QA has seen some limits upwards of 255 devices but the the general rule is as long as your total devices event rates are not exceeding your limits of your ESM then you can have as many as you want/need.
From the Mcafee website:
Hardware Specifications ETM-X6 ETM-X4 ETM-6000 ETM-5600 Collection Rates 300,000 events per second1 150,000 events per second1 70,000 events per second1 50,000 events per second1 Analytical Performance Less than 10 seconds2 Less than 30 seconds2 Less than 1 minute2 Less than 3 minutes2 Local Storage 14 TB3 + 3.2 TB Flash 14 TB3 + 800 GB SSD 14 TB3 8 TB3
- Based on typical network environments using average event and flow aggregation.
- Indicates the average response time to generate a monthly report consisting of all events that occurred over a period of 30 days.
- Represents usable event and flow storage, after RAID configuration.
For example, if I got ETM-5600 and I want to add 8 of ERC-1250.
ETM-5600 can handle 50,000 EPS.
ERC-1250 can handle 5,000 EPS. 8 of ERC-1250 will be 40,000 EPS in total.
So in above case, it would be fine since EPS is still not overwhelm ESM, correct?
Thank you very much for information.
1 of 1 people found this helpful
Theoretically that should work. But those numbers are in ideal conditions. Out of sync data and correlation can cause the system to perform differently. In most situations yes you will be fine but as a note those are ideal situational numbers.