452.41 3 S6 + 1x PV-A 55.64 253.73
4 PV-A 11% 65.48 4 PV-D 5% 603.22 4 S6 + 1x PV-A 74.19 338.31
5 PV-A 8% 82.71 5 PV-D 4% 754.02 5 S6 + 1x PV-A 92.73 422.89
Total Bandwidth to Concentrator ≈ 48 Mbps Total Bandwidth to ESA ≈ 48 Mbps Total Bandwidth to ESA ≈ 48 Mbps
Decoder VMs Concentrator VMs Other VMs

Raw Retention Manual Override Meta Retention Manual Override NetWitness Server
Total Vmware Total VMware Total Vmware
Decoder VMs 1 Concentrator VMs 1 Virtual Machines 1

12 vCPUs 16 vCPUs 12 vCPUs
Resource Allocation Per VM Resource Allocation Per VM Resource Allocation Per VM
50 GB vRAM 50 GB vRAM 64 GB vRAM
43.44 TB Total Disk 17.31 TB Total Disk 1.50 TB SAS
200 Read IOPS 550 Read IOPS 100 Read IOPS
400 Write IOPS 5,500 Write IOPS 350 Write IOPS
Disk Allocation Per VM Disk Disk Allocation Per VM Disk

Operating System 1.50 TB SAS Operating System 1.50 TB SAS Online Virtual Host Installation Guide
PacketDB 41.25 TB SAS SessionDB 1.24 TB SAS
SessionDB 0.06 TB SAS MetaDB 14.14 TB SAS Online AWS Installation Guide
MetaDB 0.60 TB SAS Index 0.42 TB SSD Online Azure Installation Guide
Index 0.03 TB SAS Online Google Cloud Installation Guide
Minimum Required TOTAL IOPS Per VM 600 Minimum Required TOTAL IOPS Per VM 6,050 Minimum Required TOTAL IOPS Per VM 450
Internal Use - Confidential

#
NETWOR METERE
K S IEM D
Log Input Omit Decoder Meta Disk Endpoint Input

Event Rate EPS Primary Log Decoder
Event Utilization Monitoring Mode
Event Size Bytes Expanded Network Visibility
Metadata Ratio Collect File Logs
RAW Retention Days Scans Per Week
RAW Compression disabled Agents
Meta Retention 30 Days Windows
Meta Compression disabled mac OS X
Long Term Retention 365 Days CentOS / RH Enterprise / Ubuntu
Warm / Cold Retention 0 Days

Per Day
MongoDB
0.00000 TB
Per Day Per Period 0.00 GB

RawDB MetaDB Index RawDB MetaDB RawDB MetaDB
0.00 TB 0.00 TB 0.0000 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
0 GB 0 GB 0 GB 0 GB 0 GB 0 GB 0 GB
≈ 0.00 GB/Day ≈ 0.00 GB/Day
Decoder Appliance Err:508 Concentrator Appliance

Raw Retention Manual Override Meta Retention
Total PV-A Total
#Internal Use - Confidential

Total Total
Decoders 0 Concentrators
PowerVaults 0 PowerVaults
≈ 0.0 Days
Qty Description RawDB Days Qty SKU

PV-A PV-D
PV-A PV-D
PV-A PV-D
PV-A PV-D
PV-A PV-D
Total Bandwidth to Concentrator ≈ 0 Mbps Total Bandwidth to ESA
Decoder VMs Concentrator VMs

Raw Retention Manual Override Meta Retention
Total Vmware Total
Decoder VMs 0 Concentrator VMs
vCPUs
Resource Allocation Per VM Resource Allocation Per VM
vRAM
Total Disk
Read IOPS
Write IOPS
Disk Allocation Per VM Disk Disk Allocation Per VM

Operating System SAS Operating System
PacketDB SAS SessionDB
SessionDB SAS MetaDB
MetaDB SAS Index
Index SAS

Minimum Required TOTAL IOPS Per VM Minimum Required TOTAL IOPS Per VM

RSA
Approximate Event Rate ≈0

≈0
rimary Log Decoder Hybrid Event Size
Quantity Device Class
0 Unix or Linux Servers
Monitoring Mode Insights Windows Active Directory
Windows IIS / Exchange
d Network Visibility Disabled Windows General Purpose
Web Servers
Collect File Logs Disabled Proxy Servers
Antivirus Servers
Scans Per Week 0 NAS
Database Servers
Agents DNS and DHCP Servers
Routers and Switches
Windows 0 Firewalls
IDS or IPS
mac OS X 0 VPNs
NW Endpoints
Enterprise / Ubuntu 0 Total 0
Per Period
MongoDB
0.0000 TB
0.00 GB
Index RawDB MetaDB
0.0000 TB 0.00 TB 0.00 TB
0 GB 0 GB 0 GB
≈ 0.00 GB/Day ≈ 0 GB/Day
tor Appliance Archiver Appliance

Manual Override Long Term Retention Manual Override
PV-D Total PV-A

Total
trators 0 Archivers 0
Vaults 0 PowerVaults 0
≈ 0.0 Days ≈ 0.0 Days
SKU MetaDB Days Qty SKU DB

PV-D PV-A
PV-D PV-A
PV-D PV-A
PV-D PV-A
PV-D PV-A
Total Bandwidth to ESA ≈ 0 Mbps Warm / Cold Storage Requirement ≈ 0.0 TB
tor VMs Archiver VMs

Manual Override Long Term Retention Manual Override
VMware Total Vmware
rator VMs 0 Archiver VMs 0

vCPUs
e Allocation Per VM Resource Allocation Per VM
vRAM
Total Disk
Read IOPS
Write IOPS
sk Allocation Per VM Disk Disk Allocation Per VM

Operating System SAS Operating System
SessionDB SAS RawDB
MetaDB SAS MetaDB
Index SSD Index

ed TOTAL IOPS Per VM Minimum Required TOTAL IOPS Per VM

R SA | N E T W I T N E S S S C E N A R I O P L A N N E R
≈0 Bill of Materials
≈0 Throughput SubscriptionOmit Archiver Add ESA Omit UEBA
Decoder & Concentrator Software
SKU Count SKU
tive Directory 0 #N/A
/ Exchange #VALUE! #VALUE!
neral Purpose #VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
CP Servers #VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
UEBA Users 10,000 Quantity
Online Physical Host Installation Guide
Hybrid Appliance
Manual Override Raw & Meta Retention Manual Override
Total S6

Total
Hybrids 0
Raw
RawRetention
Retention ≈ 0.0 Days
Days Meta Retention ≈ 0.0 Days
Days Qty SKU Raw Days Meta Days

S6
S6
S6
S6
S6
≈ 0.0 TB
Other VMs
Manual Override VLC
Total AWS
Instances 1
c4.2xlarge
vCPUs Resource Allocation Per 8 vCPUs
vRAM Instance 15 GB vRAM
Total Disk 1.50 TB SSD
Read IOPS Read IOPS
Write IOPS Write IOPS
Disk
SAS Online Virtual Host Installation Guide
SAS
SAS Online AWS Installation Guide
SSD Online Azure Installation Guide
Online Google Cloud Installation Guide

Enhanced Networking Enabled
Send Us Feedback 11.5.4.2021

NETWOR METER
K SIEM ED
1 Sites Exclude MA
Line Rate 1,000 Mbps Line Rate
Utilization 60% Utilization
Metadata Ratio 5% Metadata Ratio
RAW Retention 7 Days RAW Retention
Meta Retention 45 Days Meta Retention
SKU Count SKU Throughput Per Day SKU Count SKU

6 SA-NETMON-S-T1 5.89 TB 0 0
Per Day Per Period Per Day

PacketDB MetaDB Index PacketDB MetaDB PacketDB MetaDB
5.89 TB 0.29 TB 0.40 TB 41.25 TB 13.26 TB 0.00 TB 0.00 TB
6,035 GB 302 GB 407 GB 42,245 GB 13,579 GB 0 GB 0 GB
Equivalent Sustained Line Rate 600 Mbps Equivalent Sustained Line Rate
1 Sites ◀
Event Rate 10,000 EPS Event Rate
Event Size 500 Bytes Event Size
Metadata Ratio 100% Metadata Ratio

Meta Retention 90 Days Meta Retention
SKU Count SKU Throughput Per Day SKU Count SKU

9 SA-SIEM-S-T2 402 GB 0 0
Per Day Per Period Per Day

RawDB MetaDB Index RawDB MetaDB RawDB MetaDB
0.42 TB 0.42 TB 1.13 TB 37.77 TB 37.77 TB 0.00 TB 0.00 TB
430 GB 430 GB 1,160 GB 38,672 GB 38,672 GB 0 GB 0 GB
≈ 402 GB/Day ≈ 0 GB/Day

RSA
0 Sites Exclude MA 0 Sites
1,000 Mbps Line Rate 1,000

60% Utilization 60%
5% Metadata Ratio 5%
7 Days RAW Retention 7
45 Days Meta Retention 45
SKU Throughput Per Day SKU Count SKU Throughput Per Day
0.00 TB 0 0 0.00 TB
Per Period Per Day Per Period

Index PacketDB MetaDB PacketDB MetaDB Index PacketDB
0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
ent Sustained Line Rate 0 Mbps Equivalent Sustained Line Rate 0 Mbps
0 Sites ◀ 0 Sites
10,000 EPS Event Rate 10,000

500 Bytes Event Size 500
100% Metadata Ratio 100%
90 Days Meta Retention 90
SKU Throughput Per Day SKU Count SKU Throughput Per Day
0 GB 0 0 0 GB
Per Period Per Day Per Period

Index RawDB MetaDB RawDB MetaDB Index RawDB
0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
≈ 0 GB/Day ≈ 0 GB/Day

R SA | N E T W I T N E S S S C E N A R I O P L A N N E R
Exclude MA Total Metered Network

Mbps
Customer Type SKU Type
New Subscription
Days Licensed Network Monitoring 50 TB
Days Licensed Malware Analysis 50 TB
Throughput Per Day SKU Count SKU Throughput Per Day

0.00 TB 6 SA-NETMON-S-T1 5.89 TB
er Period Per Day Per Period

MetaDB PacketDB MetaDB Index PacketDB MetaDB
0.00 TB 5.89 TB 0.29 TB 0.40 TB 41.25 TB 13.26 TB
0 GB 6,035 GB 302 GB 407 GB 42,245 GB 13,579 GB
0 Mbps Equivalent Sustained Line Rate 600 Mbps
◀ Total Metered SIEM

EPS
Customer Type SKU Type
Existing Subscription
Bytes
Days

Days
Days Licensed SIEM Monitoring 400 GB
Throughput Per Day SKU Count SKU Throughput Per Day

0 GB 9 SA-SIEM-S-T2 402 GB
er Period Per Day Per Period

MetaDB RawDB MetaDB Index RawDB MetaDB
0.00 TB 0.42 TB 0.42 TB 1.13 TB 37.77 TB 37.77 TB
0 GB 430 GB 430 GB 1,160 GB 38,672 GB 38,672 GB
≈ 402 GB/Day
Send Us Feedback 11.5.4.2021

SIEM Devices
Approximate
Event Rate
Event Size
Input
Quantity Vendor Categoy
0 Apache Host
0 Apple Host
0 Blue Coat Systems Host
0 Blue Coat Systems Host
0 Check Point Storage
24 Check Point Host
0 Check Point Security
0 Check Point Host
0 Cisco Network
0 Cisco Security
0 Cisco Host
0 Cisco Host
0 Cisco Security
0 Cisco Storage
0 Cisco Host
0 Cisco Security
0 Cisco Security
0 Cisco Network
0 Cisco Security
0 Cisco Host
0 Cisco Security
0 CyberGuard Security

0 Enterasys Networks Security
0 Extreme Networks Security
0 Fortinet Security
0 Foundry Networks Security
0 FreeBSD Security
0 HP Security
0 IBM Host
0 IBM
0 IBM
0 Intel
0 ISS
0 ISS
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 McAfee
1,000 McAfee
0 McAfee
0 McAfee
10 Microsoft
1 Microsoft
0 Microsoft
0 Microsoft
1 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Network Appliance
0 Network Appliance
0 NFR
0 Nokia

0 Nortel
0 Nortel
0 Nortel
0 Novell
0 Open Source
0 Oracle
0 Red Hat
0 RSA Security
0 Secure Computing
0 Solsoft
0 SonicWALL
0 Sun
0 Symantec
0 Symantec
0 Symantec
0 Symantec
0 TippingPoint
0 Top Layer
0 Top Layer
0 Trend Micro
0 WebSense
Total Devices:
Total EPS:
KB / Second:

Event Rate ≈ 1,015
Event Size ≈ 327
Class Description
Web Logs Apache HTTP Server
UNIX Apple Mac OS X
Web Logs Blue Coat Systems CacheOS
Web Logs Blue Coat Systems SGOS (Security Gateway Appl.)
Firewall Check Point Provider-1
Firewall / VPN Check Point FireWall-1; NG R5x, NG with AI, NGX
Firewall / VPN Check Point SmartDefense FireWall-1
Firewall / VPN Check Point VPN-1
Access Control Cisco Access Control Server
Firewall Cisco Cisco Adaptive Security Appliance Software
Firewall / VPN Cisco PIX Firewall
Firewall / VPN Cisco ASA Firewall
IDS/IPS Cisco Secure IDS
IDS/IPS Cisco Secure IDS (XML)
IDS/IPS Cisco Security Agent
Routing Cisco Router
Switching Cisco Catalyst Switch 6500 CATOS
Switching Cisco Content Services Switch
VPN Cisco VPN 3000 Concentrator
Web Logs Cisco Content Engine
Wireless Cisco Aironet AP (Wireless Access Point)
Firewall / VPN CyberGuard Firewall TSP Family Series

IDS/IPS Enterasys Networks Dragon
Switching Extreme Networks ExtremeWare Switch
Firewall / VPN Fortinet FortiGate Antivirus Firewall
Switching Foundry Networks Switch
UNIX FreeBSD FreeBSD
UNIX HP UX
Mainframe IBM OS390/ZOS (Mainframe SMA_RT)
Midrange IBM iSeries (AS400)
UNIX IBM AIX 5L
VPN Intel NetStructure VPN
IDS/IPS ISS RealSecure IDS Server Sensor
IDS/IPS ISS SiteProtector
Config. & Policy Juniper Networks NetScreen-Security Manager
Firewall / VPN Juniper Networks NetScreen Firewall ScreenOS
IDS/IPS Juniper Networks IDP
Routing Juniper Networks JUNOS Router
VPN Juniper Networks SSL VPN
Anti Virus McAfee ePolicy Orchestrator
Anti Virus McAfee VirusScan Enterprise
IDS/IPS McAfee Entercept
IDS/IPS McAfee Intrushield
Database Microsoft SQL Server
Mail Server Microsoft Exchange Server
Web Logs Microsoft IIS
Web Logs Microsoft ISA Server
Windows Microsoft Windows
Windows Microsoft Windows - Event Reporter
Windows Microsoft Windows - NIC Agentless
Windows Microsoft Windows - Snare
Storage Network Appliance Data ONTAP
Web Logs Network Appliance NetCache
IDS/IPS NFR NIDS
UNIX Nokia IP Series

Routing Nortel Passport 8600 Routing Switch
VPN Nortel Contivity VPN Switch
Web Logs Nortel Alteon Switch Firewall
UNIX Novell SuSE Linux
IDS/IPS Open Source SNORT
Database Oracle 8i, 9i and 10g
UNIX Red Hat Linux, SuSE Linux, Debian Linux
Access Control RSA Authentication Manager
Firewall Secure Computing Sidewinder G2 Security Appliance
Config. & Policy Solsoft NP
Firewall / VPN SonicWALL Firewall
UNIX Sun Solaris
Anti Virus Symantec AntiVirus Corporate Edition
Firewall Symantec Enterprise Firewall
IDS/IPS Symantec Network Security
IDS/IPS Symantec Intruder Alert
IDS/IPS TippingPoint UnityOne
Access Control Top Layer Secure Edge Controller
IDS/IPS Top Layer Attack Mitigator
Anti Virus Trend Micro OfficeScan
Web Logs WebSense Web Security Suite
1,036
1014.6
354.91

RSA | NETWITNESS SCENARIO PLA
EPS
Bytes
Average Event Rate Average Event Size KB per Second

0.30 0.00
0.30 0.00
34.50 0.00
34.50 0.00
29.60 0.00
29.60 8922.07 257.90
29.60 0.00
29.60 0.00
0.30 0.00
30.10 0.00
30.10 0.00
30.10 0.00
0.40 0.00
0.40 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.50 0.00
1.00 0.00
0.30 0.00
30.10 0.00

30.10 0.00
0.30 0.00
30.10 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.50 0.00
29.30 0.00
0.40 0.00
0.40 0.00
0.30 0.00
30.10 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 325060.19 95.23
0.40 0.00
0.30 0.00
0.30 4406.98 1.29
0.30 382.11 0.11
0.30 0.00
1.00 0.00
0.90 426.82 0.38
0.50 0.00
0.90 0.00
0.50 0.00
0.30 0.00
1.00 0.00
0.30 0.00
1.10 0.00

0.30 0.00
0.30 0.00
1.00 0.00
0.50 0.00
0.40 0.00
0.30 0.00
0.50 0.00
0.30 0.00
30.10 0.00
0.30 0.00
30.10 0.00
0.30 0.00
0.30 0.00
30.10 0.00
0.40 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.40 0.00
0.30 0.00
1.00 0.00

TNESS SCENARIO PLANNER v11.5.4.2021
KB per Day Total EPS

0.0
0.0
0.0
0.0
0.0
22,282,864.74 710.4
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
8,228,085.95 300.0
0.0
0.0
111,551.65 3.0
9,672.15 0.3
0.0
0.0
32,411.86 0.9
0.0
0.0
0.0
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

RSA | NETWITNESS SCENARIO PLANNER Help Page
Current Version: 11.5.4.2021 Last Updated: October 17, 2018
4,500 60% Large bold green numeric values in white cells are user input data entry fields requiring manual entry. In a few fields dropdown
selections are provided but, manual data entry is not prohibited.
45% 2,500 Black numeric values in green cells are user input data entry fields requiring manual entry. In a few fields dropdown selections are
50% 1,250 provided but, manual data entry is not prohibited.
4 ≈ 15.0 Large bold black numeric values in blue cells are primary calculation results. The ≈ symbol represents mathematical "ALMOST
EQUAL TO". The results of the calcualtions provided are approximations - NOT absolutes.
67% 12:00 PM
Black numeric values in gray cells are either secondary calculation results or static labels.
52% 1:00 PM
These are THREE separate user selection dropdown boxes Select the desired available options to influence the results in the Bill of
0 Hybrid Hardware
Materials Widgets.
Manual Override This is a user selection dropdown box. Select the desired available values to influence the calculation results in the widget.
This is an example widget ADVISORY title. When certain conditions exist widget title bars will display with black text on an orange
Appliance or VM Advisory Message Text
background. The "message text" will describe the ADVISORY condition. ADVISORY conditions are SUPPORTED configurations.
This is an example widget WARNING title. When certain conditions exist widget title bars will display with white text on a red
Appliance or VM Warning Message Text background. The "message text" will describe the WARNING condition. WARNING conditions are UNSUPPORTED
configurations.
Input Primary Network [packets] Data Input Widget

Line Rate 1,000 Mbps Average network line rate for a typical busy day.
Utilization 60% Network Line Rate x Utilization = Equivalent Sustained Line Rate. Equivalent Sustained Line Rate is used to calculate quantity of
appliances, VM specifications, and required capacity.
Metadata Ratio 8% Percentage of Metadata created for the network(s) being consumed. Typical rate is 4% to 6%.
Raw Retention 7 Days Quantity of desired days solution will provide full network session reconstruction.
Meta Retention 30 Days Quantity of desired days solution will provide metadata for Dashboards, Reports, and Investigations.
Per Day Per Period

PacketDB MetaDB Index PacketDB MetaDB
5.89 TB 0.47 TB 0.42 TB 41.25 TB 14.14 TB Quantity of Raw [PacketDB] and MetaDB data generated per day and per period in TeraBytes and GigaBytes based on widget user
6,035 GB 483 GB 435 GB 42,245 GB 14,484 GB input
Network Line Rate x Utilization = Equivalent Sustained Line Rate. Equivalent Sustained Line Rate is used to calculate quantity of
Equivalent Sustained Line Rate 600 Mbps appliances, VM specifications, and required capacity.
Approximate
The "Approximate Utilization" widget is a stand-alone helper widget. Data input in this widget is not required and has no affect on
Utilization ≈ 60% any Network calculations other than this widget.
Hour Utilization Hour Utilization
12:00 AM 30% 12:00 PM 95%
1:00 AM 30% 1:00 PM 85%
2:00 AM 35% 2:00 PM 80%
3:00 AM 45% 3:00 PM 75%
4:00 AM 50% 4:00 PM 70%
5:00 AM 55% 5:00 PM 65% To approximate the daily utilization of a network, input the approximate network utilization values for each hour, for a typical busy
day. The resulting value in the blue cell can then be manually input and used as the utilization value in the primary network data input
6:00 AM 60% 6:00 PM 60% widget.
7:00 AM 65% 7:00 PM 55%
8:00 AM 70% 8:00 PM 50%
9:00 AM 75% 9:00 PM 45%
10:00 AM 80% 10:00 PM 40%
11:00 AM 85% 11:00 PM 30%
Graphical representation of the input daily network utilization
Bill of Materials Omit MA Add ESA

The "Bill of Materials" widget is a helper, informational widget. Data presented in this widget is NOT intended as a final or
0 Hybrid Hardware
authoritative bill of materials.
SKU Count SKU
6 SA-NETMON-S-T1
1 NW-S6E-CORE-NL (node zero)
1 NW-S6E-ANALYTIC-NL (esa)
1 NW-S6H-NHYBRID-NL
1 NW-PV-A
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE! Appliance and Software is an invalid conifguration.
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#NAME? #NAME?
Online Physical Host Installation Guide Hyperlink to the online physical host guide
Decoder Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total PV-A Dropdown box to select desired capacity type - DAC, UltraDAC, or SAN
Decoders 1 Quantity of Decoder appliances required to satisfy desired retention based on input network line rate, utilization and selected capacity
PowerVaults 1 Quantity of capacity type required to satisfy desired retention based on input network line rate, utilization and selected capacity type
≈ 13.8 Days APPROXIMATE days of full session reconstruction retention provided based on input network line rate, utilization and selected capa
■□ Graphical representation of the quantity of Decoder appliances and selected capacity

Qty Description PacketDB Days
1 PV-A 51% 13.78
2 PV-A 23% 31.01
3 PV-A 15% 48.25 Dynamically updated table based on the user selected capacity, DAC, UltraDAC, or SAN
4 PV-A 11% 65.48
5 PV-A 8% 82.71
Total Bandwidth to Concentrator ≈ 48 Mbps APPROXIMATE aggregate bandwidth required from ALL Decoder appliances to ALL Concentrator appliances
Concentrator Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Meta Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total PV-D Dropdown box to select desired capacity type - DAC or SAN
Concentrators
1 Quantity of Concentrator appliances required to satisfy desired retention based on input network line rate, utilization, metadata ratio
and selected capacity type
PowerVaults 1 Quantity of capacity type required to satisfy desired retention based on input network line rate, utilization, metadata ratio and selected
capacity type
≈ 150.8 Days APPROXIMATE days of metadata retention provided based on input network line rate, utilization, metadata ratio and selected capaci
■□ Graphical representation of the quantity of Concentrator appliances and selected capacity

Qty SKU MetaDB Days
1 PV-D 20% 150.80
2 PV-D 10% 301.61
3 PV-D 7% 452.41
4 PV-D 5% 603.22
5 PV-D 4% 754.02
Total Bandwidth to ESA ≈ 48 Mbps APPROXIMATE aggregate bandwidth required from ALL Concentrator appliances to a SINGLE Event Stream Analysis appliance
Hybrid Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw & Meta Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total S6 + 1x PV-A Dropdown box to select desired Hybrid type and capacity type
Hybrids + PV 1 Quantity of Hybrid appliances or Hybrid appliances plus a single DAC each, required to satisfy desired retention based on input
network line rate, utilization, metadata ratio and selected capacity type
Raw Retention ≈ 18.5 Days APPROXIMATE days of full session reconstruction retention provided based on input network line rate, utilization and selected capa
Meta Retention ≈ 84.6 Days APPROXIMATE days of metadata retention provided based on input network line rate, utilization, metadata ratio and selected capaci
■□ Graphical representation of the quantity of Concentrator appliances and selected capacity

Qty SKU Raw Days Meta Days
1 S6 + 1x PV-A 18.54 84.57
2 S6 + 1x PV-A 37.09 169.15
3 S6 + 1x PV-A 55.64 253.73
4 S6 + 1x PV-A 74.19 338.31
5 S6 + 1x PV-A 92.73 422.89
Total Bandwidth to ESA 48 Mbps APPROXIMATE aggregate bandwidth required from ALL Hybrid appliances to a SINGLE Event Stream Analysis appliance
Decoder VMs Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw Retention Manual Override Dropdown box to manually override the calculated quantity of virtual machines.
Total Vmware Dropdown box to select Vmware or AWS [Amazon Web Services]
Decoder VMs 1 Quantity of Packet Decoder Virtual Machines required to satisfy desired full session reconstruction retention based on input network
line rate and utilization
AWS dedicated instance name

12 vCPUs Quantity of virtual CPUs required PER Virtual Machine
Resource Allocation Per VM
50 GB vRAM Quantity of virtual RAM required PER Virtual Machine
43.44 TB Total Disk Quantity of Total Disk space required PER Virtual Machine
200 Read IOPS MINIMUM required READ IOPS PER EACH Decoder Virtual Machine
400 Write IOPS MINIMUM required WRITE IOPS PER EACH Decoder Virtual Machine
Disk Allocation Per VM Disk

Operating System 1.50 TB SAS
PacketDB 41.25 TB SAS
SessionDB 0.06 TB SAS Additional details regarding the disk allocation PER Virtual Machine
MetaDB 0.60 TB SAS
Index 0.03 TB SAS
Minimum Required TOTAL IOPS Per VM 600 MINIMUM required TOTAL IOPS PER EACH Decoder Virtual Machine OR AWS Enhanced Networking Requirement
Concentrator VMs Widget title bar. May include ADVISORY or WARNING message text [see above].
Meta Retention Manual Override Dropdown box to manually override the calculated quantity of virtual machines.
Total VMware Dropdown box to select Vmware or AWS [Amazon Web Services]
Concentrator VMs 1 Quantity of Concentrator Virtual Machines required to satisfy desired full session reconstruction retention based on input network line
rate and utilization
AWS dedicated instance name

16 vCPUs Quantity of virtual CPUs required PER Virtual Machine
Resource Allocation Per VM
50 GB vRAM Quantity of virtual RAM required PER Virtual Machine
17.31 TB Total Disk Quantity of Total Disk space required PER Virtual Machine
550 Read IOPS MINIMUM required READ IOPS PER EACH Decoder Virtual Machine
5,500 Write IOPS MINIMUM required WRITE IOPS PER EACH Decoder Virtual Machine
Disk Allocation Per VM Disk

Operating System 1.50 TB SAS
SessionDB 1.24 TB SAS
MetaDB 14.14 TB SAS Additional details regarding the disk allocation PER Virtual Machine
Index 0.42 TB SSD
Minimum Required TOTAL IOPS Per VM 6,050 MINIMUM required TOTAL IOPS PER EACH Decoder Virtual Machine OR AWS Enhanced Networking Requirement
Other VMs Widget title bar. May include ADVISORY or WARNING message text [see above].
Internal Use - Confidential

#
RSA | NETWITNESS SCENARIO PLANNER Change Log
Current Version: 11.5.4.2021
Version: 11.5.4.2021
Release Notes
Update
Added Endpoint calculations to the SIEM tab
Added new PowerVaults
Removed Unity SAN, VNX SAN, and PowerVaults no longer available
Version: 11.5.1.2021
Release Notes
Bug Fix
Updated Network and Log IndexDB calculations to NOT include compression
Updated Network and Log Virtual Machine IndexDB calculations
Updated Log Retention Hybrid capacity
Updated Log Retention Hybrid calculations based on compression enabled whether user selected or not
Added red "Unsupported" header to Network and SIEM Bill of Materials widgets when compression is sel
Version: 11.5.11.2020
Release Notes
Bug Fix
Updated LogMetaDB_for_Period to include compression selection
Version: 11.5.10.2020
Release Notes
Update
Added Network and SEIM Decoder meta disk kit dropdown selection
Added Network and SEIM Meta Compression dropdown selection
Added SEIM Raw Compression dropdown selection
Updated Network Bill of Materials builder to include Meta Only License
Version: 11.4.07.2020
Release Notes
Update
Added 76TB Powervault to Concentrator dropdown selection(s)

Removed 56TB Powervault to Concentrator dropdown selection(s)
Updated Network and SEIM Bill of Materials builder
Replaced 56TB Powervault SKU with 76TB Powervault SKU
Updated usable storage for 96 TB PV, 96 TB SED PV, 144 TB PV, 32 TB DAC, and 46 TB DAC
Based on "NetWitness Usable Storage" RSA Wiki post June 22, 2020
Updated usable storage for 76 TB PV, 78 TB SED PV, 113 TB PV, 33 TB DAC
Based on "NetWitness Usable Storage" RSA Wiki post June 22, 2020
Version: 11.4.05.2020
Release Notes
Update
Added 300% and 400% to SIEM Metadata Ratio List
Version: 11.4.03.2020
Release Notes
Bug Fix
Added S6R Series 6 Log Retention Hybrid to SIEM Hybrid selections
Updated all Hyperlinks to v11.4 documentation
Version: 11.4.02.2020
Release Notes
Bug Fix
Updated Log Decoder, Log Concentrator, and Archiver days retention calculations
Under certain conditions the Quantity of DAC or SAN Shelves Required Based on Line Rate, Utilizatio
was not calculated correctly
Version: 11.3.11.2019
Release Notes
Update
Updated Network Hybrid and Log Hybrid capacity selections [removed DACS and added Powervaults]
Added Series 6 Appliances to the "Appliance" Tab
Updated ESA SKUs for both network and SIEM Bill of Materials results from S5 to S6
Updated hyperlinks to online documents
Version: 11.3.07.2019
Release Notes

Bug Fix
Updated log decoder retention in days formula
Version: 11.2.12.2018
Release Notes
Update
Updated all Powervault available capacity based on new metrics from engineering
Updated all Series 6 Hybrid capacity based on new metrics from engineering
Version: 11.2.10.2018
Release Notes
Update
Added Hybrid selections for both Network and SIEM
Updated Series 5 Hybrid selection to 'S5'
Updated Series 5 Hybrid plus a single DAC selection to 'S5 + DAC'
Added Series 5 Hybrid plus a single 72TB Powervault. Selection is 'S5 + 1*72TB PV'
Added Series 6 Hybrid Only [no DAC - no Powervault]. Selection is 'S6'
Added Series 6 Hybrid with a single 72TB Powervault. Selection is 'S6 + 1*72TB PV'
Added Series 6 Hybrid with two 72TB Powervaults. Selection is 'S6 + 2*72TB PV'
Added Series 6 Hybrid with a single 144TB Powervault. Selection is 'S6 + 1*144TB PV'
Added Hybrid business logic for both Network and SIEM Bill of Materials
Added Maximum Supported Rate for a Single ESA for both Network and SIEM
Added Bill of Materials Calculation(s) to Add Additional ESAs Based on Maximum Supported Rates for b
Added 96TB Self Encrypting Drive PowerVault selection to network and log decoder, and archiver capaci
Added 78TB Self Encrypting Drive PowerVault selection to network and log concentrator capacity dropdo
Added UEBA selection to SIEM Bill of Materials widget
Added UEBA user quantity input field to SIEM Bill of Materials widget
Added UEBA virtual machine selection to SIEM "Other" VM widget
Updated embedded hyperlinks to external documentation
Bug Fix
Updated SIEM Bill of Materials business logic to correctly add a Broker based on SIEM tab selections
Updated network and log virtual machine conditional logic
Version: 11.1.7.2018
Release Notes
Update
Updated the nomeclature in the dropdown selections for both Network and SIEM for Powervault capacity
Updated SIEM calculations to correctly utilize Powervault capacity
Updated Network calculations to correctly utilize Powervault capacity

Version: 11.0.7.2018
Release Notes
Update
Deleted SKU Reference Tab - The Scenario Planner is NOT the definitive source of SKUs
Added PowerVault DACs to Network and SIEM capacity selections, associated retention calculations upd
Added SIEM Input 'Event Utilization'
Added 'Network Monitoring Throughput' calculation to the bottom of the Network Input Widget
Updated SIEM retention calculations to include 'Event Utilization'
Updated SIEM VM retention calculations to include 'Event Utilization'
Version: 11.0.05.2018
Release Notes
Bug Fix
Updated Network and SIEM VM Widgets Dropdown Selections
Version: 11.0.03.2018
Release Notes
Update
Updated SKU Reference
Added Unity SAN to Network and SIEM capacity selections, associated retention calculations updated, an
Version: 10.6.10.2017
Release Notes
Update
Removed 12TB DAC selection from both log and packet Concentrator dropdown
Version: 10.6.07.2017
Release Notes
Update
Added additional values to the VM Formula QE Benchmark Lookup Tables for AWS
AWS VM Lookup tables now includes QE tested specifications for
500, 1,000, and 1,500 Mbps [Network]
5,000, 10,000, and 15,000 EPS [SIEM]
Version: 10.6.06.2017

Release Notes
Update
Updated Capacity Reference
VNX2 SAN - LG Maximum Shelves REDUCED from 66 to 60
Bug Fix
Updated SIEM tab Decoder VM Widget total disk calculation [cell E52]
Updated SIEM Formula Reference Warm / Cold Storage Requirement calculation [cell K41]
Version: 10.6.04.2017
Release Notes
Update
AWS [Amazon Web Services] selections added to ALL virtual machine calculation widgets
AWS [Amazon Web Services] SKUs added to Network and SIEM Bill of Materials widgets
Updated Help Tab to include updates to all virtual machine calculation widgets
Implemented new Scenario Planner version number structure
Version number structure = A.B.C.D
A = Major version
B = Minor version
C = MM [Month]
D = YYYY [Year]
Version: 10.6.0120
Release Notes
Update
Added Meta Data Ratio dropdown selection to SIEM INPUT and Metered SIEM INPUT fields
Updated Help Tab to include new SIEM Input Meta Data Ratio dropdown selection
Added additional values to the VM Formula QE Benchmark Lookup Table
VM Lookup table now includes QE tested specifications for
50, 100, 250, 500, 1,000, and 1,500 Mbps [Network]
2,500, 5,000, 7,500, 10,000, and 15,000 EPS [SIEM]
Bug Fix
Update SIEM Formula Reference Approximate Widget total event size calculation [cell D146]
Version: 10.6.1017
Release Notes
Update

Updated VM Formula Reference
Complete update of the Virtual Machine Lookup Table
QE Performance benchmark testing now includes Read IOPS and Write IOPS
Updated Network Virtual Machine Widgets to include Read IOPS and Write IOPS
Updated SIEM Virtual Machine Widgets to include Read IOPS and Write IOPS
Bug Fix
Updated Network BOM Widget, SIEM BOM Widget, and Metered Widgets to correctly calculate Through
Throughput SKU Count calculations are now performed utilizing the ROUNDUP function
Version: 10.6.0916
Release Notes
Update
Changed SIEM and Metered SIEM PacketDB labels to RawDB
Changed Metered "Quantity of Sites" dropdown list default value from one to zero
Changed SIEM Input Event Rate maximum permissible value from 250,000 to 1,000,000
Bug Fix
Updated Network BOM Widget to correctly calculate requirements for additional SAN racks based on Dec
Updated Metered Network calculations
Updated Metered SIEM calculations
Updated Total Metered Network existing customer data input, permitting value(s) of zero
Updated Total Metered SIEM existing customer data input, permitting value of zero
Network Formula Reference

Bill of Materials Calculations
Updated SAN Rack calculation [cell P175], IF statement now references PDecoder_Storage_Type=SAN O
Version: 10.6.0726
Release Notes
Update
Updated Appliance Reference specifications
Updated Series 5 Core specifications
Updated Series 5 ESA specifications
Updated Series 5 Hybrid specifications
Updated Log Hybrid - Maximum Supported Average Event Rate to 20,000 EPS
Bug Fix
Updated SIEM Hybrid Appliance capacity calculations to correctly calculate HYBRID + DAC selection
Updated SIEM Archiver Appliance capacity calculations to correctly calculate available capacity

Updated Network Packet Hybrid capacity calculations IF Statement logic to maintain consistancy with SIE
Updated Bill of Materials Concentrator 12TB DAC SKU for Appliance based model selection for both Ne
SIEM Formula Reference

Log Hybrid Quantity and Storage
Updated User Input :: Log Hybrid + DAC Selected [cell K114], removed double quotes from TRUE FALS
Updated Log Hybrid Storage Type Widget Label [cell K116], removed double quotes from TRUE FALSE
Updated Log Hybrid Storage Type Widget Label [cell K116], IF statement now references LHybrid_DAC
Updated PacketDB Capacity in TB for Selected Option [cell K117], removed double quotes from IF condi
Updated PacketDB Capacity in TB for Selected Option [cell K117], IF statement now references LHybrid_
Updated MetaDB Capacity in TB for Selected Option [cell K118], removed double quotes from IF conditi
Updated MetaDB Capacity in TB for Selected Option [cell K118], IF statement now references LHybrid_D
Archiver Storage
Updated Total Storage Available in TB Based on DAC or SAN Shelf Count + Override [cell K106] to corr
Updated Concentrator 12TB DAC SKU for Appliance based model to SA-HPD12H1

Packet Hybrid Quantity and Storage
Updated User Input :: Hybrid + DAC Selected [cell K72], removed double quotes from TRUE FALSE retu
Updated Packet Hybrid Storage Type Widget Label [cell K74], removed double quotes from TRUE FALS
Updated Packet Hybrid Storage Type Widget Label [cell K74], IF statement now references PHybrid_DAC
Updated PacketDB Capacity in TB for Selected Option [cell K75], removed double quotes from IF conditi
Updated PacketDB Capacity in TB for Selected Option [cell K75], IF statement now references PHybrid_D
Updated MetaDB Capacity in TB for Selected Option [cell K76], removed double quotes from IF conditio
Updated MetaDB Capacity in TB for Selected Option [cell K76], IF statement now references PHybrid_D
Update Concentrator 12TB DAC SKU for Appliance based model to SA-HPD12H1
Version: 10.6.0628
Release Notes
Update
Updated SIEM calculation(s) maximum supported Event Rates [EPS] per device
This | NETWITNESS SCENARIO PLANNER has a single entry input for SIEM Event Rate [EPS], un
Event Rate is, input the value equal to the "AVERAGE aggregate log event rate for a typical busy day"
Bug Fix
Updated SIEM Archiver Virtual Machine disk allocation calculations
Updated warning and advisory widget banner conditional logic
Updated SIEM BOM calculations for throughput model correcting blank SKU values presenting when low

Global Formula Reference
Network & SIEM
Changed Log Decoder - Maximum Supported Average Event Rate [cell K32] from 20,000 to 30,000
Changed Log Concentrator - Maximum Supported Average Event Rate [cell K33] from 20,000 to 30,000
Changed Archiver - Maximum Supported Average Event Rate [cell K34] from 20,000 to 30,000

Daily Usage Calculations
Long Term Calculations
Created Defined Name "ArchiverPacketDB_for_Period" for Long Term (Compressed) Raw Retention
Created Defined Name "ArchiverMetaDB_for_Period" for Long Term (Compressed) Meta Retention fo
Metrics Relevant to Metered Offerings
Modified SIEM Throughput for Raw Logs for 24 Hours in GB [cell K158] calculation. Added ROUND
Modified SIEM Perpetual SKU [cell K161] nested IF statement. Corrected an erroneous cell reference
VM Formula Reference
SIEM Virtual Machine Calculations
Archiver Virtual Machine Total DB Sizing
Modified PacketDB in TB [cell K214] to equal defined name value "ArchiverPacketDB_for_Period"
Modified MetaDB in TB [cell K215] to equal defined name value "ArchiverMetaDB_for_Period"
Modified IndexDB in TB [cell K216] to equal defined name value "ArchiverMetaDB_for_Period x 0.0
Archiver Virtual Machine DB Sizing Per VM
Modified PacketDB in TB [cell K230] to equal calculation of "ArchiverPacketDB_for_Period ÷ Archi
Modified MetaDB in TB [cell K231] to equal calculation of "ArchiverMetaDB_for_Period ÷ Archive
Modified IndexDB in TB [cell K232] to equal calculation of "(ArchiverMetaDB_for_Period x 0.05) ÷
Version: 10.6.0624
Release Notes
Packaging
Inclusion of a "Change Log"
Consistent and easily identifiable versioning
"Send Us Feedback" email hyperlink included on all primary user input calculation pages
Enhancements
Added display of "Per Day" and "Per Period" breakdown of the Index, Packet, and Meta databases for both
Added Manual Override for Decoder, Concentrator, Archiver, and Hybrid appliances
Added retention by user selected storage options

Added dynamically updated display of the PacketDB and Days of retention available based on the user sel
Added maximum supported Line Rate and Event Rate throughput per service (Global Formula Reference)
Added maximum supported DACs and UltraDACs (Global Formula Reference)
Added an "Approximate" network utilization helper widget (Network Tab)
Added equivalent sustained line rate metric for network monitoring sizing
Added Decoder to Concentrator required bandwidth metric to both network monitoring and SIEM sizing
Added Concentrator to ESA required bandwidth metric to both network monitoring and SIEM sizing
Added Hybrid to ESA required bandwidth metric to both network monitoring and SIEM sizing
Added Appliance hardware specifications
Added SKUs Reference
Added a Bill of Materials builder which includes the Appliance Based Model and the Throughput Based M
Added an basic "Approximate" Event Rate and Event Size helper widget (SIEM Tab)
Added a comprehensive "Approximate" Event Rate and Event Size helper (SIEM Devices Tab)
Added software virtual machine sizing for both Network and SIEM scoping providing vCPUs, vRAM, and
Added software virtual machine sizing minimum required IOPS per Decoder, Concentrator, and Archiver
Added software virtual machine maximum supported Line Rates and Event Rates (Global Formula Refere
Added software virtual machine Manual Override for Decoder, Concentrator, and Archiver VMs
Bug Fix
Consistent use of decimal and thousands separator
Version: 10.6.0624
Updated Archiver Virtual Machine DB Sizing Per VM PacketDB calculation [cell K230] to include compr
Updated Archiver Virtual Machine DB Sizing Per VM MetaDB calculation [cell K231] to include compre
Version: 10.6.0617
Full Distribution
Minor Modifications
Minor modifications made to enable full distribution to both RSA and Channel Partners
Version: 10.6.0616
Network Tab
Send Us Feedback
Updated "Send Us Feedback" eMail hyperlink to include current version number in the eMail subject
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when Network tab is password protecte
SIEM Tab

Send Us Feedback
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when SIEM tab is password protected
Metered Tab
Send Us Feedback
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when Metered tab is password protected
Version: 10.6.0606
Virtual Machine QE Performance Benchmarks
Added Security Analytics Server, Broker, Event Stream Analytics Server, and Malware Analysis section w
Assigned Defined Names to Security Analytics Server, Broker, Event Stream Analytics Server, and Malwa
Network Monitoring Virtual Machine Calculations
Removed Security Analytics Server, Broker, Event Stream Analytics Server, and Malware Analysis calcul
Removed Security Analytics Server, Broker, and Event Stream Analytics Server calculated values section
Network Devices Tab

Other VMs
Updated SA vCPUs [cell O45] value to Defined Name VM_SAServer_vCPUs
Updated SA vRAM [cell Q45] value to Defined Name VM_SAServer_vRAM
Updated SA Disk [cell R45] value to Defined Name VM_SAServer_DiskTB
Updated Broker vCPUs [cell O46] value to Defined Name VM_Broker_vCPUs
Updated Broker vRAM [cell Q46] value to Defined Name VM_Broker_vRAM
Updated Broker Disk [cell R46] value to Defined Name VM_Broker_DiskTB
Updated ESA vCPUs [cell O47] value to Defined Name VM_ESA_vCPUs
Updated ESA vRAM [cell Q47] value to Defined Name VM_ESA_vRAM
Updated ESA Disk [cell R47] value to Defined Name VM_ESA_DiskTB
Updated MA vCPUs [cell O48] value to Defined Name VM_MA_vCPUs
Updated MA vRAM [cell Q48] value to Defined Name VM_MA_vRAM
Updated MA Disk [cell R48] value to Defined Name VM_MA_DiskTB
SIEM Devices Tab

Other VMs
Updated SA vCPUs [cell U45] value to Defined Name VM_SAServer_vCPUs
Updated SA vRAM [cell W45] value to Defined Name VM_SAServer_vRAM
Updated SA Disk [cell X45] value to Defined Name VM_SAServer_DiskTB

Updated Broker vCPUs [cell U46] value to Defined Name VM_Broker_vCPUs
Updated Broker vRAM [cell W46] value to Defined Name VM_Broker_vRAM
Updated Broker Disk [cell X46] value to Defined Name VM_Broker_DiskTB
Updated ESA vCPUs [cell U47] value to Defined Name VM_ESA_vCPUs
Updated ESA vRAM [cell W47] value to Defined Name VM_ESA_vRAM
Updated ESA Disk [cell X47] value to Defined Name VM_ESA_DiskTB
Version: 10.6.0603
Updated Log Concentrator vRAM value [cell E15] based on test results of performance under query loads
Updated Log Concentrator vRAM value [cell E16] based on test results of performance under query loads
Updated Packet Concentrator vRAM value [cell K15] based on test results of performance under query loa
Updated Packet Concentrator vRAM value [cell K16] based on test results of performance under query loa
SIEM Tab
Notice Widget
Updated wording of the notice text and included GlobalSubTitle variable into notice
Version: 10.6.0527
Approximate :: Event Rate and Event Size Calculations
Updated Event Size Total [cell D145] calculation to include IFERROR, eliminating the display of #DIV/0
SIEM Devices Tab

Approximate
Updated Event Size [cell G6] calculation to include IFERROR, eliminating the display of #DIV/0! When a
Version: 10.6.0526
Added Windows Active Directory Server calculation
Added Windows IIS and Exchange Server calculation
Updated Windows General Purpose Server calculation
Replaced Switch calculation with DNS and DHCP Servers calculation
Updated Router calculation to Routers and Switches
Updated all Device Class Event Rates and Event Sizes

SIEM Tab
Approximate Widget
Added Windows Active Directory Server input
Added Windows IIS / Exchange Server input
Updated Windows input to Windows General Purpose
Replaced Switch input with DNS and DHCP Servers input
Updated Router input to Routers and Switches
Help Tab
SIEM Approximate Widget
Updated SIEM Approximate Widget to mirror SIEM Tab Approximate Widget
Updated SIEM Approximate Widget Help Text
Version: 10.6.0523
Metered Formula Reference
Network Monitoring Calculations
Widget One Calculations
Added "Network Line Rate x Network Utilization % x Site Quantity" (cell K14) calculation
Widget Two Calculations
Widget Three Calculations
Widget One, Two, and Three Aggregate Calculations
Added "Aggregate Network Line Rate x Network Utilization % x Site Quantity" (cell K86) calculation
SIEM Monitoring Calculations
Added "Raw Retention for 24 Hours in GB/Day x Site Quantity" (cell K112) calculation
Added "Aggregate :: Raw Retention for 24 Hours in GB/Day x Site Quantity" (cell K182) calculation
Metered Tab
Network Monitoring Input Widget 1
Assigned Equivalent Sustained Line Rate (cell E24) value equal to 'Metered Formula Reference'!K14

Assigned Equivalent Sustained Line Rate (cell K24) value equal to 'Metered Formula Reference'!K39
Assigned Equivalent Sustained Line Rate (cell Q24) value equal to 'Metered Formula Reference'!K64
Total Metered Network Widget
Assigned Equivalent Sustained Line Rate (cell W24) value equal to 'Metered Formula Reference'!K86
SIEM Monitoring Input Widget 1
Assigned GB/Day (cell B43) value equal to 'Metered Formula Reference'!K112
Assigned GB/Day (cell H43) value equal to 'Metered Formula Reference'!K137
Assigned GB/Day (cell N43) value equal to 'Metered Formula Reference'!K162
Total Metered SIEM Widget
Assigned GB/Day (cell T43) value equal to 'Metered Formula Reference'!K182
Version: 10.6.0520
Deleted "Meta Retention [on Disk] for 24 Hours x Meta Reduction in TB" calculation
Deleted "Meta Retention [on Disk] for 24 Hours x Meta Reduction x Retention Period in TB" calculation
Reassigned "NetworkMetaDB_for_24H" Defined Name to cell K17 [Meta Retention for 24 Hours in TB]
Reassigned "NetworkMetaDB_for_Period" Defined Name to cell K18 [Meta Retention for 24 Hours x Ret

Global Dropdown Lists
Assigned Defined Name "NetworkUtilizationList" to cell range B85-B184
Created Metadata Ratio List with range of values from 1% to 20%
Assigned Defined Name "MetadataRatioList" to cell range E85-E104
Network Tab
Network Monitoring Input Widget
Assigned defined named list "NetworkUtilizationList" to Utilization dropdown box user input field
Assigned defined named list "MetadataRatioList" to Metadata Ratio dropdown box user input field
Enabled data validation error alert to Utilization dropdown user input field. Valid input range is 1% to 100
Enabled data validation error alert to Metadata Ratio dropdown user input field. Valid input range is 1% to
Enabled data validation error alert to Raw Retention dropdown user input field. Valid input range is 1 to 1
Enabled data validation error alert to Meta Retention dropdown user input field. Valid input range is 1 to 1
Hybrid Appliance Widget
Updated dynamic table Raw Days column formulas to use available Defined Names (cells Q35 - Q39)
Updated dynamic table Meta Days column formulas to use available Defined Names (cells R35 - R39)

Updated Index Retention for 24 Hours in TB x Site Quantity formula (cell K22) to use non-reduced meta c
Added "Aggregate Meta Retention for 24 Hours in TB x Site Quantity" calculation (cell K90)
Added "Aggregate Meta Retention for 24 Hours x Retention Period in Days x Site Quantity" calculation (c
Updated "Aggregate Raw Retention for 24 Hours in TB x Site Quantity" (cell K88) calculation to not inclu
Updated "Aggregate Malware Analysis Throughput for Raw Packets for 24 Hours in TB x Site Quantity" (
Updated "Aggregate Network Monitoring SKU Count" (cell K93) calculation to not include existing licens
Added "Aggregate Network Monitoring SKU Count + Existing Licensed Network Monitoring" (cell K94)
Updated "Network Monitoring Subscription SKU" (cell K95) calculation to lookup SKU based on value in
Updated "Network Monitoring Perpetual SKU" (cell K96) calculation to lookup SKU based on value in ce
Added "Aggregate Malware Analysis SKU Count + Existing Licensed Malware Analysis" (cell K98) calcu
Updated "Malware Analysis Subscription SKU" (cell K99) calculation to lookup SKU based on value in c
Updated "Malware Analysis Perpetual SKU" (cell K99) calculation to lookup SKU based on value in cell K
Updated "SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Quantity]" (cell K184) calcu
Added "SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Quantity] + Existing Licensed
Updated "SIEM SKU Count (per50GB)" (cell K186) calculation to not include existing licensed SIEM
Updated "SIEM Subscription SKU" (cell K187) calculation to lookup SKU based on value in cell K185
Updated "SIEM Perpetual SKU" (cell K188) calculation to lookup SKU based on value in cell K185
Metered Tab

Assigned MetaDB Per Day (cell C22) value equal to 'Metered Formula Reference'!K20 (Non On Disk Red
Assigned MetaDB Per Period (cell F22) value equal to 'Metered Formula Reference'!K21 (Non On Disk R
Assigned MetaDB Per Day (cell I22) value equal to 'Metered Formula Reference'!K45 (Non On Disk Redu
Assigned MetaDB Per Period (cell L22) value equal to 'Metered Formula Reference'!K46 (Non On Disk R
Assigned MetaDB Per Day (cell O22) value equal to 'Metered Formula Reference'!K70 (Non On Disk Red
Assigned MetaDB Per Period (cell R22) value equal to 'Metered Formula Reference'!K71 (Non On Disk R
Enabled data validation error alert to Licensed Network Monitoring user input field (cell W11). Valid inpu
Enabled data validation error alert to Licensed Malware Analysis user input field (cell W13). Valid input r
Enabled data validation error alert to Licensed SIEM Monitoring user input field (cell W33). Valid input r
Version: 10.6.0519
Network Tab
Bill of Materials Widget
Added conditional formatting for Appliance -> Software selection "Invalid Configuration" result now disp
SIEM Tab
Added conditional formatting for Appliance -> Software selection "Invalid Configuration" result now disp
Version: 10.6.0518

Changed Throughput Based Model SAN hardware SKUs for both Decoder SAN and Concentrator SAN
From
SA-VNX2HD-SM-P
SA-VNX2HD-MD-P
SA-VNX2HD-LG-P
Updated nested IF statement in cell P175

Logic now correctly adds total required emulex cards IF Decoder SAN OR Concentrator SAN is select

Changed Throughput Based Model SAN hardware SKUs for Decoder SAN, Concentrator SAN, and Archi
From
SA-VNX2HD-SM-P
SA-VNX2HD-MD-P
SA-VNX2HD-LG-P
Help Tab
Help Tab
Initial entry of the help text associated with each displayed widget
Version: 10.6.0517
Network Tab
Changed Appliance -> Software selection combination to read "Invalid Configuration"
Unlocked BOM cells to allow for copy
SIEM Tab
Changed Appliance -> Software selection combination to read "Invalid Configuration"
Unlocked BOM cells to allow for copy
Metered Tab
Unlocked "Licensed Network Monitoring" user input field - cell W11
Unlocked "Licensed Malware Analysis" user input field - cell W13

Unlocked "Licensed SIEM Monitoring" user input field - cell W33
Version: 10.6.0516
SKU Reference
SKU Reference
SKU Reference updated from May 2016 price list
End

PLANNER Change Log
Last Update: April 1, 2021
PowerVaults no longer available
alculations to NOT include compression

chine IndexDB calculations
tions based on compression enabled whether user selected or not

etwork and SIEM Bill of Materials widgets when compression is selected and hardware is selected
clude compression selection
eta disk kit dropdown selection

pression dropdown selection
own selection
lder to include Meta Only License
tor dropdown selection(s)

trator dropdown selection(s)
aterials builder
ith 76TB Powervault SKU
96 TB SED PV, 144 TB PV, 32 TB DAC, and 46 TB DAC
age" RSA Wiki post June 22, 2020
78 TB SED PV, 113 TB PV, 33 TB DAC
age" RSA Wiki post June 22, 2020
data Ratio List
brid to SIEM Hybrid selections
tor, and Archiver days retention calculations

ity of DAC or SAN Shelves Required Based on Line Rate, Utilization Rate, DAC/PV Limit, or Manual Override
brid capacity selections [removed DACS and added Powervaults]

pliance" Tab
and SIEM Bill of Materials results from S5 to S6

city based on new metrics from engineering
ased on new metrics from engineering
work and SIEM
gle DAC selection to 'S5 + DAC'

e 72TB Powervault. Selection is 'S5 + 1*72TB PV'
AC - no Powervault]. Selection is 'S6'
TB Powervaults. Selection is 'S6 + 2*72TB PV'
Network and SIEM Bill of Materials
a Single ESA for both Network and SIEM
to Add Additional ESAs Based on Maximum Supported Rates for both Network and SIEM
werVault selection to network and log decoder, and archiver capacity dropdown selections
werVault selection to network and log concentrator capacity dropdown selections
f Materials widget
to SIEM Bill of Materials widget
n to SIEM "Other" VM widget
nal documentation
ess logic to correctly add a Broker based on SIEM tab selections

ine conditional logic
own selections for both Network and SIEM for Powervault capacity
y utilize Powervault capacity
ctly utilize Powervault capacity

nario Planner is NOT the definitive source of SKUs
and SIEM capacity selections, associated retention calculations updated, and updated Bill of Materials widgets
put' calculation to the bottom of the Network Input Widget

o include 'Event Utilization'
ons to include 'Event Utilization'
gets Dropdown Selections
EM capacity selections, associated retention calculations updated, and updated Bill of Materials widgets
oth log and packet Concentrator dropdown
rmula QE Benchmark Lookup Tables for AWS

des QE tested specifications for

es REDUCED from 66 to 60
et total disk calculation [cell E52]

rm / Cold Storage Requirement calculation [cell K41]
ns added to ALL virtual machine calculation widgets

added to Network and SIEM Bill of Materials widgets
s to all virtual machine calculation widgets
rsion number structure
ection to SIEM INPUT and Metered SIEM INPUT fields

M Input Meta Data Ratio dropdown selection
rmula QE Benchmark Lookup Table
E tested specifications for
Mbps [Network]
,000 EPS [SIEM]
roximate Widget total event size calculation [cell D146]

chine Lookup Table
g now includes Read IOPS and Write IOPS
dgets to include Read IOPS and Write IOPS
ets to include Read IOPS and Write IOPS
M BOM Widget, and Metered Widgets to correctly calculate Throughput SKU Count Quantities
ns are now performed utilizing the ROUNDUP function
cketDB labels to RawDB

dropdown list default value from one to zero
mum permissible value from 250,000 to 1,000,000
rectly calculate requirements for additional SAN racks based on Decoder SAN and Concentrator SAN aggregate shelf count
ng customer data input, permitting value(s) of zero

customer data input, permitting value of zero
175], IF statement now references PDecoder_Storage_Type=SAN OR PConcentrator_Storage_Type=SAN
ported Average Event Rate to 20,000 EPS
city calculations to correctly calculate HYBRID + DAC selection

pacity calculations to correctly calculate available capacity

city calculations IF Statement logic to maintain consistancy with SIEM Log Hybrid IF Statement logic
r 12TB DAC SKU for Appliance based model selection for both Network and SIEM
AC Selected [cell K114], removed double quotes from TRUE FALSE returned values
dget Label [cell K116], removed double quotes from TRUE FALSE returned values
dget Label [cell K116], IF statement now references LHybrid_DAC_Selected Defined Named
Selected Option [cell K117], removed double quotes from IF condition statement
Selected Option [cell K117], IF statement now references LHybrid_DAC_Selected Defined Named
Selected Option [cell K118], IF statement now references LHybrid_DAC_Selected Defined Named
B Based on DAC or SAN Shelf Count + Override [cell K106] to correctly calculate available capacity
U for Appliance based model to SA-HPD12H1
Selected [cell K72], removed double quotes from TRUE FALSE returned values
Widget Label [cell K74], removed double quotes from TRUE FALSE returned values
Widget Label [cell K74], IF statement now references PHybrid_DAC_Selected Defined Named
Selected Option [cell K75], IF statement now references PHybrid_DAC_Selected Defined Named
Selected Option [cell K76], IF statement now references PHybrid_DAC_Selected Defined Named
for Appliance based model to SA-HPD12H1
m supported Event Rates [EPS] per device

PLANNER has a single entry input for SIEM Event Rate [EPS], unlike previous versions which had two entries. The guidance
to the "AVERAGE aggregate log event rate for a typical busy day"
ine disk allocation calculations

banner conditional logic
hroughput model correcting blank SKU values presenting when low Event Rates are input

pported Average Event Rate [cell K32] from 20,000 to 30,000
m Supported Average Event Rate [cell K33] from 20,000 to 30,000
ted Average Event Rate [cell K34] from 20,000 to 30,000
acketDB_for_Period" for Long Term (Compressed) Raw Retention for 24 Hours in TB x Retention Period in Days value [cell K3
MetaDB_for_Period" for Long Term (Compressed) Meta Retention for 24 Hours in TB x Retention Period in Days value [cell K3
w Logs for 24 Hours in GB [cell K158] calculation. Added ROUNDUP function so result is a whole number integer
ll K161] nested IF statement. Corrected an erroneous cell reference affecting lookup values below 250 GB
14] to equal defined name value "ArchiverPacketDB_for_Period"

5] to equal defined name value "ArchiverMetaDB_for_Period"
6] to equal defined name value "ArchiverMetaDB_for_Period x 0.05"
30] to equal calculation of "ArchiverPacketDB_for_Period ÷ Archiver_VM_Count"

1] to equal calculation of "ArchiverMetaDB_for_Period ÷ Archiver_VM_Count"
2] to equal calculation of "(ArchiverMetaDB_for_Period x 0.05) ÷ Archiver_VM_Count"
ncluded on all primary user input calculation pages
Period" breakdown of the Index, Packet, and Meta databases for both Network and SIEM sizing
Concentrator, Archiver, and Hybrid appliances

the PacketDB and Days of retention available based on the user selected storage
and Event Rate throughput per service (Global Formula Reference)
d UltraDACs (Global Formula Reference)
zation helper widget (Network Tab)
etric for network monitoring sizing
ed bandwidth metric to both network monitoring and SIEM sizing
bandwidth metric to both network monitoring and SIEM sizing
idth metric to both network monitoring and SIEM sizing
h includes the Appliance Based Model and the Throughput Based Models
Rate and Event Size helper widget (SIEM Tab)
" Event Rate and Event Size helper (SIEM Devices Tab)
for both Network and SIEM scoping providing vCPUs, vRAM, and disk allocation sizing
minimum required IOPS per Decoder, Concentrator, and Archiver virtual machines
mum supported Line Rates and Event Rates (Global Formula Reference)
al Override for Decoder, Concentrator, and Archiver VMs
ds separator
B Sizing Per VM PacketDB calculation [cell K230] to include compression

B Sizing Per VM MetaDB calculation [cell K231] to include compression
ull distribution to both RSA and Channel Partners
yperlink to include current version number in the eMail subject

hyperlink cell to enable link when Network tab is password protected

hyperlink cell to enable link when SIEM tab is password protected

hyperlink cell to enable link when Metered tab is password protected
ker, Event Stream Analytics Server, and Malware Analysis section with values based on QE testing
Analytics Server, Broker, Event Stream Analytics Server, and Malware Analysis values
Calculations
roker, Event Stream Analytics Server, and Malware Analysis calculated values section
roker, and Event Stream Analytics Server calculated values section
o Defined Name VM_SAServer_vCPUs

o Defined Name VM_SAServer_vRAM
Defined Name VM_SAServer_DiskTB
ue to Defined Name VM_Broker_vCPUs
ue to Defined Name VM_Broker_vRAM
to Defined Name VM_Broker_DiskTB
to Defined Name VM_ESA_vCPUs
to Defined Name VM_ESA_vRAM
Defined Name VM_ESA_DiskTB
to Defined Name VM_MA_vCPUs
o Defined Name VM_MA_vRAM
Defined Name VM_MA_DiskTB
o Defined Name VM_SAServer_vCPUs

o Defined Name VM_SAServer_vRAM
Defined Name VM_SAServer_DiskTB

ue to Defined Name VM_Broker_vCPUs
ue to Defined Name VM_Broker_vRAM
to Defined Name VM_Broker_DiskTB
to Defined Name VM_ESA_vCPUs
to Defined Name VM_ESA_vRAM
Defined Name VM_ESA_DiskTB
ue [cell E15] based on test results of performance under query loads

ue [cell E16] based on test results of performance under query loads
alue [cell K15] based on test results of performance under query loads
alue [cell K16] based on test results of performance under query loads
d included GlobalSubTitle variable into notice
Size Calculations
calculation to include IFERROR, eliminating the display of #DIV/0! When all input fields are zero
on to include IFERROR, eliminating the display of #DIV/0! When all input fields are zero
Size Calculations
ver calculation
rver calculation
erver calculation
S and DHCP Servers calculation
and Switches
and Event Sizes

General Purpose
DHCP Servers input
o mirror SIEM Tab Approximate Widget
Utilization % x Site Quantity" (cell K14) calculation

te Calculations
x Network Utilization % x Site Quantity" (cell K86) calculation
n GB/Day x Site Quantity" (cell K112) calculation

te Calculations
r 24 Hours in GB/Day x Site Quantity" (cell K182) calculation
ate (cell E24) value equal to 'Metered Formula Reference'!K14

ate (cell K24) value equal to 'Metered Formula Reference'!K39
ate (cell Q24) value equal to 'Metered Formula Reference'!K64
ate (cell W24) value equal to 'Metered Formula Reference'!K86
ual to 'Metered Formula Reference'!K112
24 Hours x Meta Reduction in TB" calculation

24 Hours x Meta Reduction x Retention Period in TB" calculation
H" Defined Name to cell K17 [Meta Retention for 24 Hours in TB]
riod" Defined Name to cell K18 [Meta Retention for 24 Hours x Retention Period in Days]
izationList" to cell range B85-B184

e of values from 1% to 20%
ioList" to cell range E85-E104
UtilizationList" to Utilization dropdown box user input field

aRatioList" to Metadata Ratio dropdown box user input field
Utilization dropdown user input field. Valid input range is 1% to 100%
Metadata Ratio dropdown user input field. Valid input range is 1% to 20%
aw Retention dropdown user input field. Valid input range is 1 to 1,095. (3 years)
Meta Retention dropdown user input field. Valid input range is 1 to 1,095. (3 years)
umn formulas to use available Defined Names (cells Q35 - Q39)

umn formulas to use available Defined Names (cells R35 - R39)

in TB x Site Quantity formula (cell K22) to use non-reduced meta calculation of K20*IndexRatio


te Calculations
24 Hours in TB x Site Quantity" calculation (cell K90)
24 Hours x Retention Period in Days x Site Quantity" calculation (cell K91)
r 24 Hours in TB x Site Quantity" (cell K88) calculation to not include existing licensed network monitoring
s Throughput for Raw Packets for 24 Hours in TB x Site Quantity" (cell K87) calculation to not include existing licensed MA
ing SKU Count" (cell K93) calculation to not include existing licensed network monitoring
g SKU Count + Existing Licensed Network Monitoring" (cell K94) calculation
iption SKU" (cell K95) calculation to lookup SKU based on value in cell K94
ual SKU" (cell K96) calculation to lookup SKU based on value in cell K94
SKU Count + Existing Licensed Malware Analysis" (cell K98) calculation
ion SKU" (cell K99) calculation to lookup SKU based on value in cell K98
SKU" (cell K99) calculation to lookup SKU based on value in cell K98
te Calculations
Logs for 24 Hours in GB [Includes Site Quantity]" (cell K184) calculation to not include existing licensed SIEM
gs for 24 Hours in GB [Includes Site Quantity] + Existing Licensed SIEM" (cell K185) calculation
B)" (cell K186) calculation to not include existing licensed SIEM
ell K187) calculation to lookup SKU based on value in cell K185
K188) calculation to lookup SKU based on value in cell K185


value equal to 'Metered Formula Reference'!K20 (Non On Disk Reduced value)
2) value equal to 'Metered Formula Reference'!K21 (Non On Disk Reduced value)


icensed Network Monitoring user input field (cell W11). Valid input range is 1 to 999
icensed Malware Analysis user input field (cell W13). Valid input range is 1 to 999
icensed SIEM Monitoring user input field (cell W33). Valid input range is 1 to 9,999
iance -> Software selection "Invalid Configuration" result now displays in red text
iance -> Software selection "Invalid Configuration" result now displays in red text

AN hardware SKUs for both Decoder SAN and Concentrator SAN
To
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
ired emulex cards IF Decoder SAN OR Concentrator SAN is selected
AN hardware SKUs for Decoder SAN, Concentrator SAN, and Archiver SAN
To
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
with each displayed widget
ion combination to read "Invalid Configuration"
ion combination to read "Invalid Configuration"
ing" user input field - cell W11

s" user input field - cell W13

" user input field - cell W33
16 price list

gate shelf count

ries. The guidance for the SIEM

Days value [cell K35]
Days value [cell K37]

ing licensed MA

Appliance Reference
Series 6 Core
NW Server, Decoder, Concentrator, Broker, Archiver,
Description Specification
Model Dell PowerEdge R640
Processor Intel Xeon Gold 6134
Processor Speed 3.2 Ghz
Processor Cache 24.75 MB
Processor # of Cores 8
Processor # of Processors 2
Processor # of Threads 16
Total Memory 128 GB
Internal Disk Controller Type Dell PERC H740P
External Disk Controller Type Dell PERC H840
SAN Connectivity (HBA) - OptionaEmulex 2x16Gb Fiber
Remote Management Card iDRAC8 Enterprise
Total – 4 Drives
Series 6 Drives 2 X 1TB, NL-SAS 7.2K
2 X 2TB, NL-SAS 7.2K
Total – 4 Drives
Series 6E Drives 2 X 1.2TB, SAS 10K SED
2 X 2.4TB, SAS 10K SED
Chassis 1U
Weight 21.9 kg (48.28 lbs)
Intel X710
Dual Port 10 Gigabit
NIC Card
DA/SFP+
Dual Port I350 1 Gigabit

H: 4.28 cm (1.68 in.)
Dimensions W: 48.20 cm (18.97 in.)
D: 79.47 cm (31.29 in.)
Power 1100W
Redundant
BTU/hr 4,100 BTU/hr (Maximum)
Series 5 Core
NW Server, Decoder, Concentrator, Broker, Archiver,
Model Dell PowerEdge R630xl
Processor Intel Xeon E5 -2667v3
Processor Cache 20 MB
Total Memory 128 GB
Internal Disk Controller Type Dell PERC H730
SAN Connectivity (HBA) - OptionaEmulex 2X8Gb Fiber
Total – 6 Drives
Drives 2 X 1TB, 2.5” HDD
4 X 2TB, 2.5” HDD
Chassis 1U

On Board
NIC Card 2 X 10 Gb Copper
2 X 10 Gb & 2 X 1Gb Copper
* Other Options Available
H: 4.28 cm (1.68 in.)

D: 75.51 cm (29.72 in.)
Power 1100W
Redundant

RSA | NETWIT
Series 6 ESA/Analytics
Event Stream Analysis, UEBA
Total Memory 256 GB
SAN Connectivity (HBA) N/A
Total – 6 Drives
Series 6 Drives 2 X 1TB, NL-SAS 7.2K
4 X 2TB, SAS 10K
Total – 6 Drives
Series 6E Drives 2 X 1.2TB, SAS 10K SED
Chassis 1U
Intel X710
NIC Card
DA/SFP+

H: 4.28 cm (1.68 in.)
D: 79.47 cm (31.29 in.)
Power 1100W
Redundant
Series 5 ESA
Event Stream Analysis
Model Dell PowerEdge R630xl
Total Memory 256 GB
Total – 6 Drives
Drives 2 X 1TB, 2.5” HDD
4 X 2TB, 2.5” HDD
Chassis 1U

On Board
H: 4.28 cm (1.68 in.)

D: 75.51 cm (29.72 in.)
Power 1100W
Redundant

RSA | NETWITNESS SCENARIO PLANNER v11.5.4.2021
Series 6 Hybrid
Network Hybrid, Log Hybrid, Endpoint Log Hybrid
Total Memory 128 GB
SAN Connectivity (HBA) Emulex 2x16Gb Fiber
Total – 14 Drives
2 X 1.6TB, SSD
Series 6 Drives
Total – 14 Drives
Series 6E Drives 2 X 1.92TB, SSD SED
10 X 8TB, NL-SAS 7.2K SED
Chassis 2U
Intel X710
NIC Card
DA/SFP+

H: 8.68 cm (3.42 in.)
D: 73.75 cm (29.04 in.)
Power 1100W
Redundant
Series 5 Hybrid
Network Hybrid, Log Hybrid
Model Dell PowerEdge R730xd
Total Memory 128 GB
Total – 14 Drives
2 X 800GB, 2.5" SSD
Drives
4 X 1TB, 3.5” HDD
8 X 6TB, 3.5” HDD
Chassis 2U

On Board
H: 8.73 cm (3.44 in.)

D: 68.40 cm (26.92 in.)
Power 1100W
Redundant

Global Variables
Workbook
Header Values
Global Workbook Header Title
Global Workbook Header SubTitle
Global Workbook Navigation Bar Title
Footer Values
Global Workbook Footer Version
Global Workbook Footer Hyperlink Text
Network & SIEM

Description
Log Concentrator Metadata Ratio
Raw Log Compression Ratio
Log Meta Compression Ratio
Meta On Disk Reduction
Index Ratio
SessionDB Size Per Entry (bytes)
Description
Network Decoder - Maximum Supported Line Rate
Network Concentrator - Maximum Supported Line Rate
Network Decoder - Maximum Supported Sustained Rate
Network Concentrator - Maximum Supported Sustained Rate
Network Concentrator - Metadata Compression Ratio [x:1]
Network Hybrid - Maximum Supported Line Rate
Description

Log Decoder - Maximum Supported Average Event Rate
Log Decoder - Raw Logs Compression Ratio [x:1]
Log Concentrator - Maximum Supported Average Event Rate
Log Concentrator - Metadata Compression Ratio [x:1]
Archiver - Maximum Supported Average Event Rate
Log Hybrid - Maximum Supported Average Event Rate
Log Retention Hybrid - Maximum Supported Average Event Rate
Description
Endpoint - Advanced Agent Events Per Second [EPS] Rate
Endpoint - Advanced Agent + Enhanced Network Visibility [ENV] Agent E
Endpoint - Agent Scan Events Per Second [EPS] Rate
Endpoint - Agent File Collection Events Per Second [EPS] Rate
Endpoint - Agent Windows Logs Collection Events Per Second [EPS] Rate
Endpoint - Only Scan and Tracking Events Maximum Agents
Endpoint - Only Windows Log Collection Maximum Agents
Endpoint - Only File Collection Maximum Agents
Endpoint - Scan and Tracking Events + Windows Log Collection Maximum
Endpoint - Scan and Tracking Events + Windows Logs + File Collection M
Description
Decoder - Maximum Supported DACs
Concentrator - Maximum Supported DACs
Archiver - Maximum Supported DACs
Hybrid - Maximum Supported DACs
Description
ESA - Maximum Supported EPS Rate
ESA - Maximum Supported Packet Line Rate
Description
Decoder - Maximum Supported UltraDACs
Archiver - Maximum Supported UltraDACs

Description
SAN - Maximum Supported Appliances per VNX Controller
SAN - Maximum Supported Appliances per Unity Controller
Description
Virtual Machine - Packet Decoder Supported Line Rate
Virtual Machine - Packet Concentrator Supported Line Rate
Virtual Machine - Log Decoder Supported EPS Rate
Virtual Machine - Virtual Log Collector Supported EPS Rate
Virtual Machine - Log Concentrator Supported EPS Rate
Virtual Machine - Archiver Supported EPS Rate
Global Dropdown Lists

Network & SIEM
Packet Decoder Log Decoder
PV-A PV-A
PV-B PV-B
96TB PV 96TB PV
96TB SED PV 96TB SED PV
144TB PV 144TB PV

Archiver
PV-A
PV-B
96TB PV
96TB SED PV
144TB PV
Network Utilization List Metadata Ratio List

1% 1%
2% 2%
3% 3%
4% 4%
5% 5%
6% 6%
7% 7%
8% 8%
9% 9%
10% 10%
11% 11%
12% 12%
13% 13%
14% 14%
15% 15%
16% 16%
17% 17%

18% 18%
19% 19%
20% 20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%
40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%

51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%
73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%

84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
100%

RSA | NETWIT
Value Defined Name

RSA GlobalTitle
| NETWITNESS SCENARIO PLANNER GlobalSubTitle
RSA | NETWITNESS SCENARIO PLANNER GlobalNavTitle
Value Defined Name

11.5.4.2021 GlobalVersionNumber
Send Us Feedback GlobalContactText
Value Defined Name

0% LConcentratorMetaRa
7 RawLogCompressRatio
3 LogMetaCompressRati
50% MetaDiskReduction
3% IndexRatio
34 SessionDB_Size_Per_E
Value Defined Name

ne Rate 10,000 DecoderMaxLineRate
ed Line Rate 10,000 ConcentratorMaxLine
stained Rate 8,000 DecoderMaxSustained
ed Sustained Rate 8,000 ConcentratorMaxSust
sion Ratio [x:1] 3 ConcentratorMetaCom
Rate 2,000 HybridMaxLineRate
Value Defined Name

e Event Rate 30,000 LDecoderMaxEventRa
[x:1] 8 LDecoderCompressRa
erage Event Rate 30,000 ConcentratorMaxEven
Ratio [x:1] 3 LConcentratorMetaCo
ent Rate 30,000 ArchiverMaxEventRat
Event Rate 20,000 HybridMaxEventRate
d Average Event Rate 10,000 LRHybridMaxEventRat
Value Defined Name

nd [EPS] Rate 0.3 EAdvAgentEPSRate
work Visibility [ENV] Agent Events Per Seco 0.4 EAdvENVAgentEPSRat
PS] Rate 0.7 EAgentScanEPSRate
Second [EPS] Rate 1.0 EAgentFileCollectEPSR
Events Per Second [EPS] Rate 1.0 EAgentWinLogEPSRate
aximum Agents 50,000 EOnlyEDRMaxAgents
ximum Agents 20,000 EOnlyWinLogMaxAgen
gents 20,000 EOnlyFileCollectMaxA
ows Log Collection Maximum Agents 15,000 EEDRWinLogMaxAgen
ows Logs + File Collection Maximum Agent 10,000 EEDRWinLogFileCollec
Value Defined Name

8 DecoderMaxDACs
8 ConcentratorMaxDAC
8 ArchiverMaxDACs
1
Value Defined Name

100,000 ESAMaxEPSRate
8,000 ESAMaxLineRate
Value Defined Name

1 DecoderMaxUltraDAC
1 ArchiverMaxUltraDAC

Value Defined Name
VNX Controller 4 SANMaxAppliances
Unity Controller 6 UnityMaxAppliances
Value Defined Name

d Line Rate 1,500 VM_PDecoder_Suppo
ported Line Rate 1,500 VM_PConcentrator_S
PS Rate 15,000 VM_LDecoder_Suppo
orted EPS Rate 15,000 VM_VLC_Supported_E
ed EPS Rate 15,000 VM_LConcentrator_Su
ate 15,000 VM_Archiver_Support
Packet Concentrator Log Concentrator Packet Hybrid

PV-C PV-C S6
PV-D PV-D S6 + 1x PV-A
76TB PV 76TB PV S6 + 1x PV-B
78TB SED PV 78TB SED PV S6 + 2x PV-B
113TB PV 113TB PV S6 + 1x 144TB PV
S6 + 1x 96TB PV
S6 + 2x 96TB PV

VM Type Packet Other VMs Log Other VMs
Vmware NetWitness Server NetWitness Server
AWS Broker Broker
Azure ESA+CH ESA+CH
UEBA UEBA
Malware VLC
Log Metadata Ratio List

100%
125%
150%
175%
200%
300%
400%

ned Name
balTitle
balSubTitle
balNavTitle
ned Name
alVersionNumber
alContactText
ned Name
ncentratorMetaRatio
LogCompressRatio
MetaCompressRatio
aDiskReduction
exRatio
ionDB_Size_Per_Entry
ned Name
oderMaxLineRate
centratorMaxLineRate
oderMaxSustainedLineRate
centratorMaxSustainedLineRate
centratorMetaCompressRatio
ridMaxLineRate
ned Name

coderMaxEventRate
coderCompressRatio
centratorMaxEventRate
ncentratorMetaCompressRatio
hiverMaxEventRate
ridMaxEventRate
ybridMaxEventRate
ned Name
vAgentEPSRate
vENVAgentEPSRate
entScanEPSRate
entFileCollectEPSRate
entWinLogEPSRate
lyEDRMaxAgents
lyWinLogMaxAgents
lyFileCollectMaxAgents
RWinLogMaxAgents
RWinLogFileCollectMaxAgents
ned Name
oderMaxDACs
centratorMaxDACs
hiverMaxDACs
ned Name
MaxEPSRate
MaxLineRate
ned Name
oderMaxUltraDACs
hiverMaxUltraDACs

ned Name
MaxAppliances
yMaxAppliances
ned Name
_PDecoder_Supported_Line_Rate
_PConcentrator_Supported_Line_Rate
_LDecoder_Supported_EPS_Rate
_VLC_Supported_EPS_Rate
_LConcentrator_Supported_EPS_Rate
_Archiver_Supported_EPS_Rate
ket Hybrid Log Hybrid

S6
1x PV-A S6 + 1x PV-A
1x PV-B S6 + 1x PV-B
2x PV-B S6 + 2x PV-B
1x 144TB PV S6 + 1x 144TB PV
1x 96TB PV S6 + 1x 96TB PV
2x 96TB PV S6 + 2x 96TB PV
S6 EL
S6 EL + 1x PV-A
S6 EL + 1x PV-B
S6 EL + 2x PV-B
S6 EL + 1x 144TB PV
S6 EL + 1x 96TB PV
S6 EL + 2x 96TB PV
S6 Retention Hybrid

Other VMs
Witness Server
ker
+CH
A

Capacity Reference
Packet Decoder, Log Decoder, & Archiver

SAN
Description Partition Size 95% in GB TB
VNX2 SAN - Shelf 44,022 41,821 40.84
VNX2 SAN - SM 44,022 41,821 40.84
VNX2 SAN - MD 44,022 41,821 40.84
VNX2 SAN - LG 44,022 41,821 40.84
Unity SAN 64,480 61,256 59.82
Unity SAN - Shelf 64,480 61,256 59.82
DAC
PV-A 87,530 83,154 81.20
PV-A 109,480 104,006 101.57
PV-B 43,795 41,605 40.63
PV-B 65,741 62,454 60.99
96TB PV 58,965 56,017 54.70
96TB PV 73,730 70,044 68.40
96TB SED PV 58,965 56,017 54.70
96TB SED PV 73,730 70,044 68.40
144TB PV 87,530 83,154 81.20
144TB PV 109,480 104,006 101.57
Series 5 Hybrid
Head Unit
SKU PacketDB Partition 95% in GB
SA-S5-HYBRID-P 17,408 16,538

SA-S5-HYBRID-L 17,408 16,538
SA-S5-HYBRID-EL 12,228 11,617
DACs
SA-HDDAC-46 37,253 35,390
SA-HDDAC-46 22,354 21,236
PowerVault(s) for Logs

NW-PVHD96-L 36,000 34,200
NW-PV-B 32,076 30,472
PowerVault(s) for Packets

NW-PVHD96-L 57,600 54,720
NW-PV-B 53,460 50,787
Series 6 Hybrid
Head Unit
SA-S6-HYBRID-N 21,600 20,520
SA-S6-HYBRID-L 21,600 20,520
SA-S6-HYBRID-LR 14,745 14,008
SA-S6-HYBRID-EL 16,384 15,565
PowerVault(s) for Logs

NW-PVHD96-L 36,000 34,200
NW-PVHD96-L 36,000 34,200
NW-PVHD144-L 53,460 50,787
NW-PV-A 53,460 50,787

NW-PV-B 32,076 30,472
PowerVault(s) for Packets

NW-PVHD96-L 57,600 54,720
NW-PVHD96-L 57,600 54,720
NW-PVHD144-L 96,228 91,417
NW-PV-A 96,228 91,417
NW-PV-B 53,460 50,787
Subscription Metered Offering

NETMON
SKU Description
SA-NETMON-S-T1 Tier 1, 1-10 TB/day NetM PerTB
SA-NETMON-S-T6 Tier 6, 501-1,000 TB/day NetM PerTB
SA-NETMON-S-T7 Tier 7, 1,001-1,500 TB/day NetM PerTB
SA-NETMON-S-T10 Tier 10, > 5,001 TB/day NetM PerTB
NETMON META ONLY

SKU Description
SA-NETMN-META-S-T1 Tier 1, 1-10 TB/day NetMon/TB-Meta Lic1Mo
SA-NETMN-META-S-T6 Tier 6, 501-1,000 TB/day NetMon/TB-Meta Lic1Mo

SA-NETMN-META-S-T7 Tier 7, 1,001-1,500 TB/day NetMon/TB-Meta Lic1M
SA-NETMN-META-S-T10 Tier 10, > 5,001 TB/day NetMon/TB-Meta Lic1Mo
SIEM
SKU Description
SA-SIEM-S-T1 Tier 1, 50-250GB/day SIEM Per50GB
SA-SIEM-S-T2 Tier 2, 251GB-1TB/day SIEM Per50GB
SA-SIEM-S-T3 Tier 3, 1-2TB/day SIEM Per50GB
SA-SIEM-S-T4 Tier 4, 2-5TB/day SIEM Per50GB
SA-SIEM-S-T5 Tier 5, >5TB/day SIEM Per50GB
Malware Analysis
SKU Description
SA-NETMW-S-T1 Tier 1, 1-10TB/day MA PerTB
SA-NETMW-S-T5 Tier 5, >250TB/day MA PerTB
UEBA
SKU Description
NW-UEBA-S-T1 Tier 1, UEBA 1,000-2,500 Users
NW-UEBA-S-T8 Tier 8, UEBA >500,000 Users

Perpetual Metered Offering
NETMON
SKU Description
SA-NETMON-P-T1 Tier 1, 1-10TB/day NetM PerTB
SA-NETMON-P-T5 Tier 5, >250TB/day NetM PerTB
SIEM
SKU Description
SA-SIEM-P-T1 Tier 1, 50-250GB/day SIEM Per50GB
SA-SIEM-P-T2 Tier 2, 251GB-1TB/day SIEM Per50GB
SA-SIEM-P-T3 Tier 3, 1-2TB/day SIEM Per50GB
SA-SIEM-P-T4 Tier 4, 2-5TB/day SIEM Per50GB
SA-SIEM-P-T5 Tier 5, >5TB/day SIEM Per50GB
Malware Analysis
SKU Description
SA-NETMW-P-T1 Tier 1, 1-10TB/day MA PerTB
SA-NETMW-P-T5 Tier 5, >250TB/day MA PerTB
UEBA
SKU Description
NW-UEBA-P-T1 Tier 1, UEBA 1,000-2,500 Users

NW-UEBA-P-T8 Tier 8, UEBA >500,000 Users

RSA | NETWIT
Concentrator SAN Configurati

SAN
Desciption Partition Size 95% in GB TB
VNX2 SAN - Shelf 21,504 20,429 19.95 Description
VNX2 SAN - SM 21,504 20,429 19.95 VNX2 SAN - SM
VNX2 SAN - MD 21,504 20,429 19.95 VNX2 SAN - MD
VNX2 SAN - LG 21,504 20,429 19.95 VNX2 SAN - LG
Unity SAN 41,950 39,853 38.92 Unity SAN
Unity SAN - Shelf 41,950 39,853 38.92
DAC
PV-C 43,795 41,605 40.63
PV-D 76,640 72,808 71.10
76TB PV 51,610 49,030 47.88
78TB SED PV 51,610 49,030 47.88
113TB PV 76,640 72,808 71.10
Head Unit
TB Available MetaDB Partition 95% in GB TB Available
16.15 10,138 9,631 9.41

16.15 15,872 15,078 14.73
11.34 18,432 17,510 17.10
DACs
34.56 7,455 7,082 6.92 SA-HDDAC-46 packet con
20.74 22,354 21,236 20.74 SA-HDDAC-46 log configu
rVault(s) for Logs

33.40 36,000 34,200 33.40 SA-PVHD96-L PV log confi
29.76 32,076 30,472 29.76
Vault(s) for Packets

53.44 14,400 13,680 13.36 SA-PVHD96-L PV packet c
49.60 10,692 10,157 9.92
Head Unit
20.04 21,600 20,520 20.04
20.04 21,600 20,520 20.04
13.68 44,235 42,023 41.04
15.20 24,576 23,347 22.80
rVault(s) for Logs

33.40 36,000 34,200 33.40 SA-PVHD96-L 1st PV log c
33.40 36,000 34,200 33.40 SA-PVHD96-L 2nd PV log
49.60 53,460 50,787 49.60 SA-PVHD144-L log config
49.60 53,460 50,787 49.60

29.76 32,076 30,472 29.76
Vault(s) for Packets

53.44 14,400 13,680 13.36 SA-PVHD96-L 1st PV pack
53.44 14,400 12,000 11.72 SA-PVHD96-L 2nd PV pac
89.27 21,384 20,315 19.84 SA-PVHD144-L packet co
89.27 21,384 20,315 19.84
49.60 10,692 10,157 9.92
NETMON
Minimum TB High TB
B 1 10
TB 11 50
rTB 51 100
erTB 101 250
erTB 251 500
PerTB 501 1,000
M PerTB 1,001 1,500
M PerTB 1,501 3,000
M PerTB 3,001 5,000
erTB 5,001 100,000
MON META ONLY

Minimum TB High TB
-Meta Lic1Mo 1 10
B-Meta Lic1Mo 11 50
TB-Meta Lic1Mo 51 100
n/TB-Meta Lic1Mo 101 250
n/TB-Meta Lic1Mo 251 500
on/TB-Meta Lic1Mo 501 1,000

Mon/TB-Meta Lic1M 1,001 1,500
n/TB-Meta Lic1Mo 5,001 100,000
SIEM
Minimum GB High GB
50GB 1 250
r50GB 251 1,023
B 1,024 2,047
B 2,048 5,119
5,120 9,999
lware Analysis
Minimum TB High TB
1 10
11 50
51 100
B 101 250
251 999
UEBA
Minimum TB High TB
1,000 2,500
2,501 5,000
rs 5,001 10,000
ers 10,001 25,000
ers 25,001 50,000
sers 50,001 100,000
Users 100,001 500,000
500,001 999,999

NETMON
Minimum TB High TB
1 10
B 11 50
TB 51 100
rTB 101 250
B 251 999
SIEM
Minimum GB High GB
50GB 1 250
r50GB 251 1,023
B 1,024 2,047
B 2,048 5,119
5,120 9,999
lware Analysis
Minimum TB High TB
1 10
11 50
51 100
B 101 250
251 999
UEBA
Minimum TB High TB
1,000 2,500
2,501 5,000
rs 5,001 10,000
ers 10,001 25,000
ers 25,001 50,000
sers 50,001 100,000

Users 100,001 500,000
500,001 999,999

N Configurations
SAN
1st Rack 2-n Rack
Description Shelf Limit Shelf Limit Max Shelves
2 SAN - SM 12 13 33
2 SAN - MD 12 13 49
2 SAN - LG 12 13 60
y SAN 12 13 56

Note
DAC-46 packet configuration (Series 5 Hybrids ONLY)
DAC-46 log configuration (Series 5 Hybrids ONLY)
Note
HD96-L PV log configuration (Series 5 Hybrids ONLY)
Note
HD96-L PV packet configuration (Series 5 Hybrids ONLY)
Note
HD96-L 1st PV log configuration (Series 6 Hybrids ONLY)
HD96-L 2nd PV log configuration (Series 6 Hybrids ONLY)
HD144-L log configuration (Series 6 Hybrids ONLY)

Note
HD96-L 1st PV packet configuration (Series 6 Hybrids ONLY)
HD96-L 2nd PV packet configuration (Series 6 Hybrids ONLY)
HD144-L packet configuration (Series 6 Hybrids ONLY)

Network Monitoring
Metrics Relevant to Capacity Planning
User Input :: Add Decoder Meta Disk
User Input :: Network Line Rate in Mbps
User Input :: Network Utilization %
User Input :: Network Metadata Ratio %
User Input :: Desired Raw Retention Period in Days
User Input :: Desired Meta Retention Period in Days
User Input :: Metadata Compression
Network Line Rate x Network Utilization %
Required Decoder to Concentrator Bandwidth
Required Concentrator to Event Stream Analysis Bandwidth
Raw Retention for 24 Hours in TB
Raw Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in TB
Meta Retention for 24 Hours x Retention Period in Days
Index Retention for 24 Hours in TB
Index Retention for 24 Hours x Retention Period in TB
Appliance Calculations
Network Decoder Quantity
User Input :: Packet Decoder Count Manual Override Quantity
Network Decoder Count Based on Line Rate
Network Decoder Count Based on Line Rate Utilization
Network Decoder Count Based on DAC Shelf Limit
Total Network Decoder Count
Total Network Decoders Required Based on Line Rate, Utilization Rate, D
Is Result a Vaild/Supported Configuration?

Decoder Appliance Widget Alert Message
Network Bill of Materials Widget Alert Message
Network Decoder Storage

User Input :: DAC or SAN
User Input :: Unity SAN Selected
User Input :: UltraDAC Selected
User Input :: PowerVault Selected
Network Decoder Storage Type Widget Label
1st Shelf Capacity in TB for Selected Option
Total 1st Shelf Capacity in TB Due to Decoder Count > 1 (Load Balancing
Quantity of 1st Shelves
2nd Shelf Capacity in TB for Selected Option
Quantity of DAC or SAN Shelves Required to Satisfy Retention
Quantity of DAC or SAN Shelves Required Based on Line Rate, Utilization
Total Storage Available in TB Based on DAC or SAN Shelf Count + Overrid
Total Storage Available in Days Based on DAC or SAN Shelf Count
Maximum Shelves Available for Selected SAN
Quantity of Packet Decoder Emulex Cards Required
Quantity of SAN Racks Required
Quantity of UltraDAC Racks Required
Packet Concentrator Quantity

User Input :: Network Concentrator Count Manual Override Quantity
Network Concentrator Count Based on Line Rate
Network Concentrator Count Based on Line Rate Utilization
Packet Concentrator Count Based on DAC Shelf Limit
Total Packet Concentrator Count
Total Packet Concentrators Required Based on Line Rate, Utilization Rat
Concentrator Appliance Widget Alert Message
Packet Concentrator Storage

Packet Concentrator Storage Type Widget Label
Quantity of DAC or SAN Shelves Required
Quantity of DAC Shelves Required Due To Manual Override
Total Storage Available in Days Based on DAC or SAN Shelf Count
Quantity of Packet Concentrator Emulex Cards Required
Additional SAN Racks
Packet Hybrid Quantity and Storage

User Input :: Hybrid + DAC Selected
User Input :: Hybrid Count Manual Override Quantity
Packet Hybrid Storage Type Widget Label
PacketDB Capacity in TB for Selected Option
MetaDB Capacity in TB for Selected Option
Total Hybrids Required to Support PacketDB
Total Hybrids Required to Support MetaDB
Total Hybrids Required to Support Line Rate
Hybrid Count Designated By
Total Hybrid Count
Total PacketDB Days
Total MetaDB Days
Packet Hybrid Appliance Widget Alert Message
Approximate Utilization Calculations

Metrics Relevant to Network Utilization
User Input :: 12:00 AM

User Input :: 12:00 PM
Average Network Line Rate Utilization Based on [Above] User Input
Average Network Line Rate Based on [Above] User Input

User Input :: Dropbox :: Include Malware Analysis
User Input :: Dropbox :: Include Event Stream Aanalysis
User Input :: Dropbox :: Include UEBA
Amazon AWS SKU
Network Monitoring Raw Packets Throughput for 24 Hours in TB

Network Monitoring SKU Count
Network Monitoring Subscription SKU
Network Monitoring Perpetual SKU
Network Monitoring Metadata Only Throughput for 24 Hours in TB
Network Monitoring Metadata Only SKU Count
Network Monitoring Metadata Only Subscription SKU
Malware Analysis Throughput for Raw Packets for 24 Hours in TB
Malware Analysis SKU Count
Malware Analysis Subscription SKU
Malware Analysis Perpetual SKU
Bill of Materials User Input Selections and Logic

User Input :: Appliance Model Selected
User Input :: Subscription License Selected
User Input :: Perpetual License Selected
User Input :: Meta Only License Selected
Throughput Model Selected
User Input :: Decoder & Concentrator Selected
User Input :: Hybrid Selected
User Input :: Hardware Selected
User Input :: Software Selected
User Input :: Decoder Storage Selected
Decoder UltraDAC Selected
Decoder Storage Type
Decoder Unity SAN Selected
User Input :: Concentrator Storage Selected
Concentrator Storage Type
Concentrator Unity SAN Selected
Include Broker
User Input :: AWS SA Server Selected

Legacy Capacity SKU Count
Legacy Capacity SKU
Components
Appliance-based model
HW
NetMon License
Meta Only License
MA License
NW Server NW-S6H-AS
Broker NW-S6H-BRO
ESA SA-S6H-ESA
Malware NW-S6H-MAL
UEBA NW-S6H-UEBA
Network Decoder NW-S6H-N-DEC
Decoder Meta Disk Kit NWS6E-2.4TB-2.5HDD
Decoder PV-A NW-PV-A
Decoder PV-B NW-PV-B
Decoder 96TB PV NW-PVHD96-L
Decoder 46TB DAC SA-DACHD-P
Decoder 96TB SED PV NW-PVHDE96-L
Decoder 142TB UltraDAC SA-HDD142-LP
Decoder 180TB UltraDAC SA-HDD180-LP
Decoder VNX2 SAN - SM SA-VNX2HD-5600
Decoder VNX2 SAN - MD SA-VNX2HD-5800
Decoder VNX2 SAN - LG SA-VNX2HD-7600
Decoder SAN Shelves SA-VNX2HD-SHLF
Decoder Unity SAN NWS-Unity600
Decoder Unity SAN Shelves NWS-U6APHD-SHLF
Network Concentrator NW-S6H-N-CON
Concentrator PV-C NW-PV-C

Concentrator PV-D NW-PV-D
Concentrator 12TB DAC SA-HPD12H1
Concentrator 33TB DAC SA-DACHP
Concentrator 76TB PV NW-PVHP76-L
Concentrator 78TB SED PV NW-PVHPE78-L
Concentrator VNX2 SAN - SM SA-VNX2HD-5600
Concentrator VNX2 SAN - MD SA-VNX2HD-5800
Concentrator VNX2 SAN - LG SA-VNX2HD-7600
Concentrator SAN Shelves SA-VNX2HP-SHLF
Concentrator Unity SAN NWS-Unity600
Concentrator Unity SAN Shelves NWS-U6APHP-SHLF
Emulex Card SA-DP-8GB-SANHBA
Ultra Rack SA-ULTRA-RACK
SAN Rack SA-VNX2-RACK
Unity Rack NWS-U600-Rack
Network Hybrid SA-S5-HYBRID-P
Network Hybrid NW-S6-HYBRID-N
Hybrid S6 + 1x PV-A NW-PV-A
Hybrid S5/S6 + 1x PV-B NW-PV-B
Hybrid S6 + 2x PV-B NW-PV-B
Hybrid S6 + 1x 144TB PV NW-PVHD144-L
Hybrid S5/S6 + 1x 96TB PV NW-PVHD96-L
Hybrid S6 + 2x 96TB PV NW-PVHD96-L

RSA | NETWIT
Value Defined Name

0 PMetaDisk_Selected
1,000 NetworkLineRate
60% NetworkUtilization
8% NetworkMetadataRati
in Days 7 NetworkRawRetention
d in Days 30 NetworkMetaRetentio
0 ISNetworkMetaCompr
600 Mbps NetworkLineRateUtiliz
dth 48 Mbps NetworkDtoC_Bandw
alysis Bandwidth 48 Mbps NetworkCtoESA_Band
5.89 NetworkPacketDB_for
on Period in Days 41.25 NetworkPacketDB_for
0.47 NetworkMetaDB_for_
riod in Days 14.14 NetworkMetaDB_for_
0.01 NetworkIndexDB_for_
eriod in TB 0.42 NetworkIndexDB_for_
Value Defined Name

Override Quantity 0 PDecoder_Manual_Ov
1
Utilization 1
f Limit 0
1 PDecoder_Count
Line Rate, Utilization Rate, DAC Limit, or O
1 PDecoder_Valid_Confi
# Internal Use - Confidential

PDecoder_Widget_Ale
sage PBOM_Widget_Alert
Value Defined Name

DAC PDecoder_Storage_Ty
0 PDecoder_Unity_Sele
0 PDecoder_UltraDAC_S
1 PDecoder_PV_Selecte
el PowerVaults PDecoder_Widget_Sto
81.20
er Count > 1 (Load Balancing or Override) 81.20
1
101.57
o Satisfy Retention 1
ased on Line Rate, Utilization Rate, DAC Lim 1 PDecoder_Storage_Co
or SAN Shelf Count + Override 81.20
AC or SAN Shelf Count 13.78 PDecoder_Storage_Da
N PDecoder_SANMaxSh
equired 0
0
0
Value Defined Name

Manual Override Quantity 0 PConcentrator_Manu
Rate 1
Rate Utilization 1
helf Limit 1
1 PConcentrator_Count
on Line Rate, Utilization Rate, DAC Limit, o Line Rate
1 PConcentrator_Valid_
age PConcentrator_Widge
Value Defined Name

DAC PConcentrator_Storag
0 PConcentrator_Unity_
1 PConcentrator_PV_Se
PowerVaults PConcentrator_Widge
71.10
71.10
1
Manual Override 1 PConcentrator_Storag
AC or SAN Shelf Count 150.80 PConcentrator_Storag
PConcentrator_SANM
rds Required 0
0
Value Defined Name

1 PHybrid_DAC_Selecte
Quantity 0
Hybrids + PV PHybrid_Widget_Stor
n 109.31
39.88
B 1
1
e 1
Line Rate
1 PHybrid_Count
18.54 PHybrid_PacketDB_Da
84.57 PHybrid_MetaDB_Day
age PHybrid_Widget_Alert
Value Line Rate

30.00% 300 Mbps
30.00% 300 Mbps

35.00% 350 Mbps
45.00% 450 Mbps
50.00% 500 Mbps
55.00% 550 Mbps
60.00% 600 Mbps
65.00% 650 Mbps
70.00% 700 Mbps
75.00% 750 Mbps
80.00% 800 Mbps
85.00% 850 Mbps
95.00% 950 Mbps
85.00% 850 Mbps
80.00% 800 Mbps
75.00% 750 Mbps
70.00% 700 Mbps
65.00% 650 Mbps
60.00% 600 Mbps
55.00% 550 Mbps
50.00% 500 Mbps
45.00% 450 Mbps
40.00% 400 Mbps
30.00% 300 Mbps
d on [Above] User Input 59.58%
e] User Input 596 Mbps Calculated but not cur
Value Defined Name

nalysis 0 IncludeMA
m Aanalysis 1 IncludeESA
0 IncludePUEBA
NW-AWSAGENT-P
ut for 24 Hours in TB 5.9

6
SA-NETMON-S-T1
SA-NETMON-P-T1
hput for 24 Hours in TB 5.9
unt 6
ption SKU SA-NETMN-META-S-T1
ets for 24 Hours in TB 6
7
SA-NETMW-S-T1
SA-NETMW-P-T1
ogic Value Defined Name

0 PAppliance_Selected
1 PSubscription_Selecte
0 PPerpetual_Selected
0 PMetaOnly_Selected
1 PThroughput_Selected
ted 0 PDecoderConcentrato
1 PHybrid_Selected
1 PHardware_Selected
0 PSoftware_Selected
PV-A PDecoderStorage
0 PDecoder_UltraDAC_S
DAC PDecoder_Storage_Ty
0 PDecoder_Unity_Sele
PV-D PConcentrator_Storag
DAC PConcentrator_Storag
0 PConcentrator_Unity_
1 PHybrid_DAC_Selecte
0 IncludeBroker
0 VM_POther_AWSSASe

2
SA-25TB-CAP-P-SW
ance-based model Throughput-based model

SW HW SW
SA-NETMON-S-T1
Invalid Configuration NW-S6E-CORE-NL (node zero)

Invalid Configuration NW-S6E-CORE-NL (broker)
Invalid Configuration NW-S6E-ANALYTIC-NL (esa)
Invalid Configuration NW-S6E-CORE-NL (malware)
Invalid Configuration NW-S6E-ANALYTIC-NL (ueba)
Invalid Configuration NW-S6E-CORE-NL (decoder)
Invalid Configuration NWS6E-2.4TB-2.5HDD
NW-PV-A
NW-PV-B
NW-PVHD-96
SA-HDDAC-46
NW-PVHD72
NW-PVHD-144
NW-PVHDE-96
SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HD-SHLF
NWS-Unity600
NWS-U6TPHD-SHLF
Invalid Configuration NW-S6E-CORE-NL (concentrato
NW-PV-C

NW-PV-D
SA-HPDAC-12
SA-HPDAC-33
NW-PVHP-76
NW-PVHP-113
NW-PVHPE-78
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HP-SHLF
NWS-Unity600
NWS-U6TPHP-SHLF
SA-DP-8GB-SANHBA
SA-ULTRA-RACK
SA-VNX2-RACK
NWS-U600-Rack
Invalid Configuration SA-S5H-PHYBRID-NL
Invalid Configuration NW-S6H-NHYBRID-NL
NW-PV-A
NW-PV-B
NW-PV-B
NW-PVHD144
NW-PVHD96
NW-PVHD96

ned Name
etaDisk_Selected
workLineRate
workUtilization
workMetadataRatio
workRawRetentionPeriod
workMetaRetentionPeriod
etworkMetaCompressed
workLineRateUtilization
workDtoC_Bandwidth
workCtoESA_Bandwidth
workPacketDB_for_24H
workPacketDB_for_Period
workMetaDB_for_24H
workMetaDB_for_Period
workIndexDB_for_24H
workIndexDB_for_Period
ned Name
coder_Manual_Override
coder_Count
coder_Valid_Config

coder_Widget_Alert
M_Widget_Alert
ned Name
coder_Storage_Type
coder_Unity_Selected
coder_UltraDAC_Selected
coder_PV_Selected
coder_Widget_Storage_Label
coder_Storage_Count
coder_Storage_Days
coder_SANMaxShelves
ned Name
ncentrator_Manual_Override
ncentrator_Count
ncentrator_Valid_Config
ncentrator_Widget_Alert
ned Name

ncentrator_Storage_Type
ncentrator_Unity_Selected
ncentrator_PV_Selected
ncentrator_Widget_Storage_Label
ncentrator_Storage_Count
ncentrator_Storage_Days
ncentrator_SANMaxShelves
ned Name
brid_DAC_Selected
brid_Widget_Storage_Label
brid_Count
brid_PacketDB_Days
brid_MetaDB_Days
rid_Widget_Alert
Rate
Network Line Rate x Utilization

ulated but not currently used or displayed on Network Ta
ned Name
udeMA
udeESA
udePUEBA

ned Name
pliance_Selected
bscription_Selected
rpetual_Selected
etaOnly_Selected
roughput_Selected
coderConcentrator_Selected
brid_Selected
rdware_Selected
ftware_Selected
coderStorage
coder_Storage_Type
ncentrator_Storage
brid_DAC_Selected
udeBroker
_POther_AWSSAServer_Selected

model Bill Of Materials
SW SKU Count SKU
NETMON-S-T1 6 SA-NETMON-S-T1
1 NW-S6E-CORE-NL (node z
1 NW-S6E-ANALYTIC-NL (es

1 NW-S6H-NHYBRID-NL
1 NW-PV-A

SIEM
User Input :: Add Decoder Meta Disk
User Input :: Event Rate in EPS
User Input :: Utilization %
User Input :: Event Size in Bytes
User Input :: Log Metadata Ratio %
User Input :: Short Term Raw Retention Period in Days
User Input :: RAW Log Compression
User Input :: Short Term Meta Retention Period in Days
User Input :: Long Term Retention Period in Days
User Input :: Long Term Warm/Cold Retention Period in Days
Required Log Decoder Bandwidth
Required Log Decoder to Log Concentrator Bandwidth
Required Log Concentrator to Event Stream Analysis Bandwidth
Short Term Calculations

SessionDB Retention for 24 Hours in TB
SessionDB Retention for 24 Hours in TB x Retention Period
Raw Retention for 24 Hours in Bytes
Raw Retention for 24 Hours in GB/Day
Raw Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in Bytes
Meta Retention for 24 Hours in TB
Meta Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in TB + SessionDB

Meta Retention for 24 Hours in TB + SessionDB x Retention Period in Da
Index Retention for 24 Hours in TB
Index Retention for 24 Hours in TB x Retention Period
Long Term Calculations

Long Term Raw Retention for 24 Hours in GB
Long Term (Compressed) Raw Retention for 24 Hours in TB
Long Term (Compressed) Raw Retention for 24 Hours in TB x Retention P
Long Term (Compressed) Meta Retention for 24 Hours in TB
Long Term (Compressed) Meta Retention for 24 Hours in TB x Retention
Long Term (Compressed) Total Retention for 24 Hours in TB
Long Term (Compressed) Total Retention for 24 Hours in TB x Retention
Long Term Warm / Cold Storage Requirements in TB
Appliance Calculations
Log Decoder Quantity
User Input :: Log Decoder Count Manual Override Quantity
Log Decoder Count Based on Event Rate
Log Decoder Count Based on DAC Shelf Limit
Total Log Decoder Count
Total Log Decoders Required Based on Event Rate, DAC Limit, or Overrid
Log Decoder Appliance Widget Alert Message
Log Bill of Materials Widget Alert Message
Log Decoder Storage

Log Decoder Storage Type Widget Label
Total 1st Shelf Capacity in TB Due to Decoder Count > 1 (Load Balancing

Quantity of 1st Shelves
Quantity of DAC or SAN Required Shelves to Satisfy Retention
Quantity of DAC or SAN Shelves Required Based on Event Rate, DAC Lim
Total Storage Available in Years
Total Storage Available in Months
Total Storage Available in Days
Total Storage Available Displayed Value
Total Storage Available Displayed Label
Quantity of Log Decoder Emulex Cards Required
Log Concentrator Quantity

User Input :: Log Concentrator Count Manual Override Quantity
Log Concentrator Count Based on Event Rate
Log Concentrator Count Based on DAC Shelf Limit
Total Log Concentrator Count
Total Log Concentrators Required Based on Event Rate, DAC Limit, or Ov
Log Concentrator Appliance Widget Alert Message
Log Concentrator Storage

Log Concentrator Storage Type Widget Label
Quantity of DAC or SAN Shelves Required Based on Event Rate, DAC Lim

Quantity of Log Concentrator Emulex Cards Required
Archiver Quantity
User Input :: Archiver Count Manual Override Quantity
Archiver Count Based on Event Rate
Archiver Count Based on DAC Shelf Limit
Total Archiver Count
Total Archivers Required Based on Event Rate, DAC Limit, or Override
Archiver Appliance Widget Alert Message
Archiver Storage
Archiver Storage Type Widget Label
Quantity of DAC Shelves Required Due To Manual Override

Quantity of Archiver Emulex Cards Required
Log Hybrid Quantity and Storage

User Input :: Log Hybrid + DAC Selected
User Input :: Log Retention Hybrid Selected
User Input :: Log Hybrid Count Manual Override Quantity
Log Hybrid Storage Type Widget Label
Log Hybrid Widget Footer Message
PacketDB Capacity in TB for Selected Option
MetaDB Capacity in TB for Selected Option
Total Log Hybrids Required to Support PacketDB
Total Log Hybrids Required to Support MetaDB
Total Log Hybrids Required to Support Event Rate
Log Hybrid Count Designated By
Total Log Hybrid Count
Total PacketDB Storage Available in Years
Total PacketDB Storage Available Months
Total PacketDB Storage Available in Days
Total PacketDB Storage Available Displayed Value
Total PacketDB Storage Available Displayed Label
Total MetaDB Storage Available in Years
Total MetaDB Storage Available in Months
Total MetaDB Storage Available in Days
Total MetaDB Storage Available Displayed Value
Total MetaDB Storage Available Displayed Label
Log Hybrid Appliance Widget Alert Message

Device Class Event Size Event Rate Quantity otal Event Rate
Unix / Linux 250 10.0 0 0
Windows AD 500 50.0 0 0
Windows IIS 400 15.0 0 0
Windows 500 10.0 0 0
Web Server 300 15.0 0 0
Proxy Server 500 50.0 0 0
AV 350 10.0 0 0
NAS 500 10.0 0 0
Database 550 25.0 0 0
DNS / DHCP 500 50.0 0 0
Router / Swi 225 25.0 0 0
Firewall 500 250.0 0 0
IDS 450 5.0 0 0
VPN 300 5.0 0 0
NW EndPoin 1,700 1.0 0 0
Total 0 0 0
Approximate Metrics
Total Devices
Event Rate
Event Size
Log GiB per Day

User Input :: Dropbox :: Add ESA Selected
User Input :: Dropbox :: Add UEBA Selected
Amazon AWS SKU

SIEM Throughput for Raw Logs for 24 Hours in TB
SIEM Throughput for Raw Logs for 24 Hours in GB
SIEM SKU Count (per50GB)
SIEM Subscription SKU
SIEM Perpetual SKU
UEBA User Count
UEBA Subscription SKU
UEBA Perpetual SKU
Bill of Materials User Input Selections and Logic

User Input :: Appliance Model Selected
User Input :: Subscription License Selected
User Input :: Perpetual License Selected
Throughput Model Selected
User Input :: Decoder & Concentrator Selected
User Input :: Hybrid Selected
User Input :: Hardware Selected
User Input :: Software Selected
User Input :: Decoder Storage Selected
Decoder UltraDAC Selected
Decoder Storage Type
Decoder Unity SAN Selected
User Input :: Concentrator Storage Selected
Concentrator Storage Type
Concentrator Unity SAN Selected
User Input :: Archiver Storage Selected
Archiver UltraDAC Selected
Archiver Storage Type
Archiver Unity SAN Selected
User Input :: Dropbox :: Add Archiver

Include Broker
User Input :: AWS SA Server Selected
User Input :: Azure SA Server Selected
Legacy Capacity SKU Count
Legacy Capacity SKU
Components
Appliance-based model
HW
SA License
UEBA License
SA Server NW-S6H-AS
Broker NW-S6H-BRO
ESA NW-S6H-ESA
UEBA Server NW-S6H-UEBA
Log Decoder NW-S6H-L-DEC
Decoder Meta Disk Kit NWS6E-2.4TB-2.5HDD
Decoder PV-A NW-PV-A NW-PV-A
Decoder PV-B NW-PV-B NW-PV-B
Decoder 46TB DAC SA-DACHD-LSA-DACHD-P
Decoder 72TB PV NW-PVHD72-SA-HDDAC-32
Decoder 144TB PV NW-PVHD144SA-DACHD-P
Decoder 96TB SED PV NW-PVHDE96SA-HDDAC-32
Decoder 142TB UltraDAC SA-HDD142-SA-HDUDAC-142
Decoder 180TB UltraDAC SA-HDD180-LL
Decoder VNX2 SAN - SM SA-VNX2HD-5600
Decoder VNX2 SAN - MD SA-VNX2HD-5800
Decoder VNX2 SAN - LG SA-VNX2HD-7600
Decoder SAN Shelves SA-VNX2HD-SHLF
Decoder Unity SAN NWS-Unity600
Decoder Unity SAN Shelves NWS-U6APHD-SHLF

Log Concentrator NW-S6H-L-CON
Concentrator PV-C NW-PV-C
Concentrator PV-D NW-PV-D
Concentrator 12TB DAC SA-HPD12H1
Concentrator 33TB DAC SA-DACHP
Concentrator 113TB PV NW-PVHP113 SA-DACHP
Concentrator 78TB SED PV NW-PVHPE78 SA-HPDAC-12
Concentrator VNX2 SAN - SM SA-VNX2HD-SA-VNX2HD-SM-P
Concentrator VNX2 SAN - MD SA-VNX2HD-SA-VNX2HD-MD-P
Concentrator VNX2 SAN - LG SA-VNX2HD-SA-VNX2HD-LG-P
Concentrator SAN Shelves SA-VNX2HP-SHLF
Concentrator Unity SAN NWS-Unity600
Concentrator Unity SAN Shelves NWS-U6APHP-SHLF
Archiver NW-S6H-ARCH
Archiver PV-A NW-PV-A
Archiver PV-B NW-PV-B
Archiver 96TB PV NW-PVHD96-L
Archiver 46TB DAC SA-HDD46-ARCH
Archiver 72TB PV NW-PVHD72A-L
Archiver 144TB PV NW-PVHD144A-L
Archiver 96TB SED PV NW-PVHDE96A-L
Archiver 142TB UltraDAC SA-HDD-142-ARCH
Archiver 180TB UltraDAC SA-HDD-180-ARCH
Archiver VNX2 SAN - SM SA-VNX2HD-5600
Archiver VNX2 SAN - MD SA-VNX2HD-5800
Archiver VNX2 SAN - LG SA-VNX2HD-SA-VNX2HD-LG-P
Archiver SAN Shelves SA-VNX2HD-SHLF
Archiver Unity SAN NWS-Unity600
Archiver Unity SAN Shelves NWS-U6APHDA-SHLF
Emulex Card SA-DP-8GB-SANHBA
Ultra Rack SA-ULTRA-RACK
SAN Rack SA-VNX2-RACK

Ultra Rack NWS-U600-Rack
Log Hybrid SA-S5-HYBRID-L
Log Hybrid NW-S6-HYBRID-L
Hybrid S6 or EL + 1x PV-A NW-PV-A
Hybrid S6 or EL + 1x PV-B NW-PV-B
Hybrid S6 or EL + 2x PV-B NW-PV-B
Hybrid S6 or EL + 1x 144TB PV NW-PVHD144-L

RSA | NETWIT
Value Defined Name

0 LMetaDisk_Selected
0 LogEventRate
0% LogUtilization
0 LogEventSize
0% LogMetaDataRatio
iod in Days 0 LogRawRetentionPerio
0 ISRawLogCompresssed
riod in Days 30 LogMetaRetentionPer
0 ISLogMetaCompresse
Days 365 LogLongTermRetentio
on Period in Days 0 LogLongTermWarmRe
0 Mbps
Bandwidth 0 Mbps LogDtoC_Bandwidth
Analysis Bandwidth 0 Mbps LogCtoESA_Bandwidth
Value
0.000000
etention Period 0.000000
0 Bytes
0.00 GB/Day LogGBPerDay
0.00 LogPacketDB_for_24H
on Period in Days 0.00 LogPacketDB_for_Per
0 Bytes
0.00
on Period in Days 0.00
nDB 0.00 LogMetaDB_for_24H

nDB x Retention Period in Days 0.00 LogMetaDB_for_Perio
0.00000 LogIndexDB_for_24H
tion Period 0.00 LogIndexDB_for_Perio
Value Defined Name

-
24 Hours in TB 0.00 ArchiverPacketDB_for
24 Hours in TB x Retention Period in Days 0.00 ArchiverPacketDB_for
or 24 Hours in TB 0.00 ArchiverMetaDB_for_
or 24 Hours in TB x Retention Period in Day 0.00 ArchiverMetaDB_for_
r 24 Hours in TB 0.00 ArchiverDB_for_24H
r 24 Hours in TB x Retention Period in Days 0.00 ArchiverDB_for_Perio
nts in TB 0.00 ArchiverWarmRetenti
Value Defined Name

erride Quantity 0 LDecoder_Manual_Overr
0
t Err:508
0 LDecoder_Count
t Rate, DAC Limit, or Override Event Rate
Err:508 LDecoder_Valid_Confi
ge Err:508 LDecoder_Widget_Ale
LBOM_Widget_Alert
Value Defined Name

DAC LDecoder_Storage_Ty
0 LDecoder_Unity_Selec
0 LDecoder_UltraDAC_S
1 LDecoder_PV_Selecte
PowerVaults LDecoder_Widget_Sto
81.20
er Count > 1 (Load Balancing or Override) 0.00

0
101.57
ased on Event Rate, DAC Limit, or Override 0 LDecoder_Storage_Co
0.0 LDecoder_Storage_Ye
0.0
0.0 LDecoder_Storage_Da
0.0 LDecoder_Retention
Days LDecoder_Retention_
LDecoder_SANMaxShe
0
0
0
Value Defined Name

al Override Quantity 0 LConcentrator_Manua
e 0
f Limit 0
0 LConcentrator_Count
Event Rate, DAC Limit, or Override Event Rate
1 LConcentrator_Valid_
essage LConcentrator_Widge
Value Defined Name

DAC LConcentrator_Storag
0 LConcentrator_Unity_
1 LConcentrator_PV_Se
PowerVaults LConcentrator_Widge
71.10
71.10
ased on Event Rate, DAC Limit, or Override 0 LConcentrator_Storag

0.00 LConcentrator_Storag
0.00
0.00 LConcentrator_Storag
0.00 LConcentrator_Retenti
Days LConcentrator_Retenti
LConcentrator_SANM
Required 0
0
Value Defined Name

de Quantity 0 Archiver_Manual_Ove
0
0
0 Archiver_Count
te, DAC Limit, or Override Event Rate
1 Archiver_Valid_Config
Archiver_Widget_Aler
Value Defined Name

DAC Archiver_Storage_Typ
0 Archiver_Unity_Select
0 Archiver_UltraDAC_Se
1 Archiver_PV_Selected
PowerVaults Archiver_Widget_Stor
81.20
101.57
Manual Override 0 Archiver_Storage_Cou
0.00 Archiver_Storage_Yea
0.00
0.00 Archiver_Storage_Day

0.00 Archiver_Retention
Days Archiver_Retention_L
Archiver_SANMaxShe
0
0
0
Value Defined Name

0 LHybrid_DAC_Selected
0 ISLRHybrid_Selected
ride Quantity 0
Hybrids LHybrid_Widget_Stora
LHybrid_Widget_Labe
n 20.04
20.04
etDB 0
aDB 0
t Rate 0
Event Rate
0 LHybrid_Count
0.0 LHybrid_PacketDB_Ye
0.0
0.0 LHybrid_PacketDB_Da
Value 0.0 LHybrid_PacketDB_Re
Label Days LHybrid_Widget_Pack
0.0 LHybrid_MetaDB_Yea
0.0
0.0 LHybrid_MetaDB_Day
Value 0.0 LHybrid_MetaDB_Ret
abel Days LHybrid_Widget_Meta
LHybrid_Widget_Alert

culations
otal Event Rate Decimal GB/Day Binary GiB/Day

0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.00 0.00
0 0.0 0.00
Value Defined Name

0 Approx_TotalDevices
0.00 Approx_EventRate
0.00 Approx_EventSize
0.00 Approx_LogGBPerDay
Value Defined Name

1 IncludeLogESA
0 IncludeLogUEBA
NW-AWSAGENT-P

in TB 0.00
in GB 0
0
0
0
10,000 UEBAUserCount
NW-UEBA-S-T3
NW-UEBA-P-T3
ogic Value Defined Name

0 LAppliance_Selected
1 LSubscription_Selecte
0 LPerpetual_Selected
1 LThroughput_Selected
ted 1 LDecoderConcentrato
0 LHybrid_Selected
0 LHardware_Selected
1 LSoftware_Selected
PV-A LDecoderStorage
0 LDecoder_UltraDAC_S
DAC LDecoder_Storage_Ty
0 LDecoder_Unity_Selec
PV-D LConcentrator_Storag
DAC LConcentrator_Storag
0 LConcentrator_Unity_
0 LHybrid_DAC_Selected
PV-A ArchiverStorage
0 Archiver_UltraDAC_Se
DAC Archiver_Storage_Typ
0 Archiver_Unity_Select
0 IncludeArchiver

0 IncludeLBroker
0 VM_LOther_AWSSASe
0 VM_LOther_AzureSAS
0
SA-5TB-CAP-L-SW
ance-based model Throughput-based model

SW HW SW
0.00
NW-UEBA-S-T3
Invalid Configuration NW-S6E-CORE-NL (node zero)
Invalid Configuration NW-S6E-CORE-NL (broker)
Invalid Configuration NW-S6E-ANALYTIC-NL (esa)
Invalid Configuration NW-S6E-ANALYTIC-NL (ueba)
Invalid Configuration NW-S6E-CORE-NL (decoder)
Invalid Configuration NWS6E-2.4TB-2.5HDD
NW-PV-A
NW-PV-B
NW-PVHD96
SA-HDDAC-46
NW-PVHD72
NW-PVHD144
NW-PVHDE96
UDAC-142 SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HD-SHLF
NWS-Unity600
NWS-U6TPHD-SHLF

Invalid Configuration NW-S6E-CORE-NL (concentrator)
NW-PV-C
NW-PV-D
SA-HPDAC-12
SA-HPDAC-33
NW-PVHP76
NW-PVHP113
NW-PVHPE78
X2HD-SM-P SA-VNX2HD-5600
X2HD-MD-P SA-VNX2HD-5800
X2HD-LG-P SA-VNX2HD-7600
SA-VNX2HP-SHLF
NWS-Unity600
NWS-U6TPHP-SHLF
Invalid Configuration NW-S6E-CORE-NL (archiver)
NW-PV-A
NW-PV-B
NW-PVHD96
SA-HDDAC-46
NW-PVHD72
NW-PVHD144
NW-PVHDE96A
SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
X2HD-LG-P SA-VNX2HD-7600
SA-VNX2HD-SHLF
NWS-Unity600
NWS-U6TPHDA-SHLF
SA-DP-8GB-SANHBA
SA-ULTRA-RACK
SA-VNX2-RACK

NWS-U600-Rack
Invalid Configuration SA-S5H-LHYBRID-NL
Invalid Configuration NW-S6H-LHYBRID-NL
NW-PV-A
NW-PV-B
NW-PV-B
NW-PVHD144
NW-PVHD96
NW-PVHD96

ned Name
taDisk_Selected
EventRate
Utilization
EventSize
MetaDataRatio
RawRetentionPeriod
wLogCompresssed
MetaRetentionPeriod
gMetaCompressed
LongTermRetentionPeriod
LongTermWarmRetentionPeriod
DtoC_Bandwidth
CtoESA_Bandwidth
GBPerDay
PacketDB_for_24H
PacketDB_for_Period
MetaDB_for_24H

MetaDB_for_Period
ndexDB_for_24H
ndexDB_for_Period
ned Name
hiverPacketDB_for_24H
hiverPacketDB_for_Period
hiverMetaDB_for_24H
hiverMetaDB_for_Period
hiverDB_for_24H
hiverDB_for_Period
hiverWarmRetentionTB
ned Name
oder_Manual_Override
coder_Count
coder_Valid_Config
coder_Widget_Alert
M_Widget_Alert
ned Name
coder_Storage_Type
coder_PV_Selected
coder_Widget_Storage_Label

coder_Storage_Count
coder_Storage_Years
coder_Storage_Days
coder_Retention
coder_Retention_Label
coder_SANMaxShelves
ned Name
ncentrator_Manual_Override
ncentrator_Count
ncentrator_Valid_Config
ncentrator_Widget_Alert
ned Name
ncentrator_PV_Selected
ncentrator_Widget_Storage_Label
ncentrator_Storage_Count

ncentrator_Storage_Years
ncentrator_Storage_Days
ncentrator_Retention
ncentrator_Retention_Label
ncentrator_SANMaxShelves
ned Name
hiver_Manual_Override
hiver_Count
hiver_Valid_Config
hiver_Widget_Alert
ned Name
hiver_Storage_Type
hiver_Unity_Selected
hiver_UltraDAC_Selected
hiver_PV_Selected
hiver_Widget_Storage_Label
hiver_Storage_Count
hiver_Storage_Years
hiver_Storage_Days

hiver_Retention
hiver_Retention_Label
hiver_SANMaxShelves
ned Name
brid_DAC_Selected
Hybrid_Selected
brid_Widget_Storage_Label
brid_Widget_Label
brid_Count
brid_PacketDB_Years
brid_PacketDB_Days
brid_PacketDB_Retention
brid_Widget_PacketDB_Label
brid_MetaDB_Years
brid_MetaDB_Days
brid_MetaDB_Retention
brid_Widget_MetaDB_Label
brid_Widget_Alert

ned Name
rox_TotalDevices
rox_EventRate
rox_EventSize
rox_LogGBPerDay
ned Name
udeLogESA
udeLogUEBA

AUserCount
ned Name
pliance_Selected
bscription_Selected
petual_Selected
oughput_Selected
coderConcentrator_Selected
brid_Selected
rdware_Selected
ftware_Selected
coderStorage
coder_Storage_Type
ncentrator_Storage
brid_DAC_Selected
hiverStorage
hiver_UltraDAC_Selected
hiver_Storage_Type
hiver_Unity_Selected
udeArchiver

udeLBroker
_LOther_AWSSAServer_Selected
_LOther_AzureSAServer_Selected
model Bill Of Materials

SW SKU Count SKU
0 0.00
-UEBA-S-T3

Endpoint Formula Reference
Endpoint Agent Performance Benchmarks

Endpoint Agents Data Rates
1 End
Advanced Advanced + ENV
Tracking Scan Tracking Scan
Decoder
Meta 32,182,255 4,720,064 38,618,706 4,720,064
Packet 3,003,677 257,458 3,261,135 257,458
Session 986,922 107,274 1,180,016 107,274
Concentrator
meta 34,327,738 4,934,612 40,764,189 4,934,612
Index 643,645 128,729 772,374 128,729
session 986,922 107,274 1,180,016 107,274
Mongo 32,182 643,645 32,182 643,645
Endpoint
User Input :: Dropbox :: Endpoint Primary Log Decoder
User Input :: Dropbox :: Endpoint Monitoring Mode
User Input :: Dropbox :: Endpoint Expanded Network Visibility
User Input :: Dropbox :: Endpoint Collect File Logs
User Input :: Endpoint Scans per Week
User Input :: Endpoint Windows Agents

User Input :: Endpoint mac OS X Agents
User Input :: Endpoint CentOS / RH Enterprise / Ubuntu Agents
User Input :: RAW Log Compression
User Input :: Long Term Retention Period in Days
User Input :: Long Term Warm/Cold Retention Period in Days
Endpoint Total Scans per Raw Retention Period
Endpoint Total Scans per Meta Retention Period
Endpoint Total Agents
Endpoint Mode :: Insights Agent Selected with Zero Scans
Endpoint Mode :: EDR Only
Endpoint Mode :: Logs Only
Endpoint Mode :: Files Only
Endpoint Mode :: EDR Plus Logs
Endpoint Agent Equivalent EPS Rate
Endpoint Scans Equivalent EPS Rate
Endpoint File Collection Equivalent EPS Rate
Endpoint Total Equivalent EPS Rate
Required Log Decoder Bandwidth
Required Endpoint Log Decoder to Endpoint Log Concentrator Bandwidt
Required Endpoint Log Concentrator to Event Stream Analysis Bandwidt
Endpoint
Selected Endpoint Agent Type Data Rate Per Day
Decoder Tracking Meta Data Rate
Tracking Packet Data Rate
Tracking Session Data Rate
Scan Meta Data Rate
Scan Packet Data Rate
Scan Session Data Rate
ConcentratoTracking Meta Data Rate
Tracking Index Data Rate
Tracking Session Data Rate
Scan Meta Data Rate
Scan Index Data Rate
Scan Session Data Rate
Mongo Tracking Data Rate
Scan Data Rate
Endpoint
Daily and Per Period Calculations
Short Term Calculations
Decoder Tracking PacketDB Data for 24 Hours in Bytes
Tracking PacketDB Data for 24 Hours in GB/Day
Tracking PacketDB Data for 24 Hours in TB
Tracking PacketDB Data for Retention Period in TB
Tracking SessionDB Tracking Data for 24 Hours in Bytes
Tracking SessionDB Tracking Data for 24 Hours in GB/Day
Tracking SessionDB Tracking Data for 24 Hours in TB
Tracking SessionDB Tracking Data for Retention Period in TB
Scan PacketDB Data for 24 Hours in Bytes
Scan PacketDB Data for 24 Hours in GB/Day
Scan PacketDB Data for 24 Hours in TB
Scan PacketDB Data for Retention Period in TB
Scan SessionDB Data for 24 Hours in Bytes
Scan SessionDB Data for 24 Hours in GB/Day
Scan SessionDB Data for 24 Hours in TB
Scan SessionDB Data for Retention Period in TB
Total PacketDB Data for 24 Hours in Bytes
Total PacketDB Data for 24 Hours in GB/Day
Total PacketDB Data for 24 Hours in TB
Total PacketDB Tracking Data + Scan Data for Retention Period in
Total SessionDB Total Data for 24 Hours in Bytes
Total SessionDB Total Data for 24 Hours in GB/Day
Total SessionDB Total Data for 24 Hours in TB
Total SessionDB Tracking Data + Scan Data for Retention Period in
Total PacketDB + SessionDB + MongoDB Data for 24 Hours in Byte
Total PacketDB + SessionDB + MongoDB Data for 24 Hours in GB/
Total PacketDB + SessionDB + MongoDB Data for 24 Hours in TB
Total PacketDB + SessionDB + MongoDB Data for Retention Perio
ConcentratoTracking MetaDB Data for 24 Hours in Bytes

Tracking MetaDB Data for 24 Hours in GB/Day
Tracking MetaDB Data for 24 Hours in TB
Tracking MetaDB Data for Retention Period in TB
Tracking IndexDB Data for 24 Hours in Bytes
Tracking IndexDB Data for 24 Hours in GB/Day
Tracking IndexDB Data for 24 Hours in TB
Tracking IndexDB Data for Retention Period in TB
Tracking SessionDB Data for 24 Hours in Bytes
Tracking SessionDB Data for 24 Hours in GB/Day
Tracking SessionDB Data for 24 Hours in TB
Tracking SessionDB Data for Retention Period in TB
Scan MetaDB Data for 24 Hours in Bytes
Scan MetaDB Data for 24 Hours in GB/Day
Scan MetaDB Data for 24 Hours in TB
Scan MetaDB Data for Retention Period in TB
Scan IndexDB Data for 24 Hours in Bytes
Scan IndexDB Data for 24 Hours in GB/Day
Scan IndexDB Data for 24 Hours in TB
Scan IndexDB Data for Retention Period in TB
Scan SessionDB Data for 24 Hours in Bytes
Scan SessionDB Data for 24 Hours in GB/Day
Scan SessionDB Data for 24 Hours in TB
Scan SessionDB Data for Retention Period in TB
Total MetaDB Data for 24 Hours in Bytes
Total MetaDB Data for 24 Hours in GB/Day
Total MetaDB Data for 24 Hours in TB
Total MetaDB Tracking Data + Scan Data for Retention Period in T
Total IndexDB Data for 24 Hours in Bytes
Total IndexDB Data for 24 Hours in GB/Day
Total IndexDB Data for 24 Hours in TB
Total IndexDB Tracking Data + Scan Data for Retention Period in T
Total SessionDB Data for 24 Hours in Bytes
Total SessionDB Data for 24 Hours in GB/Day
Total SessionDB Data for 24 Hours in TB
Total SessionDB Tracking Data + Scan Data for Retention Period in
Total MetaDB + SessionDB Data for 24 Hours in Bytes
Total MetaDB + SessionDB Data for 24 Hours in GB/Day
Total MetaDB + SessionDB Data for 24 Hours in TB
Total MetaDB + SessionDB Data for Retention Period in TB
Mongo Tracking MongoDB Data for 24 Hours in Bytes

Tracking MongoDB Data for 24 Hours in GB/Day
Tracking MongoDB Data for 24 Hours in TB
Tracking MongoDB Data for Retention Period in TB
Scan MongoDB Data for 24 Hours in Bytes
Scan MongoDB Data for 24 Hours in GB/Day
Scan MongoDB Data for 24 Hours in TB
Scan MongoDB Data for Retention Period in TB
Scan MongoDB First Scan Data for Retention Period in Bytes
Scan MongoDB First Scan Data for Retention Period in TB
Total MongoDB Data for 24 Hours in Bytes
Total MongoDB Data for 24 Hours in GB/Day
Total MongoDB Data for 24 Hours in TB
Total MongoDB Tracking + 1st Scan + Scheduled Scans Data for Re
RSA | NETWIT
marks
1 Endpoint Agent Bytes per Day
Insights
Tracking
0
0
0
0
0
0
Value Defined Name

og Decoder Hybrid PrimaryELDecoder
g Mode Insights
Network Visibility 0
e Logs 0 ISEndpointFilesCollect
0 Endpoint_Scans_Per_
Insights Endpoint_Type_Select
0 Endpoint_WAgent_Co
0 Endpoint_MAgent_Co
se / Ubuntu Agents 0 Endpoint_LAgent_Cou
0 ISRawLogCompresssed
0 ISLogMetaCompresse
Days 365 LogLongTermRetentio
on Period in Days 0 LogLongTermWarmRe
riod 0.00 Endpoint_Scans_Raw
eriod 0.00 Endpoint_Scans_Meta
0 Endpoint_Total_Agen
ith Zero Scans 1 ISENull
0 ISEDROnly
0 ISLogsOnly
0 ISFilesOnly
0 ISEDRandLogs
0 EPS
0 EPS
e 0 EPS
0 EPS EndpointEventRate
0 Mbps
t Log Concentrator Bandwidth 0 Mbps ELogDtoC_Bandwidth
nt Stream Analysis Bandwidth 0 Mbps ELogCtoESA_Bandwid
Day
Value Defined Name
0 Bytes
0 Bytes
0 Bytes
4,720,064 Bytes
257,458 Bytes
107,274 Bytes
0 Bytes
0 Bytes
0 Bytes
4,934,612 Bytes
128,729 Bytes
107,274 Bytes
0 Bytes
643,645 Bytes
Value
Bytes 0 Bytes Only Windows Agents
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
Hours in Bytes 0 Bytes Only Windows Agents
Hours in GB/Day 0.00 GB/Day
Hours in TB 0.0000
tention Period in TB 0.0000
Bytes 0 Bytes Equivalent Bytes Per D
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
Bytes 0 Bytes
GB/Day 0.00 GB/Day
TB 0.0000
Data for Retention Period in TB 0.0000
urs in Bytes 0 Bytes
urs in GB/Day 0.00 GB/Day
urs in TB 0.0000
oDB Data for 24 Hours in Bytes 0 Bytes IF PrimaryELDecoder i
oDB Data for 24 Hours in GB/Day 0.00 GB/Day EndpointGBPerDay
oDB Data for 24 Hours in TB 0.0000 EndpointPacketDB_fo
oDB Data for Retention Period in TB 0.0000 EndpointPacketDB_fo
ytes 0 Bytes Only Windows Agents

B/Day 0.00 GB/Day
B 0.0000
iod in TB 0.0000
ytes 0 Bytes Only Windows Agents
B/Day 0.00 GB/Day
B 0.0000
iod in TB 0.0000
Bytes 0 Bytes Only Windows Agents
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
ytes 0 Bytes Equivalent Bytes Per D
B/Day 0.00 GB/Day
B 0.0000
iod in TB 0.0000
ytes 0 Bytes Equivalent Bytes Per D
B/Day 0.00 GB/Day
B 0.0000
iod in TB 0.0000
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
ytes 0 Bytes
B/Day 0.00 GB/Day
B 0.0000
ata for Retention Period in TB 0.0000
ytes 0 Bytes
B/Day 0.00 GB/Day
B 0.0000 EndpointIndexDB_for_
Data for Retention Period in TB 0.0000 EndpointIndexDB_for_
Bytes 0 Bytes
GB/Day 0.00 GB/Day
TB 0.0000
4 Hours in Bytes 0 Bytes
4 Hours in GB/Day 0.00 GB/Day
4 Hours in TB 0.0000 EndpointMetaDB_for_
etention Period in TB 0.0000 EndpointMetaDB_for_
Bytes 0 Bytes
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
GB/Day 0.00 GB/Day
TB 0.0000
eriod in TB 0.0000
etention Period in Bytes 0.0000 Bytes
etention Period in TB 0.0000
Bytes 0 Bytes
GB/Day 0.00 GB/Day
TB 0.0000000 EndpointMongoDB_fo
Scheduled Scans Data for Retention Period 0.0000 EndpointMongoDB_fo
Insights Insights + ENV

Scan Tracking Scan
4,720,064 6,007,354 4,720,064

257,458 858,193 257,458
107,274 278,913 107,274
4,934,612 7,938,289 4,934,612

128,729 150,184 128,729
107,274 278,913 107,274
643,645 32,182 643,645
ned Name
maryELDecoder
dpointFilesCollected
point_Scans_Per_Week
point_Type_Selected
point_WAgent_Count
point_MAgent_Count
point_LAgent_Count
RawRetentionPeriod
wLogCompresssed
MetaRetentionPeriod
gMetaCompressed
LongTermRetentionPeriod
LongTermWarmRetentionPeriod
point_Scans_Raw
point_Scans_Meta
point_Total_Agents
Null
DROnly
gsOnly
esOnly
DRandLogs
pointEventRate
gDtoC_Bandwidth
gCtoESA_Bandwidth
ned Name
y Windows Agents + mac OS X Agents
y Windows Agents + mac OS X Agents
valent Bytes Per Day Based on Scans Per Week

rimaryELDecoder is Decoder Subtract MongoDB
pointGBPerDay
pointPacketDB_for_24H
pointPacketDB_for_Period
y Windows Agents + Mac Agents

pointIndexDB_for_24H
pointIndexDB_for_Period
pointMetaDB_for_24H
pointMetaDB_for_Period
pointMongoDB_for_24H
pointMongoDB_for_Period
Metered Offering
User Input Network Line Rate in Mbps
User Input Network Utilization %
User Input Metadata Ratio %
User Input Desired Raw Retention Period in Days
User Input Desired Meta Retention Period in Days
User Input :: Include Malware Analysis Selected
User Input Quantity of Sites
Network Line Rate x Network Utilization % x Site Quantity
Malware Analysis Throughput for Raw Packets for 24 Hours in TB x Site Q
Raw Retention for 24 Hours in TB [Includes Site Quantity]
Raw Retention for 24 Hours x Retention Period in Days [Includes Site Qu
Meta Retention for 24 Hours in TB x Site Quantity
Meta Retention for 24 Hours x Retention Period in Days x Site Quantity
Index Retention for 24 Hours in TB x Site Quantity
Index Retention for 24 Hours x Retention Period in TB x Site Quantity


User Input :: Quantity of Sites
Raw Retention for 24 Hours in TB x Site Quantity
Raw Retention for 24 Hours x Retention Period in Days x Site Quantity

User Input :: Quantity of Sites

Raw Retention for 24 Hours in TB x Site Quantity
Widget One, Two, and Three Aggregation Calculations

User Input :: Customer Type Selection
User Input :: SKU Type Selection
User Input :: Current Customer Licensed Network Monitoring
User Input :: Current Customer Licensed Malware Analysis
Aggregate Network Line Rate x Network Utilization % x Site Quantity
Aggregate Malware Analysis Throughput for Raw Packets for 24 Hours in
Aggregate Raw Retention for 24 Hours in TB x Site Quantity
Aggregate Meta Retention for 24 Hours in TB x Site Quantity
Aggregate Meta Retention for 24 Hours x Retention Period in Days x Site
Aggregate Index Retention for 24 Hours x Retention Period in TB x Site Q
Aggregate Network Monitoring SKU Count
Aggregate Network Monitoring SKU Count + Existing Licensed Network M
Aggregate Malware Analysis SKU Count
Aggregate Malware Analysis SKU Count + Existing Licensed Malware Ana


SessionDB Retention for 24 Hours in TB x Site Quantity
SessionDB Retention for 24 Hours in TB x Retention Period [Includes Site
Raw Retention for 24 Hours in Bytes x Site Quantity
Raw Retention for 24 Hours in GB/Day [Includes Site Quantity]
Raw Retention for 24 Hours in TB x Retention Period in Days [Includes Si
Meta Retention for 24 Hours in Bytes [Includes Site Quantity]
Meta Retention for 24 Hours in TB [Includes Site Quantity]
Meta Retention for 24 Hours in TB x Retention Period in Days [Includes S
Meta Retention for 24 Hours in TB + SessionDB [Includes Site Quantity]
Index Retention for 24 Hours in TB x Retention Period [Includes Site Qua
SIEM Throughput for Raw Logs for 24 Hours in TB [Includes Site Quantity
SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Quantit
SIEM Perpetual SKU


Raw Retention for 24 Hours in GB/Day x Site Quantity
Index Retention for 24 Hours in TB [Includes Site Quantity]
SIEM Perpetual SKU


Raw Retention for 24 Hours in GB/Day [Includes Site Quantity]
Index Retention for 24 Hours in TB [Includes Site Quantity]
SIEM Perpetual SKU
Widget One, Two, and Three Aggregation Calculations

User Input :: New Customer
User Input :: SKU Type
User Input :: Current Customer Licensed SIEM Monitoring
Aggregate :: Raw Retention for 24 Hours in GB/Day [Includes Site Quanti
Aggregate :: Raw Retention for 24 Hours in TB [Includes Site Quantity]
Aggregate :: Raw Retention for 24 Hours in TB x Retention Period in Day
SIEM Perpetual SKU

RSA | NETWIT
Value
1,000
60%
5%
Days 7
n Days 45
cted 0
1
x Site Quantity 600 Mbps
ets for 24 Hours in TB 0.00
ets for 24 Hours in TB x Site Quantity 0.00
Site Quantity] 5.89
Site Quantity] 5.89
iod in Days [Includes Site Quantity] 41.25
antity 0.29
riod in Days x Site Quantity 13.26
antity 0.01
eriod in TB x Site Quantity 0.40
6
SA-NETMON-S-T1
SA-NETMON-P-T1
0
0
0
Value
1,000

60%
5%
Days 7
n Days 45
cted 0
0
0.00
ntity 0.00
iod in Days x Site Quantity 0.00
antity 0.00
antity 0.00
0
0
0
0
0
0
Value
1,000
60%
5%
Days 7
n Days 45
cted 0
0

0.00
ntity 0.00
antity 0.00
antity 0.00
0
0
0
0
0
0
alculations Value
1 TRUE = New, FALSE = E
1 1= Subscription, 2 = Pe
twork Monitoring 0
alware Analysis 0
lization % x Site Quantity 600 Mbps
r Raw Packets for 24 Hours in TB x Site Qua 0.00
B x Site Quantity 5.89
B x Site Quantity 0.29
etention Period in Days x Site Quantity 13.26
etention Period in TB x Site Quantity 0.40
6
+ Existing Licensed Network Monitoring 6
SA-NETMON-S-T1
SA-NETMON-P-T1
0
xisting Licensed Malware Analysis 0

0
0
Value Reference Names Onl

10,000 LogEventRate
500 LogEventSize
100% LogMetaDataRatio
1
te Quantity 0.026717
etention Period [Includes Site Quantity] 2.404558
Quantity 432,000,000,000 Bytes
udes Site Quantity] 402.33 GB/Day
Site Quantity] 0.42 LogPacketDB_for_24H
on Period in Days [Includes Site Quantity] 37.77 LogPacketDB_for_Per
des Site Quantity] 432,000,000,000 Bytes
s Site Quantity] 0.39
on Period in Days [Includes Site Quantity] 35.36
nDB [Includes Site Quantity] 0.42 LogMetaDB_for_24H
nDB x Retention Period in Days [Includes Sit 37.77 LogMetaDB_for_Perio
antity 0.01259
tion Period [Includes Site Quantity] 1.13 LogIndexDB_for_Perio
in TB [Includes Site Quantity] 0.39
in GB [Includes Site Quantity] 402.00
9
SA-SIEM-S-T2
SA-SIEM-P-T2

10,000 LogEventRate
500 LogEventSize

0
Quantity 0 Bytes
e Quantity 0.00 GB/Day
des Site Quantity] 0 Bytes
0
0
0

10,000 LogEventRate
500 LogEventSize
0
Quantity 0 Bytes

udes Site Quantity] 0.00 GB/Day
des Site Quantity] 0 Bytes
0
0
0
alculations Value Reference Names Onl

0 TRUE = New, FALSE = E
1 1= Subscription, 2 = Pe
M Monitoring 400
GB/Day [Includes Site Quantity] 402.33 GB/Day
TB [Includes Site Quantity] 0.42 LogPacketDB_for_24H
TB x Retention Period in Days [Includes Sit 37.77 LogPacketDB_for_Per
in GB [Includes Site Quantity] + Existing L 802.33
9
SA-SIEM-S-T2
SA-SIEM-P-T2


E = New, FALSE = Existing
ubscription, 2 = Perpetual

erence Names Only - NOT Excel Display Names
EventRate
EventSize
MetaDataRatio
RawRetentionPeriod
MetaRetentionPeriod
PacketDB_for_24H
PacketDB_for_Period
MetaDB_for_24H
MetaDB_for_Period
ndexDB_for_Period

EventRate
EventSize

MetaDataRatio
RawRetentionPeriod
MetaRetentionPeriod
PacketDB_for_24H
PacketDB_for_Period
MetaDB_for_24H
MetaDB_for_Period
ndexDB_for_Period

EventRate
EventSize
MetaDataRatio
RawRetentionPeriod
MetaRetentionPeriod

PacketDB_for_24H
PacketDB_for_Period
MetaDB_for_24H
MetaDB_for_Period
ndexDB_for_Period

E = New, FALSE = Existing
ubscription, 2 = Perpetual
PacketDB_for_24H
PacketDB_for_Period
MetaDB_for_24H
MetaDB_for_Period
ndexDB_for_Period


Virtual Machine Lookup Table
NetWitness Node Zero Server and Collocated Components (Jetty, Broker, IM, RE) Vir
VM Port Rate vCPU vCPU
NW Server SSL 12 31.18 GHz
AWS Port Rate vCPU vCPU

NW Server SSL 1,000 Mbps 8
NW Server SSL 1,500 Mbps 16
NW Server SSL 10,000 EPS 8
NW Server SSL 15,000 EPS 16
Azure Port Rate vCPU vCPU

SA Server SSL 10,000 EPS 16
SA Server SSL 15,000 EPS 16
Broker Virtual Machine

Broker SSL 4 10.40 GHz
AWS Port Rate vCPU vCPU

Broker SSL 4
Azure Port Rate vCPU vCPU

Broker SSL 4
Network Monitoring
VM Port Rate vCPU vCPU GHz
P Decoder SSL 50 Mbps 4 10.39 GHz

P Decoder SSL 1,000 Mbps 12 31.18 GHz
P Decoder SSL 1,500 Mbps 16 41.58 GHz
P Concentrator SSL 50 Mbps 4 10.39 GHz
P Concentrator SSL 1,000 Mbps 16 41.58 GHz
P Concentrator SSL 1,500 Mbps 24 62.38 GHz
P Warehouse SSL 500 Mbps 6 15.59 GHz
P Warehouse SSL 1,000 Mbps 6 15.59 GHz
P Warehouse SSL 1,500 Mbps 8 20.79 GHz
P ESA + CH SSL 7,000 Mbps 32 83.16 GHz
P UEBA SSL 7,000 Mbps 16 41.58 GHz
Malware Analysi SSL 7,000 Mbps 16 41.58 GHz
AWS Port Rate vCPU vCPU GHz

P Decoder SSL 500 Mbps 8
P Decoder SSL 1,000 Mbps 16
P Decoder SSL 1,500 Mbps 36
P Concentrator SSL 500 Mbps 16
P Concentrator SSL 1,000 Mbps 36
P Concentrator SSL 1,500 Mbps 40
P ESA + CH SSL 500 Mbps 8
P ESA + CH SSL 1,000 Mbps 8
P ESA + CH SSL 1,500 Mbps 16
Malware Analysi SSL
SIEM
L Decoder SSL 2,500 EPS 6 15.60 GHz
L Concentrator SSL 2,500 EPS 4 10.39 GHz

Archiver SSL 2,500 EPS 4 10.39 GHz
L Warehouse SSL 10,000 EPS 8 20.79 GHz
L Warehouse SSL 15,000 EPS 10 25.99 GHz
L ESA + CH SSL 90,000 EPS 32 83.16 GHz
L Collector SSL 15,000 EPS 8 20.79 GHz
L UEBA SSL 90,000 EPS 16 41.58 GHz
AWS Port Rate vCPU vCPU GHz

L Decoder SSL 5,000 EPS 8
L Concentrator SSL 5,000 EPS 4
Archiver SSL 5,000 EPS 4
L ESA + CH SSL 9,000 EPS 8
L Collector SSL 15,000 EPS 8
Azure Port Rate vCPU vCPU GHz


L Collector SSL 15,000 EPS 8
UEBA SSL 16
Network Monitoring
Other Virtual Machines Calculations
Other Virtual Machine Type
User Input :: Virtual Machine
User Input :: Virtual Machine Type
Other Virtual Machine Count
Other Virtual Machine AWS Instance Name
Other Virtual Machine Type Label
Other Virtual Machine Resource Allocation Label
Other Virtual Machine Minimum Required vCPUs
Other Virtual Machine Minimum Required vRAM
Other Virtual Machine Minimum Required Read IOPS
Other Virtual Machine Minimum Required Write IOPS
Other Virtual Machine Minimum Required Disk Allocation
Other Virtual Machine Minimum Required Disk Allocation Type
Other Virtual Machine Widget Footer Label
Other Virtual Machine Widget Footer Value
Other Virtual Machine Widget Alert Message
NetWitness Node Zero Server and Collocated Components (Jetty, Bro

AWS Instance Name
Minimum Required vCPU's
Minimum Required vCPU's GHz

Minimum Required vRAM
Minimum Required Read IOPS
Minimum Required Write IOPS
Minimum Required Disk Allocation

AWS Instance Name
Event Stream Analysis Server and Collocated Components (Context H

AWS Instance Name
User Entity and Behavioral Analysis Virtual Machine

AWS Instance Name
Malware Analysis Server Virtual Machine

AWS Instance Name
Packet Decoder Virtual Machine Calculations

Packet Decoder Virtual Machine Quantity
User Input :: Packet Decoder VM Count Manual Override Quantity
Packet Decoder VM Count Based on Line Rate
Packet Decoder VM Count Based on Line Rate Utilization
Total Packet Decoder VM Count
Total Packet Decoder VMs Required Based on Line Rate, Utilization R
Packet Decoder VM Widget Alert Message
Packet Decoder Virtual Machine Type

Packet Decoder Widget Amazon Instance Name
Packet Decoder Widget Type
Packet Decoder Widget Resource Allocation
Packet Decoder Widget Disk Allocation
Packet Decoder Widget Disk Allocation Operating System Type
Packet Decoder Widget Disk Allocation PacketDB Type
Packet Decoder Widget Disk Allocation SessionDB Type
Packet Decoder Widget Disk Allocation MetaDB Type
Packet Decoder Widget Disk Allocation Index Type
Packet Decoder Widget Footer Label
Packet Decoder Widget Footer Value
Packet Decoder Virtual Machine DB Sizing Per VM

(Network Line Rate x Network Utilization %) ÷ VM_PDecoder_Count
Minimum Required vCPU's For Each Packet Decoder VM
Minimum Required vCPU's GHz For Each Packet Decoder VM
Minimum Required vRAM for Each Packet Decoder VM
Line Rate Adjustment for OS Disk Calculation
OS Disk
PacketDB
SessionDB
MetaDB
Index
Total
Packet Concentrator Virtual Machine Calculations

Packet Concentrator Virtual Machine Quantity
User Input :: Packet Concentrator VM Count Manual Override Quanti
Packet Concentrator VM Count Based on Line Rate
Packet Concentrator VM Count Based on Line Rate Utilization
Total Packet Concentrator VM Count
Total Packet Concentrator VMs Required Based on Line Rate, Utilizati
Packet Concentrator VM Widget Alert Message
Packet Concentrator Virtual Machine Type

Packet Concentrator Widget Amazon Instance Name
Packet Concentrator Widget Type
Packet Concentrator Widget Resource Allocation
Packet Concentrator Widget Disk Allocation
Packet Concentrator Widget Disk Allocation Operating System Type
Packet Concentrator Widget Disk Allocation SessionDB Type

Packet Concentrator Widget Disk Allocation MetaDB Type
Packet Concentrator Widget Disk Allocation Index Type
Packet Concentrator Widget Footer Label
Packet Concentrator Widget Footer Value
Packet Concentrator Virtual Machine DB Sizing Per VM

(Network Line Rate x Network Utilization %) ÷ VM_PConcentrator_C
Minimum Required vCPU's For Each Packet Concentrator VM
Minimum Required vCPU's GHz For Each Packet Concentrator VM
Minimum Required vRAM for Each Packet Concentrator VM
Line Rate Adjustment for OS Disk Calculation
OS Disk
SessionDB
MetaDB
Index
Total
SIEM
Other Virtual Machines Calculations
Other Virtual Machine Type
User Input :: Virtual Machine
Other Virtual Machine Count
Other Virtual Machine AWS Instance Name
Other Virtual Machine Type Label
Other Virtual Machine Resource Allocation Label
Other Virtual Machine Minimum Required vCPUs
Other Virtual Machine Minimum Required vRAM
Other Virtual Machine Minimum Required Read IOPS

Other Virtual Machine Minimum Required Write IOPS
Other Virtual Machine Minimum Required Disk Allocation
Other Virtual Machine Minimum Required Disk Allocation Type
Other Virtual Machine Widget Footer Label
Other Virtual Machine Widget Footer Value
SA Server and Collocated Components (Jetty, Broker, IM, RE) Virtual

AWS Instance Name

AWS Instance Name
Event Stream Analysis Server and Collocated Components (Context H

AWS Instance Name

User Entity and Behavioral Analysis Virtual Machine
AWS Instance Name
Log Collector Virtual Machine

AWS Instance Name
Log Decoder Virtual Machine Calculations

Log Decoder Virtual Machine Quantity
User Input :: Virtual Machine Log Decoder Count Manual Override Q
Log Decoder VM Count Based on Event Rate x Event Utilization %
Log Decoder VM Count Based on Sustained Event Rate
Total Log Decoder VM Count
Total Log Decoder VMs Required Based on Line Rate, Utilization Rate
Log Decoder VM Widget Alert Message
Log Decoder Virtual Machine Type

Log Decoder Widget Amazon Instance Name
Log Decoder Widget Type

Log Decoder Widget Resource Allocation
Log Decoder Widget Disk Allocation
Log Decoder Widget Disk Allocation Operating System Type
Log Decoder Widget Disk Allocation PacketDB Type
Log Decoder Widget Disk Allocation SessionDB Type
Log Decoder Widget Disk Allocation MetaDB Type
Log Decoder Widget Disk Allocation Index Type
Log Decoder Widget Footer Label
Log Decoder Widget Footer Value
Log Decoder Virtual Machine DB Sizing Per VM

((LogEventRate x LogUtilization) + EndpointEventRate) ÷ VM_LDecod
Minimum Required vCPU's For Each Log Decoder VM
Minimum Required vCPU's GHz For Each Log Decoder VM
Minimum Required vRAM for Each Log Decoder VM
Event Rate Adjustment for OS Disk Calculation
OS Disk
RawDB
SessionDB
MetaDB
Index
Total
Log Concentrator Virtual Machine Calculations

Log Concentrator Virtual Machine Quantity
User Input :: Virtual Machine Log Concentrator Count Manual Overri
Log Concentrator VM Count Based on Event Rate x Event Utilization
Log Concentrator VM Count Based on Sustained Event Rate
Total Log Concentrator VM Count
Total Log Concentrator VMs Required Based on Event Rate, Sustaine

Packet Concentrator Widget Disk Allocation MetaDB Type HDD
VM_PConcentrator_MetaDB_Disk_Label
Packet Concentrator Widget Disk Allocation Index Type SSD
VM_PConcentrator_Index_Disk_Label
IsPacket
ResultConcentrator Widget
a Vaild/Supported Footer Label
Configuration? Enhanced Networking
VM_PConcentrator_Widget_Footer_Label
Log Concentrator VM Widget Alert Message
Packet Concentrator Widget Footer Value No
VM_PConcentrator_Widget_Footer_Value Concentrator Virt
Type
Log Concentrator Widget Amazon Instance Name
Log Concentrator Widget Type
Log Concentrator Widget Resource Allocation
Log Concentrator Widget Disk Allocation
Log Concentrator Widget Disk Allocation Operating System Type
Log Concentrator Widget Disk Allocation SessionDB Type
Log Concentrator Widget Disk Allocation MetaDB Type
Log Concentrator Widget Disk Allocation Index Type
Log Concentrator Widget Footer Label
Log Concentrator Widget Footer Value
Log Concentrator Virtual Machine DB Sizing Per VM

LogEventRate x LogUtilization ÷ VM_LConcentrator_Count
Minimum Required vCPU's For Each Log Concentrator VM
Minimum Required vCPU's GHz For Each Log Concentrator VM
Minimum Required vRAM for Each Log Concentrator VM
OS Disk
SessionDB
MetaDB
Index
Total
Archiver Virtual Machine Calculations

Archiver Virtual Machine Quantity

Packet Concentrator Widget Disk Allocation Disk Allocation Per
VM_PConcentrator_Widget_Disk_Label
Packet Concentrator Widget Disk Allocation Operating System Type
VM_PConcentrator_OS_Disk_Label
User Input
Packet :: Virtual Machine
Concentrator WidgetArchiver Count Manual
Disk Allocation Override
SessionDB Type Quanti
HD
VM_PConcentrator_SessionDB_Disk_Label
Virtual Machine - Archiver VM Count Based on Event Rate x Event Uti
PacketMachine
Virtual Concentrator Widget
- Archiver VMDisk Allocation
Count Based onMetaDB Type
Sustained Event HDD
Rate
VM_PConcentrator_MetaDB_Disk_Label
Virtual
PacketMachine - TotalWidget
Concentrator Archiver VMAllocation
Disk Count Index Type SSD
Virtual Machine - Total Archiver VMs Required Based on Event Rate,
VM_PConcentrator_Index_Disk_Label
PacketMachine
Virtual Concentrator Widget
- Is Result Footer Label Configuration?
a Vaild/Supported Enhanced Networking
VM_PConcentrator_Widget_Footer_Label
Virtual Machine - Archiver VM Widget Alert Message
Packet Concentrator Widget Footer Value No
VM_PConcentrator_Widget_Footer_Value Concentrator Virt
Type
Log Archiver Widget Amazon Instance Name
Log Archiver Widget Type
Log Archiver Widget Resource Allocation
Log Archiver Widget Disk Allocation
Log Archiver Widget Disk Allocation Operating System Type
Log Archiver Widget Disk Allocation SessionDB Type
Log Archiver Widget Disk Allocation MetaDB Type
Log Archiver Widget Disk Allocation Index Type
Log Archiver Widget Footer Label
Log Archiver Widget Footer Value
Archiver Virtual Machine DB Sizing Per VM

LogEventRate x LogUtilization ÷ VM_Archiver_Count
Minimum Required vCPU's For Each Archiver VM
Minimum Required vCPU's GHz For Each Archiver VM
Minimum Required vRAM for Each Archiver VM
OS Disk
RawDB
MetaDB

Index
Total

RSA | NETWIT
marks
Jetty, Broker, IM, RE) Virtual Machine

vRAM Read IOPSWrite IOPS
64 GB 100 350
vRAM Read IOPSWrite IOPS Instance Name Enhanced Networkin

32 GB m4.2xlarge No
64 GB m4.4xlarge No
32 GB m4.2xlarge No
64 GB m4.4xlarge No
vRAM Read IOPSWrite IOPS Instance Name OS

112 GB Standard D14 v2 CentOS

10 GB 100 350

16 GB m4.xlarge No

14 GB Standard DS3 v2 CentOS

32 GB 50 150
32 GB 50 250
32 GB 50 350

40 GB 150 200
50 GB 200 400
75 GB 200 650
32 GB 50 1,350
32 GB 100 1,700
32 GB 150 2,100
50 GB 250 4,600
50 GB 550 5,500
75 GB 1,050 6,500
32 GB 50 50
32 GB 50 50
40 GB 50 50
250 GB 50 50
64 GB 500 500
50 GB 300 650

15 GB c4.2xlarge Yes
30 GB c4.4xlarge No
60 GB c4.8xlarge No
160 GB m4.10xlarge No
32 GB m4.2xlarge No
61 GB r4.2xlarge No
122 GB r4.4xlarge No

32 GB 50 75
32 GB 100 100
32 GB 150 150
50 GB 300 50
60 GB 550 100
32 GB 300 1,800
32 GB 400 2,350

32 GB 500 4,500
50 GB 1,600 6,500
60 GB 1,600 7,600
32 GB 150 250
32 GB 150 250
32 GB 150 350
40 GB 1,300 700
45 GB 1,200 900
30 GB 50 50
35 GB 50 50
250 GB 50 50
8 GB 50 50
64 GB 500 500

16 GB m4.xlarge No
32 GB m4.2xlarge No
64 GB m4.4xlarge No
16 GB m4.xlarge No
32 GB m4.2xlarge No
64 GB m4.4xlarge No
32 GB m4.2xlarge No
61 GB r4.2xlarge No
122 GB r4.4xlarge No
15 GB c4.2xlarge No


16 GB Standard F8 CentOS
Value Defined Name

1 VM_POther_Machine
1 VM_POther_Type :: 1=
1 VM_POther_Count
VM_POther_Instance_
Virtual Machines VM_POther_Widget_T
Label Resource Allocation Per VM VM_POther_Widget_R
CPUs 12 VM_POther_vCPUs
RAM 64 VM_POther_vRAM
Read IOPS 100 VM_POther_RIOPS
Write IOPS 350 VM_POther_WIOPS
Disk Allocation 1.50 TB VM_POther_DiskTB
Disk Allocation Type SAS VM_POther_Disk_Lab
quired TOTAL IOPS Per VM VM_POther_Widget_F
450 VM_POther_Widget_F
1 VM_POther_Valid_Co
e VM_POther_Widget_A
d Components (Jetty, Broker, IM, RE) Virtu Value Defined Name

VM_SAServer_Instanc
12 VM_SAServer_vCPUs
31.18 GHz VM_SAServer_vCPUsG

64 GB VM_SAServer_vRAM
100 VM_SAServer_RIOPS
350 VM_SAServer_WIOPS
1.50 TB VM_SAServer_DiskTB
Value Defined Name

VM_Broker_Instance_
4 VM_Broker_vCPUs
10.40 GHz VM_Broker_vCPUsGH
10 GB VM_Broker_vRAM
100 VM_Broker_RIOPS
350 VM_Broker_WIOPS
1.50 TB VM_Broker_DiskTB
d Components (Context Hub) Virtual Machi Value Defined Name

VM_PESAServer_Insta
32 VM_PESAServer_vCPU
83.16 GHz VM_PESAServer_vCPU
250 GB VM_PESAServer_vRAM
50 VM_PESAServer_RIOP
50 VM_PESAServer_WIO
1.50 TB VM_PESAServer_DiskT
Machine Value Defined Name

VM_PUEBAServer_Ins
16 VM_PUEBAServer_vCP
41.58 GHz VM_PUEBAServer_vCP
64 GB VM_PUEBAServer_vRA
500 VM_PUEBAServer_RIO
500 VM_PUEBAServer_WI
1.50 TB VM_PUEBAServer_Dis
Value Defined Name

VM_MAServer_Instan
16 VM_MAServer_vCPUs
41.58 GHz VM_MAServer_vCPUs
50 GB VM_MAServer_vRAM
300 VM_MAServer_RIOPS
650 VM_MAServer_WIOPS
1.50 TB VM_MAServer_DiskTB
Value Defined Name

nual Override Quantity 0
te 1
te Utilization 1
1 VM_PDecoder_Count
on Line Rate, Utilization Rate, or Override Utilization Rate
1 VM_PDecoder_Valid_
VM_PDecoder_Widge
Value Defined Name

1 VM_PDecoder_Type :
ame VM_PDecoder_Instan
Decoder VMs VM_PDecoder_Widge
Resource Allocation Per VM VM_PDecoder_Widge
Disk Allocation Per VM VM_PDecoder_Widge
rating System Type SAS VM_PDecoder_OS_Di
etDB Type SAS VM_PDecoder_Packet
ionDB Type SAS VM_PDecoder_Sessio
aDB Type SAS VM_PDecoder_MetaD
x Type SAS VM_PDecoder_Index_
quired TOTAL IOPS Per VM VM_PDecoder_Widge
600 VM_PDecoder_Widge
er VM Value Defined Name

÷ VM_PDecoder_Count 600 Mbps
Decoder VM 12 VM_PDecoder_vCPUs
cket Decoder VM 31.18 GHz VM_PDecoder_vCPUs
ecoder VM 50 GB VM_PDecoder_vRAM_
200 VM_PDecoder_RIOPS
400 VM_PDecoder_WIOPS
n 1066.67
1.50 TB VM_PDecoder_OSDisk
41.25 TB VM_PDecoder_Packet
0.06 TB VM_PDecoder_Sessio
0.60 TB VM_PDecoder_MetaD
0.030 TB VM_PDecoder_IndexD
43.44 TB VM_PDecoder_DiskTo
ns
tity Value Defined Name
t Manual Override Quantity 0
ne Rate 1
ne Rate Utilization 1
1 VM_PConcentrator_C
sed on Line Rate, Utilization Rate, or Overr Utilization Rate
1 VM_PConcentrator_V
age VM_PConcentrator_W
Value Defined Name

1 VM_PConcentrator_T
ce Name VM_PConcentrator_In
Concentrator VMs VM_PConcentrator_W
ation Resource Allocation Per VM VM_PConcentrator_W
Disk Allocation Per VM VM_PConcentrator_W
Operating System Type SAS VM_PConcentrator_O
SessionDB Type SAS VM_PConcentrator_S

MetaDB Type SAS VM_PConcentrator_M
Index Type SSD VM_PConcentrator_In
quired TOTAL IOPS Per VM VM_PConcentrator_W
6,050 VM_PConcentrator_W
ing Per VM Value Defined Name

÷ VM_PConcentrator_Count 600 Mbps
Concentrator VM 16 VM_PConcentrator_vC
cket Concentrator VM 41.58 GHz VM_PConcentrator_vC
oncentrator VM 50 GB VM_PConcentrator_vR
550 VM_PConcentrator_R
5,500 VM_PConcentrator_W
n 1066.67
1.50 TB VM_PConcentrator_O
1.24 TB VM_PConcentrator_S
14.14 TB VM_PConcentrator_M
0.424 TB VM_PConcentrator_In
17.31 TB VM_PConcentrator_T
Value Defined Name

5 VM_LOther_Machine
2 VM_LOther_Type :: 1=
1 VM_LOther_Count
c4.2xlarge VM_LOther_Instance_
Instances VM_LOther_Widget_T
Label rce Allocation Per Instance VM_LOther_Widget_R
CPUs 8 VM_LOther_vCPUs
RAM 15 VM_LOther_vRAM
Read IOPS VM_LOther_RIOPS

Write IOPS VM_LOther_WIOPS
Disk Allocation 1.50 TB VM_LOther_DiskTB
Disk Allocation Type SSD VM_LOther_Disk_Lab
hanced Networking Enabled VM_LOther_Widget_F
VM_LOther_Widget_F
y, Broker, IM, RE) Virtual Machine Value Defined Name

#DIV/0! VM_LSAServer_Instan
#DIV/0! VM_LSAServer_vCPUs
VM_LSAServer_vCPUs
#DIV/0! VM_LSAServer_vRAM
VM_LSAServer_RIOPS
VM_LSAServer_WIOP
1.50 TB VM_LSAServer_DiskTB
Value Defined Name

m4.xlarge VM_LBroker_Instance
4 VM_LBroker_vCPUs
VM_LBroker_vCPUsGH
16 GB VM_LBroker_vRAM
VM_LBroker_RIOPS
VM_LBroker_WIOPS
1.50 TB VM_LBroker_DiskTB
d Components (Context Hub) Virtual Machi Value Defined Name

#DIV/0! VM_LESAServer_Insta
#DIV/0! VM_LESAServer_vCPU
VM_LESAServer_vCPU
#DIV/0! VM_LESAServer_vRAM
VM_LESAServer_RIOP
VM_LESAServer_WIOP
1.50 TB VM_LESAServer_DiskT

Machine Value Defined Name
VM_LUEBAServer_Ins
VM_LUEBAServer_vCP
VM_LUEBAServer_vCP
VM_LUEBAServer_vRA
VM_LUEBAServer_RIO
VM_LUEBAServer_WI
VM_LUEBAServer_Dis
Value Defined Name

c4.2xlarge VM_VLC_Instance_Na
8 VM_VLC_vCPUs
VM_VLC_vCPUsGHz
15 GB VM_VLC_vRAM
VM_VLC_RIOPS
VM_VLC_WIOPS
1.50 TB VM_VLC_DiskTB
Value Defined Name

ount Manual Override Quantity 0
e x Event Utilization % 0
Event Rate 0 Metrics Not Currently
0 VM_LDecoder_Count
ine Rate, Utilization Rate, or Override Utilization Rate
1 VM_LDecoder_Valid_C
VM_LDecoder_Widge
Value Defined Name

1 VM_LDecoder_Type ::
e VM_LDecoder_Instanc
Decoder VMs VM_LDecoder_Widge

Resource Allocation Per VM VM_LDecoder_Widge
Disk Allocation Per VM VM_LDecoder_Widge
ng System Type SAS VM_LDecoder_OS_Dis
DB Type SAS VM_LDecoder_Packet
DB Type SAS VM_LDecoder_Session
B Type SAS VM_LDecoder_MetaD
ype SAS VM_LDecoder_Index_
quired TOTAL IOPS Per VM VM_LDecoder_Widge
VM_LDecoder_Widge
VM Value Defined Name

EventRate) ÷ VM_LDecoder_Count #DIV/0!
coder VM #DIV/0! VM_LDecoder_vCPUs
g Decoder VM #DIV/0! VM_LDecoder_vCPUs
oder VM #DIV/0! VM_LDecoder_vRAM_
#DIV/0! VM_LDecoder_RIOPS
#DIV/0! VM_LDecoder_WIOPS
on #DIV/0!
#DIV/0! VM_LDecoder_OSDisk
#DIV/0! VM_LDecoder_Packet
#DIV/0! VM_LDecoder_Session
#DIV/0! VM_LDecoder_MetaD
#DIV/0! VM_LDecoder_IndexD
#DIV/0! VM_LDecoder_DiskTo
Value Defined Name

tor Count Manual Override Quantity 0
Rate x Event Utilization % 0
ined Event Rate 0 Metrics Not Currently
0 VM_LConcentrator_Co
d on Event Rate, Sustained Rate, or Overrid Utilization Rate

n MetaDB Type HDD
n Index Type SSD
Enhanced Networking Enabled 1 VM_LConcentrator_V

#DIV/0! VM_LConcentrator_W
No
Concentrator Virtual Machine
Value Defined Name
1 VM_LConcentrator_Ty
Name VM_LConcentrator_In
Concentrator VMs VM_LConcentrator_W
on Resource Allocation Per VM VM_LConcentrator_W
Disk Allocation Per VM VM_LConcentrator_W
erating System Type SAS VM_LConcentrator_O
ssionDB Type SAS VM_LConcentrator_Se
etaDB Type SAS VM_LConcentrator_M
dex Type SSD VM_LConcentrator_In
quired TOTAL IOPS Per VM VM_LConcentrator_W
Per VM Value Defined Name

ntrator_Count #DIV/0!
ncentrator VM #DIV/0! VM_LConcentrator_vC
g Concentrator VM #DIV/0! VM_LConcentrator_vC
centrator VM #DIV/0! VM_LConcentrator_vR
#DIV/0! VM_LConcentrator_RI
on #DIV/0!
#DIV/0! VM_LConcentrator_O
#DIV/0! VM_LConcentrator_Se
#DIV/0! VM_LConcentrator_M
#DIV/0! VM_LConcentrator_In
#DIV/0! VM_LConcentrator_To
Value Defined Name

n Disk Allocation Per Instance
n Operating System Type SSD
nt Manual Override
SessionDB Type Quantity
HDD 0
on Event Rate x Event Utilization % 0
nonMetaDB Type
Sustained Event HDD
Rate 0 Metrics Not Currently
n Index Type SSD 0 VM_Archiver_Count
ed Based on Event Rate, Sustained Rate, o Utilization Rate
Enhanced Networking Enabled
d Configuration? 1 VM_Archiver_Valid_C
Message #DIV/0! VM_Archiver_Widget_
No
Concentrator Virtual Machine
Value Defined Name
1 VM_Archiver_Type :: 1
e VM_Archiver_Instance
Archiver VMs VM_Archiver_Widget_
Resource Allocation Per VM VM_Archiver_Widget_
Disk Allocation Per VM VM_Archiver_Widget_
ng System Type SAS VM_Archiver_OS_Disk
DB Type SAS VM_Archiver_Session
B Type SAS VM_Archiver_MetaDB
ype SSD VM_Archiver_Index_D
quired TOTAL IOPS Per VM VM_Archiver_Widget_
#DIV/0! VM_Archiver_Widget_
Value Defined Name

er_Count #DIV/0!
r VM #DIV/0! VM_Archiver_vCPUs_
chiver VM #DIV/0! VM_Archiver_vCPUsG
VM #DIV/0! VM_Archiver_vRAM_P
#DIV/0! VM_Archiver_RIOPS
#DIV/0! VM_Archiver_WIOPS
on #DIV/0!
#DIV/0! VM_Archiver_OSDiskT
#DIV/0! VM_Archiver_PacketD
#DIV/0! VM_Archiver_MetaDB

#DIV/0! VM_Archiver_IndexDB
#DIV/0! VM_Archiver_TotalDis

hanced Networking
No
No
No
No
OS
CentOS
CentOS
hanced Networking
No
OS
CentOS

hanced Networking
Yes
Yes
Yes
No
No
No
No
No
No

hanced Networking
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
OS
CentOS
CentOS
CentOS
CentOS
CentOS
CentOS
CentOS

CentOS
CentOS
CentOS
CentOS
CentOS
CentOS
CentOS
ned Name
_POther_Machine :: 1=NW Server, 2=Broker, 3=ESA, 4=U
_POther_Type :: 1= VMware, 2 = AWS
_POther_Count
_POther_Instance_Name_Label
_POther_Widget_Type_Label
_POther_Widget_Resource_Label
_POther_vCPUs
_POther_vRAM
_POther_RIOPS
_POther_WIOPS
_POther_DiskTB
_POther_Disk_Label
_POther_Widget_Footer_Label
_POther_Widget_Footer_Value
_POther_Valid_Config
_POther_Widget_Alert
ned Name
_SAServer_Instance_Name
_SAServer_vCPUs
_SAServer_vCPUsGHz

_SAServer_vRAM
_SAServer_RIOPS
_SAServer_WIOPS
_SAServer_DiskTB
ned Name
_Broker_Instance_Name
_Broker_vCPUs
_Broker_vCPUsGHz
_Broker_vRAM
_Broker_RIOPS
_Broker_WIOPS
_Broker_DiskTB
ned Name
_PESAServer_Instance_Name
_PESAServer_vCPUs
_PESAServer_vCPUsGHz
_PESAServer_vRAM
_PESAServer_RIOPS
_PESAServer_WIOPS
_PESAServer_DiskTB
ned Name
_PUEBAServer_Instance_Name
_PUEBAServer_vCPUs
_PUEBAServer_vCPUsGHz
_PUEBAServer_vRAM
_PUEBAServer_RIOPS
_PUEBAServer_WIOPS
_PUEBAServer_DiskTB
ned Name

_MAServer_Instance_Name
_MAServer_vCPUs
_MAServer_vCPUsGHz
_MAServer_vRAM
_MAServer_RIOPS
_MAServer_WIOPS
_MAServer_DiskTB
ned Name
_PDecoder_Count
_PDecoder_Valid_Config
_PDecoder_Widget_Alert
ned Name
_PDecoder_Type :: 1= VMware, 2 = AWS
_PDecoder_Instance_Name_Label
_PDecoder_Widget_Type_Label
_PDecoder_Widget_Resource_Label
_PDecoder_Widget_Disk_Label
_PDecoder_OS_Disk_Label
_PDecoder_PacketDB_Disk_Label
_PDecoder_SessionDB_Disk_Label
_PDecoder_MetaDB_Disk_Label
_PDecoder_Index_Disk_Label
_PDecoder_Widget_Footer_Label
_PDecoder_Widget_Footer_Value
ned Name

_PDecoder_vCPUs_Per_Count
_PDecoder_vCPUsGHz_Per_Count
_PDecoder_vRAM_Per_Count
_PDecoder_RIOPS
_PDecoder_WIOPS
_PDecoder_OSDiskTB_Per_Count
_PDecoder_PacketDB_Per_Count
_PDecoder_SessionDB_Per_Count
_PDecoder_MetaDB_Per_Count
_PDecoder_IndexDB_Per_Count
_PDecoder_DiskTotalTB_Per_Count
ned Name
_PConcentrator_Count
_PConcentrator_Valid_Config
_PConcentrator_Widget_Alert
ned Name
_PConcentrator_Type :: 1= VMware, 2 = AWS
_PConcentrator_Instance_Name_Label
_PConcentrator_Widget_Type_Label
_PConcentrator_Widget_Resource_Label
_PConcentrator_Widget_Disk_Label
_PConcentrator_OS_Disk_Label
_PConcentrator_SessionDB_Disk_Label

_PConcentrator_MetaDB_Disk_Label
_PConcentrator_Index_Disk_Label
_PConcentrator_Widget_Footer_Label
_PConcentrator_Widget_Footer_Value
ned Name
_PConcentrator_vCPUs_Per_Count
_PConcentrator_vCPUsGHz_Per_Count
_PConcentrator_vRAM_Per_Count
_PConcentrator_RIOPS
_PConcentrator_WIOPS
_PConcentrator_OSDiskTB_Per_Count
_PConcentrator_SessionDB_Per_Count
_PConcentrator_MetaDB_Per_Count
_PConcentrator_IndexDB_Per_Count
_PConcentrator_TotalDiskTB_Per_Count
ned Name
_LOther_Machine :: 1=NW Server, 2=Broker, 3=ESA+CH, 4
_LOther_Type :: 1= VMware, 2 = AWS, 3 = Azure
_LOther_Count
_LOther_Instance_Name_Label
_LOther_Widget_Type_Label
_LOther_Widget_Resource_Label
_LOther_vCPUs
_LOther_vRAM
_LOther_RIOPS

_LOther_WIOPS
_LOther_DiskTB
_LOther_Disk_Label
_LOther_Widget_Footer_Label
_LOther_Widget_Footer_Value
ned Name
_LSAServer_Instance_Name
_LSAServer_vCPUs
_LSAServer_vCPUsGHz
_LSAServer_vRAM
_LSAServer_RIOPS
_LSAServer_WIOPS
_LSAServer_DiskTB
ned Name
_LBroker_Instance_Name
_LBroker_vCPUs
_LBroker_vCPUsGHz
_LBroker_vRAM
_LBroker_RIOPS
_LBroker_WIOPS
_LBroker_DiskTB
ned Name
_LESAServer_Instance_Name
_LESAServer_vCPUs
_LESAServer_vCPUsGHz
_LESAServer_vRAM
_LESAServer_RIOPS
_LESAServer_WIOPS
_LESAServer_DiskTB

ned Name
_LUEBAServer_Instance_Name
_LUEBAServer_vCPUs
_LUEBAServer_vCPUsGHz
_LUEBAServer_vRAM
_LUEBAServer_RIOPS
_LUEBAServer_WIOPS
_LUEBAServer_DiskTB
ned Name
_VLC_Instance_Name
_VLC_vCPUs
_VLC_vCPUsGHz
_VLC_vRAM
_VLC_RIOPS
_VLC_WIOPS
_VLC_DiskTB
ned Name
rics Not Currently Collected to Calculate

_LDecoder_Count
_LDecoder_Valid_Config
_LDecoder_Widget_Alert
ned Name
_LDecoder_Type :: 1= VMware, 2 = AWS, 3 = Azure
_LDecoder_Instance_Name_Label
_LDecoder_Widget_Type_Label

_LDecoder_Widget_Resource_Label
_LDecoder_Widget_Disk_Label
_LDecoder_OS_Disk_Label
_LDecoder_PacketDB_Disk_Label
_LDecoder_SessionDB_Disk_Label
_LDecoder_MetaDB_Disk_Label
_LDecoder_Index_Disk_Label
_LDecoder_Widget_Footer_Label
_LDecoder_Widget_Footer_Value
ned Name
_LDecoder_vCPUs_Per_Count
_LDecoder_vCPUsGHz_Per_Count
_LDecoder_vRAM_Per_Count
_LDecoder_RIOPS
_LDecoder_WIOPS
_LDecoder_OSDiskTB_Per_Count
_LDecoder_PacketDB_Per_Count
_LDecoder_SessionDB_Per_Count
_LDecoder_MetaDB_Per_Count
_LDecoder_IndexDB_Per_Count
_LDecoder_DiskTotalTB_Per_Count
ned Name

_LConcentrator_Count

_LConcentrator_Valid_Config
_LConcentrator_Widget_Alert
ned Name
_LConcentrator_Type :: 1= VMware, 2 = AWS, 3 = Azure
_LConcentrator_Instance_Name_Label
_LConcentrator_Widget_Type_Label
_LConcentrator_Widget_Resource_Label
_LConcentrator_Widget_Disk_Label
_LConcentrator_OS_Disk_Label
_LConcentrator_SessionDB_Disk_Label
_LConcentrator_MetaDB_Disk_Label
_LConcentrator_Index_Disk_Label
_LConcentrator_Widget_Footer_Label
_LConcentrator_Widget_Footer_Value
ned Name
_LConcentrator_vCPUs_Per_Count
_LConcentrator_vCPUsGHz_Per_Count
_LConcentrator_vRAM_Per_Count
_LConcentrator_RIOPS
_LConcentrator_WIOPS
_LConcentrator_OSDiskTB_Per_Count
_LConcentrator_SessionDB_Per_Count
_LConcentrator_MetaDB_Per_Count
_LConcentrator_IndexDB_Per_Count
_LConcentrator_TotalDiskTB_Per_Count
ned Name

_Archiver_Count
_Archiver_Valid_Config
_Archiver_Widget_Alert
ned Name
_Archiver_Type :: 1= VMware, 2 = AWS, 3 = Azure
_Archiver_Instance_Name_Label
_Archiver_Widget_Type_Label
_Archiver_Widget_Resource_Label
_Archiver_Widget_Disk_Label
_Archiver_OS_Disk_Label
_Archiver_SessionDB_Disk_Label
_Archiver_MetaDB_Disk_Label
_Archiver_Index_Disk_Label
_Archiver_Widget_Footer_Label
_Archiver_Widget_Footer_Value
ned Name
_Archiver_vCPUs_Per_Count
_Archiver_vCPUsGHz_Per_Count
_Archiver_vRAM_Per_Count
_Archiver_RIOPS
_Archiver_WIOPS
_Archiver_OSDiskTB_Per_Count
_Archiver_PacketDB_Per_Count
_Archiver_MetaDB_Per_Count

_Archiver_IndexDB_Per_Count
_Archiver_TotalDiskTB_Per_Count

Compression Factor 0.29
Device Avg Message Size Avg EPS/Device Raw Bytes/Second Raw Bytes/Day Compressed Bytes/Day
aix 193.42 0.5 96.71 8355704.22 2423154.22
apache 304.54 0.3 91.36 7893609.80 2289146.84
cacheflow 357.77 34.5 12342.91 1066427758.71 309264050.03
checkpointfw1 371.75 29.6 11003.88 950735562.13 275713313.02
ciscoacs 192.03 0.3 57.61 4977541.19 1443486.95
ciscocontenteng 254.73 1.0 254.73 22008558.73 6382482.03
ciscocss 154.39 0.3 46.32 4001914.39 1160555.17
ciscoidsxml 496.60 0.4 198.64 17162426.63 4977103.72
ciscopix 210.57 30.1 6338.16 547617159.53 158808976.26
ciscorouter 178.73 0.3 53.62 4632674.07 1343475.48
ciscoswitch 156.91 0.3 47.07 4067236.35 1179498.54
ciscovpn 224.56 0.5 112.28 9700833.59 2813241.74
epolicy 325.06 0.3 97.52 8425560.02 2443412.40
extremesw 123.28 0.3 36.98 3195483.77 926690.29
foundryswitch 137.68 0.3 41.31 3568754.02 1034938.67
hpswitch 133.64 0.3 40.09 3463842.19 1004514.24
hpux 169.83 0.3 50.95 4402038.06 1276591.04
intelvpn 135.77 29.3 3978.07 343705442.50 99674578.32
intrushield 302.12 0.3 90.64 7830867.68 2270951.63
ironport 148.40 0.3 44.52 3846487.50 1115481.38
iss 262.08 0.4 104.83 9057384.00 2626641.36
ita 576.72 0.5 288.36 24914216.75 7225122.86
junipervpn 277.50 0.3 83.25 7192798.24 2085911.49
linux 137.28 1.3 178.47 15419804.83 4471743.40
mazu 275.67 0.3 82.70 7145280.00 2072131.20
microsoftiis 399.03 0.3 119.71 10342891.87 2999438.64
msexchange 382.11 0.3 114.63 9904282.45 2872241.91
mssql 440.70 0.3 132.21 11422888.98 3312637.81
nfrnids 716.69 0.3 215.01 18576512.12 5387188.52
nic 243.18 4.5 1094.33 94550058.49 27419516.96
nokiaipso 151.52 1.1 166.67 14400708.27 4176205.40
nortelpassport 152.33 0.3 45.70 3948361.64 1145024.88
nortelvpn 214.29 0.3 64.29 5554370.72 1610767.51
oracle 474.09 0.3 142.23 12288380.76 3563630.42
rhlinux 175.52 0.5 87.76 7582637.29 2198964.81
rsaacesrv 278.61 0.3 83.58 7221459.44 2094223.24
sns 376.77 0.3 113.03 9765856.55 2832098.40
solaris 201.08 0.3 60.32 5211887.22 1511447.29
tippingpoint 274.69 0.3 82.41 7119948.27 2064785.00
unknown 210.48 0.5 105.24 9092940.64 2636952.79
winevent_nic 426.82 0.9 384.14 33189746.70 9625026.54
winevent_snare 323.79 0.5 161.90 13987921.01 4056497.09
Total 143 38934 3363909791 975533839

Com. GB/Day Com. GB/Year
0.00 0.82
0.00 0.78
0.29 105.13
0.26 93.72
0.00 0.49
0.01 2.17
0.00 0.39
0.00 1.69
0.15 53.98
0.00 0.46
0.00 0.40
0.00 0.96
0.00 0.83
0.00 0.32
0.00 0.35
0.00 0.34
0.00 0.43
0.09 33.88
0.00 0.77
0.00 0.38
0.00 0.89
0.01 2.46
0.00 0.71
0.00 1.52
0.00 0.70
0.00 1.02
0.00 0.98
0.00 1.13
0.01 1.83
0.03 9.32
0.00 1.42
0.00 0.39
0.00 0.55
0.00 1.21
0.00 0.75
0.00 0.71
0.00 0.96
0.00 0.51
0.00 0.70
0.00 0.90
0.01 3.27
0.00 1.38
0.91 331.62

NEW RSA NetWitness Platform Scenario Planner - V11.5.4.2021

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NEW RSA NetWitness Platform Scenario Planner - V11.5.4.2021

Uploaded by

Copyright:

Available Formats

NETWO METERE RSA | NETWITNESS SCENARIO PLANNER

Input Omit Decoder Meta Disk Approximate Bill of Materials

Decoder Appliance Concentrator Appliance Hybrid Appliance

≈ 13.8 Days ≈ 150.8 Days Meta Retention ≈ 84.6 Days

Decoder VMs Concentrator VMs Other VMs

Decoder VMs 1 Concentrator VMs 1 Virtual Machines 1

Disk Allocation Per VM Disk Disk Allocation Per VM Disk

Internal Use - Confidential

Log Input Omit Decoder Meta Disk Endpoint Input

Event Utilization Monitoring Mode

Event Size Bytes Expanded Network Visibility

Metadata Ratio Collect File Logs

RAW Retention Days Scans Per Week

RAW Compression disabled Agents

Meta Retention 30 Days Windows

Meta Compression disabled mac OS X

Long Term Retention 365 Days CentOS / RH Enterprise / Ubuntu

Warm / Cold Retention 0 Days

Per Day Per Period 0.00 GB

Decoder Appliance Err:508 Concentrator Appliance

Total PV-A Total

#Internal Use - Confidential

Qty Description RawDB Days Qty SKU

Decoder VMs Concentrator VMs

Total Vmware Total

Decoder VMs 0 Concentrator VMs

Disk Allocation Per VM Disk Disk Allocation Per VM

#Internal Use - Confidential

#Internal Use - Confidential

Approximate Event Rate ≈0

tor Appliance Archiver Appliance

#Internal Use - Confidential

SKU MetaDB Days Qty SKU DB

tor VMs Archiver VMs

rator VMs 0 Archiver VMs 0

sk Allocation Per VM Disk Disk Allocation Per VM

#Internal Use - Confidential

#Internal Use - Confidential

UEBA Users 10,000 Quantity

Online Physical Host Installation Guide

#Internal Use - Confidential

Days Meta Retention ≈ 0.0 Days

Days Qty SKU Raw Days Meta Days

#Internal Use - Confidential

Send Us Feedback 11.5.4.2021

#Internal Use - Confidential

Line Rate 1,000 Mbps Line Rate

Utilization 60% Utilization

Metadata Ratio 5% Metadata Ratio

RAW Retention 7 Days RAW Retention

Meta Retention 45 Days Meta Retention

SKU Count SKU Throughput Per Day SKU Count SKU

Per Day Per Period Per Day

Event Size 500 Bytes Event Size

Metadata Ratio 100% Metadata Ratio

RAW Retention 90 Days RAW Retention

#Internal Use - Confidential

Meta Retention 90 Days Meta Retention

SKU Count SKU Throughput Per Day SKU Count SKU

Per Day Per Period Per Day

#Internal Use - Confidential

0 Sites Exclude MA 0 Sites

1,000 Mbps Line Rate 1,000