RSA NetWitness Scenario Planner v11.3.11.2019

NETWOR R S A | N E T W I T N E S S SC E N A R I O PL AN N E R
NETWORK
K SI EM METERED
Input Approximate Bill of Materials Omit MA Add ESA

Utilization ≈ 60% Throughput Subscription Decoder & Concentrator Hardware
Line Rate 1,000 Mbps
Hour Utilization Hour Utilization SKU Count SKU
12:00 AM 30% 12:00 PM 95% 6 SA-NETMON-S-T1
Utilization 60% 1:00 AM 30% 1:00 PM 85% 1 NW-S6H-AS-NL
2:00 AM 35% 2:00 PM 80% 1 SA-S6H-ESA-NL
Metadata Ratio 5% 3:00 AM 45% 3:00 PM 75% 1 NW-S6H-NDEC-NL
4:00 AM 50% 4:00 PM 70% 2 NW-PVHD72
Raw Retention 7 Days
5:00 AM 55% 5:00 PM 65% 1 NW-S6H-CON-NL
6:00 AM 60% 6:00 PM 60% 1 NW-PVHP56
Meta Retention 30 Days
7:00 AM 65% 7:00 PM 55% #VALUE! #VALUE!
8:00 AM 70% 8:00 PM 50% #VALUE! #VALUE!
9:00 AM 75% 9:00 PM 45% #VALUE! #VALUE!
Per Day Per Period 10:00 AM 80% 10:00 PM 40% #VALUE! #VALUE!
PacketDB MetaDB Index PacketDB MetaDB 11:00 AM 85% 11:00 PM 30% #VALUE! #VALUE!
5.89 TB 0.29 TB 0.27 TB 41.25 TB 8.84 TB #VALUE! #VALUE!
6,035 GB 302 GB 272 GB 42,245 GB 9,052 GB #VALUE! #VALUE!
Network Monitoring Throughput ≈ 5.89 TB/Day #VALUE! #VALUE!
Equivalent Sustained Line Rate 600 Mbps Online Physical Host Installation Guide
Decoder Appliance Concentrator Appliance Hybrid Appliance

Raw Retention Manual Override Meta Retention Manual Override Raw & Meta Retention Manual Override
Total 72TB PV Total 56TB PV Total S6 + 1*96TB PV
Decoders 1 Concentrators
1 Hybrids + DAC 1
PowerVaults 2 PowerVaults 1 Raw Retention ≈ 12.5 Days
≈ 15.5 Days ≈ 120.3 Days Meta Retention ≈ 113.3 Days
■ □□ ■□ ■□
Qty Description PacketDB Days Qty Description MetaDB Days Qty Description Raw Days Meta Days
1 72TB PV 102% 6.88 1 56TB PV 25% 120.33 1 S6 + 1*96TB PV 12.46 113.33
2 72TB PV 45% 15.47 2 56TB PV 12% 240.66 2 S6 + 1*96TB PV 24.93 226.67
3 72TB PV 29% 24.07 3 56TB PV 8% 360.99 3 S6 + 1*96TB PV 37.40 340.01
4 72TB PV 21% 32.66 4 56TB PV 6% 481.31 4 S6 + 1*96TB PV 49.86 453.35
5 72TB PV 17% 41.26 5 56TB PV 5% 601.64 5 S6 + 1*96TB PV 62.33 566.69
Total Bandwidth to Concentrator ≈ 30 Mbps Total Bandwidth to ESA ≈ 30 Mbps Total Bandwidth to ESA ≈ 30 Mbps
Decoder VMs Concentrator VMs Other VMs

Raw Retention Manual Override Meta Retention Manual Override NetWitness Server
Total VMware Total VMware Total VMware
Decoder VMs 1 Concentrator VMs 1 Virtual Machines 1

12 vCPUs 16 vCPUs 12 vCPUs
Resource Allocation Per VM Resource Allocation Per VM Resource Allocation Per VM
50 GB vRAM 50 GB vRAM 50 GB vRAM
43.44 TB Total Disk 12.02 TB Total Disk 1.50 TB SAS
200 Read IOPS 550 Read IOPS 100 Read IOPS
400 Write IOPS 5,500 Write IOPS 350 Write IOPS
Disk Allocation Per VM Disk Disk Allocation Per VM Disk

Operating System 1.50 TB SAS Operating System 1.50 TB SAS Online Virtual Host Installation Guide
PacketDB 41.25 TB SAS SessionDB 1.24 TB SAS
SessionDB 0.06 TB SAS MetaDB 8.84 TB SAS Online AWS Installation Guide
MetaDB 0.60 TB SAS Index 0.44 TB SSD
Index 0.03 TB SAS Online Azure Installation Guide
Minimum Required TOTAL IOPS Per VM 600 Minimum Required TOTAL IOPS Per VM 6,050 Minimum Required TOTAL IOPS Per VM 450
# Internal Use - Confidential

NETWORK SI EM METERED
Input
Event Rate 10,000 EPS
Event Utilization 50%

Event Size 500 Bytes
Metadata Ratio 100%

RAW Retention 60 Days
Long Term Retention 365 Days
Warm / Cold Retention 0 Days
Per Day Per Period

RawDB MetaDB Index RawDB MetaDB
0.21 TB 0.21 TB 0.38 TB 12.59 TB 12.59 TB
215 GB 215 GB 387 GB 12,891 GB 12,891 GB
≈ 201 GB/Day
Decoder Appliance
Raw Retention Manual Override
Total 72TB PV
Decoders 1
PowerVaults 1

≈ 193.1 Days
■□
Qty Description RawDB Days
1 72TB PV 31% 193.14
2 72TB PV 14% 434.57
3 72TB PV 9% 676.00
4 72TB PV 7% 917.43
5 72TB PV 5% 1,158.86
Total Bandwidth to Concentrator ≈ 19 Mbps
Decoder VMs
Raw Retention Manual Override
Total VMware
Decoder VMs 1
8 vCPUs
Resource Allocation Per VM
25 GB vRAM
13.12 TB Total Disk
100 Read IOPS
100 Write IOPS
Disk Allocation Per VM Disk

Operating System 0.32 TB SAS
PacketDB 12.59 TB SAS
SessionDB 0.01 TB SAS
MetaDB 0.20 TB SAS
Index 0.01 TB SAS
Minimum Required TOTAL IOPS Per VM 200

Approximate Event Rate ≈0
Event Size ≈0
Quantity Device Class
0 Unix or Linux Servers
0 Windows Active Directory
0 Windows IIS / Exchange
0 Windows General Purpose
0 Web Servers
0 Proxy Servers
0 Antivirus Servers
0 NAS
0 Database Servers
0 DNS and DHCP Servers
0 Routers and Switches
0 Firewalls
0 IDS or IPS
0 VPNs
Total 0
≈ 0 GB/Day
Concentrator Appliance
Meta Retention Manual Override
Total 56TB PV
Concentrators 1
PowerVaults 1

≈ 169.0 Days
■□
Qty SKU MetaDB Days
1 56TB PV 36% 169.00
2 56TB PV 18% 338.00
3 56TB PV 12% 507.00
4 56TB PV 9% 676.00
5 56TB PV 7% 845.00
Total Bandwidth to ESA ≈ 19 Mbps
Concentrator VMs
Meta Retention Manual Override
Total VMware
Concentrator VMs 1
4 vCPUs
25 GB vRAM
15.34 TB Total Disk
400 Read IOPS
2,350 Write IOPS

MetaDB 12.59 TB SAS
Index 0.63 TB SSD
Minimum Required TOTAL IOPS Per VM 2,750

RSA
Bill of Materials Add Archiver Add ESA Omit UEBA

Throughput Subscription Hybrid Hardware
SKU Count SKU
5 SA-SIEM-S-T1
1 NW-S6H-AS-NL
1 NW-S6H-ESA-NL
1 NW-S6H-ARCH-NL
1 SA-HDUDAC-180
1 NW-S6H-LHYBRID-NL
1 NW-PVHD96
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
UEBA User 10,000 Quantity
Online Physical Host Installation Guide
Archiver Appliance
Long Term Retention Manual Override
Total 180TB UltraDAC
Archivers 1
UltraDACs 1

≈ 3174.0 Days
■□
Qty SKU DB Days
1 180TB UltraDAC 11% 3,174.77
2 180TB UltraDAC 6% 6,349.55
3 180TB UltraDAC 4% 9,524.32
4 180TB UltraDAC 3% 12,699.09
5 180TB UltraDAC 2% 15,873.87
Warm / Cold Storage Requirement ≈ 0.0 TB
Archiver VMs
Long Term Retention Manual Override
Total VMware
Archiver VMs 1
4 vCPUs
25 GB vRAM
20.05 TB Total Disk
150 Read IOPS
250 Write IOPS

RawDB 8.53 TB SAS
MetaDB 10.67 TB SAS
Index 0.53 TB SSD

RSA | NETWITNESS SCENARIO PLANNER
NOTICE
This | NETWITNESS SCENARIO PLANNER assumes

that the number of devices and the total
anticipated Average daily Event Rate and Average
daily Event size for all log sources has been
calculated. When scoping a SIEM solution, the most
accurate method to determine log data generation
is to take a sample over a given time period using a
syslog server tool. This | NETWITNESS SCENARIO
PLANNER uses the values input to approximate the
amount of raw log data and log metadata
generated daily and uses the input retention values
to determine the approximate amount of storage
required to satisfy the input metrics.
Hybrid Appliance
Raw & Meta Retention Manual Override
Total S6 + 1*96TB PV
Hybrids + DAC 1
Raw Retention
Raw Retention ≈ 254.7 Days

Meta Retention ≈ 254.7 Days
■□
Qty SKU Raw Days Meta Days
1 S6 + 1*96TB PV 254.69 254.69
2 S6 + 1*96TB PV 509.39 509.39
3 S6 + 1*96TB PV 764.08 764.08
4 S6 + 1*96TB PV 1,018.78 1,018.78
5 S6 + 1*96TB PV 1,273.47 1,273.47
Total Bandwidth to ESA ≈ 19 Mbps
Other VMs
NetWitness Server
Total VMware
Virtual Machines 1
12 vCPUs
50 GB vRAM
1.50 TB SAS
100 Read IOPS
350 Write IOPS
Online Virtual Host Installation Guide
Online AWS Installation Guide
Online Azure Installation Guide
Send Us Feedback 11.3.11.2019

NNER

NETWORK SIE M METERED
1 Sites Exclude MA
Utilization 60%
Metadata Ratio 5%
SKU Count SKU Throughput Per Day

6 SA-NETMON-S-T1 5.89 TB
Per Day Per Period

PacketDB MetaDB Index PacketDB MetaDB
5.89 TB 0.29 TB 0.40 TB 41.25 TB 13.26 TB
6,035 GB 302 GB 407 GB 42,245 GB 13,579 GB
Equivalent Sustained Line Rate 600 Mbps
1 Sites ◀
Metadata Ratio 100%



9 SA-SIEM-S-T2 402 GB
Per Day Per Period

0.42 TB 0.42 TB 1.13 TB 37.77 TB 37.77 TB
430 GB 430 GB 1,160 GB 38,672 GB 38,672 GB
≈ 402 GB/Day

0 Sites Exclude MA
Utilization 60%
Metadata Ratio 5%

0 0 0.00 TB
Per Day Per Period

0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
0 GB 0 GB 0 GB 0 GB 0 GB
0 Sites ◀
Metadata Ratio 100%



0 0 0 GB
Per Day Per Period

0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
≈ 0 GB/Day

RSA
0 Sites Exclude MA
Utilization 60%
Metadata Ratio 5%

0 0 0.00 TB
Per Day Per Period

0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
0 Sites ◀
Metadata Ratio 100%



0 0 0 GB
Per Day Per Period

0.00 TB 0.00 TB 0.00 TB 0.00 TB 0.00 TB
≈ 0 GB/Day

RSA | NETWITNESS SCENARIO PLANNER
Total Metered Network
Customer Type SKU Type

New Subscription
Licensed Network Monitoring 50 TB
Licensed Malware Analysis 50 TB

6 SA-NETMON-S-T1 5.89 TB
Per Day Per Period

5.89 TB 0.29 TB 0.40 TB 41.25 TB 13.26 TB
6,035 GB 302 GB 407 GB 42,245 GB 13,579 GB
Total Metered SIEM
Customer Type SKU Type

Existing Subscription

Licensed SIEM Monitoring 400 GB

9 SA-SIEM-S-T2 402 GB
Per Day Per Period

0.42 TB 0.42 TB 1.13 TB 37.77 TB 37.77 TB
430 GB 430 GB 1,160 GB 38,672 GB 38,672 GB
≈ 402 GB/Day
Send Us Feedback 11.3.11.2019

NNER

SIEM Devices
Approximate
Input
Quantity Vendor
0 Apache
0 Apple
0 Blue Coat Systems
0 Blue Coat Systems
0 Check Point
0 Check Point
0 Check Point
0 Check Point
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco
0 Cisco

0 CyberGuard
0 Enterasys Networks
0 Extreme Networks
0 Fortinet
0 Foundry Networks
0 FreeBSD
0 HP
0 IBM
0 IBM
0 IBM
0 Intel
0 ISS
0 ISS
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 Juniper Networks
0 McAfee
0 McAfee
0 McAfee
0 McAfee
0 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Microsoft
0 Network Appliance
0 Network Appliance
0 NFR

0 Nokia
0 Nortel
0 Nortel
0 Nortel
0 Novell
0 Open Source
0 Oracle
0 Red Hat
0 RSA Security
0 Secure Computing
0 Solsoft
0 SonicWALL
0 Sun
0 Symantec
0 Symantec
0 Symantec
0 Symantec
0 TippingPoint
0 Top Layer
0 Top Layer
0 Trend Micro
0 WebSense
Total Devices:
Total EPS:
KB / Second:

Event Rate
Event Size
Categoy Class
Host Web Logs
Host UNIX
Host Web Logs
Host Web Logs
Storage Firewall
Host Firewall / VPN
Security Firewall / VPN
Host Firewall / VPN
Network Access Control
Security Firewall
Host Firewall / VPN
Host Firewall / VPN
Security IDS/IPS
Storage IDS/IPS
Host IDS/IPS
Security Routing
Security Switching
Network Switching
Security VPN
Host Web Logs
Security Wireless

Security IDS/IPS
Security Switching
Security Switching
Security UNIX
Security UNIX
Host Mainframe
Midrange
UNIX
VPN
IDS/IPS
IDS/IPS
Config. & Policy Mg
Firewall / VPN
IDS/IPS
Routing
VPN
Anti Virus
Anti Virus
IDS/IPS
IDS/IPS
Database
Mail Server
Web Logs
Web Logs
Windows
Windows
Windows
Windows
Storage
Web Logs
IDS/IPS

UNIX
Routing
VPN
Web Logs
UNIX
IDS/IPS
Database
UNIX
Access Control
Firewall
Config. & Policy Mg
Firewall / VPN
UNIX
Anti Virus
Firewall
IDS/IPS
IDS/IPS
IDS/IPS
Access Control
IDS/IPS
Anti Virus
Web Logs
0
0.0
0.00

≈0
≈0
Description
Apache HTTP Server
Apple Mac OS X
Blue Coat Systems CacheOS
Blue Coat Systems SGOS (Security Gateway Appl.)
Check Point Provider-1
Check Point FireWall-1; NG R5x, NG with AI, NGX
Check Point SmartDefense FireWall-1
Check Point VPN-1
Cisco Access Control Server
Cisco Cisco Adaptive Security Appliance Software
Cisco PIX Firewall
Cisco ASA Firewall
Cisco Secure IDS
Cisco Secure IDS (XML)
Cisco Security Agent
Cisco Router
Cisco Catalyst Switch 6500 CATOS
Cisco Content Services Switch
Cisco VPN 3000 Concentrator
Cisco Content Engine
Cisco Aironet AP (Wireless Access Point)

CyberGuard Firewall TSP Family Series
Enterasys Networks Dragon
Extreme Networks ExtremeWare Switch
Fortinet FortiGate Antivirus Firewall
Foundry Networks Switch
FreeBSD FreeBSD
HP UX
IBM OS390/ZOS (Mainframe SMA_RT)
IBM iSeries (AS400)
IBM AIX 5L
Intel NetStructure VPN
ISS RealSecure IDS Server Sensor
ISS SiteProtector
Juniper Networks NetScreen-Security Manager
Juniper Networks NetScreen Firewall ScreenOS
Juniper Networks IDP
Juniper Networks JUNOS Router
Juniper Networks SSL VPN
McAfee ePolicy Orchestrator
McAfee VirusScan Enterprise
McAfee Entercept
McAfee Intrushield
Microsoft SQL Server
Microsoft Exchange Server
Microsoft IIS
Microsoft ISA Server
Microsoft Windows
Microsoft Windows - Event Reporter
Microsoft Windows - NIC Agentless
Microsoft Windows - Snare
Network Appliance Data ONTAP
Network Appliance NetCache
NFR NIDS

Nokia IP Series
Nortel Passport 8600 Routing Switch
Nortel Contivity VPN Switch
Nortel Alteon Switch Firewall
Novell SuSE Linux
Open Source SNORT
Oracle 8i, 9i and 10g
Red Hat Linux, SuSE Linux, Debian Linux
RSA Authentication Manager
Secure Computing Sidewinder G2 Security Appliance
Solsoft NP
SonicWALL Firewall
Sun Solaris
Symantec AntiVirus Corporate Edition
Symantec Enterprise Firewall
Symantec Network Security
Symantec Intruder Alert
TippingPoint UnityOne
Top Layer Secure Edge Controller
Top Layer Attack Mitigator
Trend Micro OfficeScan
WebSense Web Security Suite

RSA | NETWI
EPS
Bytes
Average Event Rate Average Event Size

0.30 0.00
0.30 0.00
34.50 0.00
34.50 0.00
29.60 0.00
29.60 0.00
29.60 0.00
29.60 0.00
0.30 0.00
30.10 0.00
30.10 0.00
30.10 0.00
0.40 0.00
0.40 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.50 0.00
1.00 0.00
0.30 0.00

30.10 0.00
30.10 0.00
0.30 0.00
30.10 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.50 0.00
29.30 0.00
0.40 0.00
0.40 0.00
0.30 0.00
30.10 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.30 0.00
0.30 0.00
1.00 0.00
0.90 0.00
0.50 0.00
0.90 0.00
0.50 0.00
0.30 0.00
1.00 0.00
0.30 0.00

1.10 0.00
0.30 0.00
0.30 0.00
1.00 0.00
0.50 0.00
0.40 0.00
0.30 0.00
0.50 0.00
0.30 0.00
30.10 0.00
0.30 0.00
30.10 0.00
0.30 0.00
0.30 0.00
30.10 0.00
0.40 0.00
0.40 0.00
0.30 0.00
0.30 0.00
0.40 0.00
0.30 0.00
1.00 0.00

RSA | NETWITNESS SCENARIO PLANNER v11.3.11.2019
KB per Second KB per Day Total EPS

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0
0.0

RSA | NETWITNESS SCENARIO PLANNER Help Page
Current Version: 11.3.11.2019 Last Updated: October 17, 2018
4,500 60% Large bold green numeric values in white cells are user input data entry fields requiring manual entry. In a few fields dropdown selections
are provided but, manual data entry is not prohibited.
45% 2,500 Black numeric values in green cells are user input data entry fields requiring manual entry. In a few fields dropdown selections are provided
50% 1,250 but, manual data entry is not prohibited.
4 ≈ 15.0 Large bold black numeric values in blue cells are primary calculation results. The ≈ symbol represents mathematical "ALMOST EQUAL TO".
The results of the calcualtions provided are approximations - NOT absolutes.
67% 12:00 PM
Black numeric values in gray cells are either secondary calculation results or static labels.
52% 1:00 PM
These are THREE separate user selection dropdown boxes Select the desired available options to influence the results in the Bill of Materials
Throughput Subscription Decoder & Concentrator Hardware
Widgets.
Manual Override This is a user selection dropdown box. Select the desired available values to influence the calculation results in the widget.
This is an example widget ADVISORY title. When certain conditions exist widget title bars will display with black text on an orange
Appliance or VM Advisory Message Text
background. The "message text" will describe the ADVISORY condition. ADVISORY conditions are SUPPORTED configurations.
This is an example widget WARNING title. When certain conditions exist widget title bars will display with white text on a red background.
Appliance or VM Warning Message Text
The "message text" will describe the WARNING condition. WARNING conditions are UNSUPPORTED configurations.
Input Primary Network [packets] Data Input Widget

Line Rate 1,000 Mbps Average network line rate for a typical busy day.
Utilization 60% Network Line Rate x Utilization = Equivalent Sustained Line Rate. Equivalent Sustained Line Rate is used to calculate quantity of appliances,
VM specifications, and required capacity.
Metadata Ratio 5% Percentage of Metadata created for the network(s) being consumed. Typical rate is 4% to 6%.
Raw Retention 7 Days Quantity of desired days solution will provide full network session reconstruction.
Meta Retention 30 Days Quantity of desired days solution will provide metadata for Dashboards, Reports, and Investigations.
Per Day Per Period

5.89 TB 0.29 TB 0.27 TB 41.25 TB 8.84 TB
Quantity of Raw [PacketDB] and MetaDB data generated per day and per period in TeraBytes and GigaBytes based on widget user input
6,035 GB 302 GB 272 GB 42,245 GB 9,052 GB
Network Line Rate x Utilization = Equivalent Sustained Line Rate. Equivalent Sustained Line Rate is used to calculate quantity of appliances,
Equivalent Sustained Line Rate 600 Mbps VM specifications, and required capacity.
Approximate
The "Approximate Utilization" widget is a stand-alone helper widget. Data input in this widget is not required and has no affect on any
Utilization ≈ 60% Network calculations other than this widget.
Hour Utilization Hour Utilization
12:00 AM 30% 12:00 PM 95%
1:00 AM 30% 1:00 PM 85%
2:00 AM 35% 2:00 PM 80%
3:00 AM 45% 3:00 PM 75%
4:00 AM 50% 4:00 PM 70%
5:00 AM 55% 5:00 PM 65% To approximate the daily utilization of a network, input the approximate network utilization values for each hour, for a typical busy day. The
6:00 AM 60% 6:00 PM 60% resulting value in the blue cell can then be manually input and used as the utilization value in the primary network data input widget.
7:00 AM 65% 7:00 PM 55%

8:00 AM 70% 8:00 PM 50%
9:00 AM 75% 9:00 PM 45%
10:00 AM 80% 10:00 PM 40%
11:00 AM 85% 11:00 PM 30%
Graphical representation of the input daily network utilization
Bill of Materials Omit MA Add ESA

The "Bill of Materials" widget is a helper, informational widget. Data presented in this widget is NOT intended as a final or authoritative bill
Throughput Subscription Decoder & Concentrator Hardware
of materials.
SKU Count SKU
6 SA-NETMON-S-T1
1 NW-S6H-AS-NL
1 SA-S6H-ESA-NL
1 NW-S6H-NDEC-NL
2 NW-PVHD72
1 NW-S6H-CON-NL
1 NW-PVHP56
#VALUE! #VALUE! Appliance and Software is an invalid conifguration.
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
#VALUE! #VALUE!
Online Physical Host Installation Guide Hyperlink to the online physical host guide
Decoder Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total 72TB PV Dropdown box to select desired capacity type - DAC, UltraDAC, or SAN
Decoders 1 Quantity of Decoder appliances required to satisfy desired retention based on input network line rate, utilization and selected capacity type
PowerVaults 2 Quantity of capacity type required to satisfy desired retention based on input network line rate, utilization and selected capacity type
≈ 15.5 Days APPROXIMATE days of full session reconstruction retention provided based on input network line rate, utilization and selected capacity type
■ □□ Graphical representation of the quantity of Decoder appliances and selected capacity

Qty Description PacketDB Days
1 72TB PV 102% 6.88
2 72TB PV 45% 15.47
3 72TB PV 29% 24.07 Dynamically updated table based on the user selected capacity, DAC, UltraDAC, or SAN
4 72TB PV 21% 32.66
5 72TB PV 17% 41.26
Total Bandwidth to Concentrator ≈ 30 Mbps APPROXIMATE aggregate bandwidth required from ALL Decoder appliances to ALL Concentrator appliances
Concentrator Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Meta Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total 56TB PV Dropdown box to select desired capacity type - DAC or SAN
Concentrators
1 Quantity of Concentrator appliances required to satisfy desired retention based on input network line rate, utilization, metadata ratio and
selected capacity type
PowerVaults 1 Quantity of capacity type required to satisfy desired retention based on input network line rate, utilization, metadata ratio and selected
capacity type
≈ 120.3 Days APPROXIMATE days of metadata retention provided based on input network line rate, utilization, metadata ratio and selected capacity type
■□ Graphical representation of the quantity of Concentrator appliances and selected capacity

Qty SKU MetaDB Days
1 56TB PV 25% 120.33
2 56TB PV 12% 240.66
3 56TB PV 8% 360.99
4 56TB PV 6% 481.31
5 56TB PV 5% 601.64
Total Bandwidth to ESA ≈ 30 Mbps APPROXIMATE aggregate bandwidth required from ALL Concentrator appliances to a SINGLE Event Stream Analysis appliance
Hybrid Appliance Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw & Meta Retention Manual Override Dropdown box to manually override the calculated quantity of appliances.
Total S6 + 1*96TB PV Dropdown box to select desired Hybrid type and capacity type
Quantity of Hybrid appliances or Hybrid appliances plus a single DAC each, required to satisfy desired retention based on input network line
Hybrids + DAC 1 rate, utilization, metadata ratio and selected capacity type
Raw Retention ≈ 12.5 Days APPROXIMATE days of full session reconstruction retention provided based on input network line rate, utilization and selected capacity type
Meta Retention ≈ 113.3 Days APPROXIMATE days of metadata retention provided based on input network line rate, utilization, metadata ratio and selected capacity type
■□ Graphical representation of the quantity of Concentrator appliances and selected capacity

Qty SKU Raw Days Meta Days
1 S6 + 1*96TB PV 12.46 113.33
2 S6 + 1*96TB PV 24.93 226.67
3 S6 + 1*96TB PV 37.40 340.01
4 S6 + 1*96TB PV 49.86 453.35
5 S6 + 1*96TB PV 62.33 566.69
Total Bandwidth to ESA 30 Mbps APPROXIMATE aggregate bandwidth required from ALL Hybrid appliances to a SINGLE Event Stream Analysis appliance
Decoder VMs Widget title bar. May include ADVISORY or WARNING message text [see above].
Raw Retention Manual Override Dropdown box to manually override the calculated quantity of virtual machines.
Total VMware Dropdown box to select Vmware or AWS [Amazon Web Services]
Decoder VMs 1 Quantity of Packet Decoder Virtual Machines required to satisfy desired full session reconstruction retention based on input network line rate
and utilization
AWS dedicated instance name

12 vCPUs Quantity of virtual CPUs required PER Virtual Machine
50 GB vRAM Quantity of virtual RAM required PER Virtual Machine
43.44 TB Total Disk Quantity of Total Disk space required PER Virtual Machine
200 Read IOPS MINIMUM required READ IOPS PER EACH Decoder Virtual Machine
400 Write IOPS MINIMUM required WRITE IOPS PER EACH Decoder Virtual Machine

PacketDB 41.25 TB SAS
SessionDB 0.06 TB SAS Additional details regarding the disk allocation PER Virtual Machine
MetaDB 0.60 TB SAS
Index 0.03 TB SAS
Minimum Required TOTAL IOPS Per VM 600 MINIMUM required TOTAL IOPS PER EACH Decoder Virtual Machine OR AWS Enhanced Networking Requirement
Concentrator VMs Widget title bar. May include ADVISORY or WARNING message text [see above].
Meta Retention Manual Override Dropdown box to manually override the calculated quantity of virtual machines.
Total VMware Dropdown box to select Vmware or AWS [Amazon Web Services]
Concentrator VMs 1 Quantity of Concentrator Virtual Machines required to satisfy desired full session reconstruction retention based on input network line rate
and utilization
AWS dedicated instance name

16 vCPUs Quantity of virtual CPUs required PER Virtual Machine
50 GB vRAM Quantity of virtual RAM required PER Virtual Machine
12.02 TB Total Disk Quantity of Total Disk space required PER Virtual Machine
550 Read IOPS MINIMUM required READ IOPS PER EACH Decoder Virtual Machine
5,500 Write IOPS MINIMUM required WRITE IOPS PER EACH Decoder Virtual Machine

MetaDB 8.84 TB SAS Additional details regarding the disk allocation PER Virtual Machine
Index 0.44 TB SSD
Minimum Required TOTAL IOPS Per VM 6,050 MINIMUM required TOTAL IOPS PER EACH Decoder Virtual Machine OR AWS Enhanced Networking Requirement
Other VMs Widget title bar. May include ADVISORY or WARNING message text [see above].

RSA | NETWITNESS SCENARIO PLANNER Change Log
Current Version: 11.3.11.2019
Version: 11.3.11.2019
Release Notes
Update
Updated Network Hybrid and Log Hybrid capacity selections [removed DACS and a
Added Series 6 Appliances to the "Appliance" Tab
Updated ESA SKUs for both network and SIEM Bill of Materials results from S5 to S6
Updated hyperlinks to online documents
Version: 11.3.07.2019
Release Notes
Bug Fix
Updated log decoder retention in days formula
Version: 11.2.12.2018
Release Notes
Update
Updated all Powervault available capacity based on new metrics from engineering
Updated all Series 6 Hybrid capacity based on new metrics from engineering
Version: 11.2.10.2018
Release Notes
Update
Added Hybrid selections for both Network and SIEM
Updated Series 5 Hybrid selection to 'S5'
Updated Series 5 Hybrid plus a single DAC selection to 'S5 + DAC'
Added Series 5 Hybrid plus a single 72TB Powervault. Selection is 'S5 + 1*72T
Added Series 6 Hybrid Only [no DAC - no Powervault]. Selection is 'S6'
Added Series 6 Hybrid with a single 72TB Powervault. Selection is 'S6 + 1*72T
Added Series 6 Hybrid with two 72TB Powervaults. Selection is 'S6 + 2*72TB P

Added Series 6 Hybrid with a single 144TB Powervault. Selection is 'S6 + 1*14
Added Hybrid business logic for both Network and SIEM Bill of Materials
Added Maximum Supported Rate for a Single ESA for both Network and SIEM
Added Bill of Materials Calculation(s) to Add Additional ESAs Based on Maximum S
Added 96TB Self Encrypting Drive PowerVault selection to network and log decode
Added 78TB Self Encrypting Drive PowerVault selection to network and log concen
Added UEBA selection to SIEM Bill of Materials widget
Added UEBA user quantity input field to SIEM Bill of Materials widget
Added UEBA virtual machine selection to SIEM "Other" VM widget
Updated embedded hyperlinks to external documentation
Bug Fix
Updated SIEM Bill of Materials business logic to correctly add a Broker based on SI
Updated network and log virtual machine conditional logic
Version: 11.1.7.2018
Release Notes
Update
Updated the nomeclature in the dropdown selections for both Network and SIEM fo
Updated SIEM calculations to correctly utilize Powervault capacity
Updated Network calculations to correctly utilize Powervault capacity
Version: 11.0.7.2018
Release Notes
Update
Deleted SKU Reference Tab - The Scenario Planner is NOT the definitive source of S
Added PowerVault DACs to Network and SIEM capacity selections, associated reten
Added SIEM Input 'Event Utilization'
Added 'Network Monitoring Throughput' calculation to the bottom of the Network I
Updated SIEM retention calculations to include 'Event Utilization'
Updated SIEM VM retention calculations to include 'Event Utilization'
Version: 11.0.05.2018
Release Notes

Bug Fix
Updated Network and SIEM VM Widgets Dropdown Selections
Version: 11.0.03.2018
Release Notes
Update
Updated SKU Reference
Added Unity SAN to Network and SIEM capacity selections, associated retention ca
Version: 10.6.10.2017
Release Notes
Update
Removed 12TB DAC selection from both log and packet Concentrator dropdown
Version: 10.6.07.2017
Release Notes
Update
Added additional values to the VM Formula QE Benchmark Lookup Tables for AWS
AWS VM Lookup tables now includes QE tested specifications for
500, 1,000, and 1,500 Mbps [Network]
5,000, 10,000, and 15,000 EPS [SIEM]
Version: 10.6.06.2017
Release Notes
Update
Updated Capacity Reference
VNX2 SAN - LG Maximum Shelves REDUCED from 66 to 60
Bug Fix
Updated SIEM tab Decoder VM Widget total disk calculation [cell E52]
Updated SIEM Formula Reference Warm / Cold Storage Requirement calculation [ce

Version: 10.6.04.2017
Release Notes
Update
AWS [Amazon Web Services] selections added to ALL virtual machine calculation w
AWS [Amazon Web Services] SKUs added to Network and SIEM Bill of Materials wid
Updated Help Tab to include updates to all virtual machine calculation wi
Implemented new Scenario Planner version number structure
Version number structure = A.B.C.D
A = Major version
B = Minor version
C = MM [Month]
D = YYYY [Year]
Version: 10.6.0120
Release Notes
Update
Added Meta Data Ratio dropdown selection to SIEM INPUT and Metered SIEM INPUT
Updated Help Tab to include new SIEM Input Meta Data Ratio dropdown selection
Added additional values to the VM Formula QE Benchmark Lookup Table
VM Lookup table now includes QE tested specifications for
50, 100, 250, 500, 1,000, and 1,500 Mbps [Network]
2,500, 5,000, 7,500, 10,000, and 15,000 EPS [SIEM]
Bug Fix
Update SIEM Formula Reference Approximate Widget total event size calculation [c
Version: 10.6.1017
Release Notes
Update
Updated VM Formula Reference
Complete update of the Virtual Machine Lookup Table
QE Performance benchmark testing now includes Read IOPS and Write IOPS
Updated Network Virtual Machine Widgets to include Read IOPS and Write IOPS

Updated SIEM Virtual Machine Widgets to include Read IOPS and Write IOPS
Bug Fix
Updated Network BOM Widget, SIEM BOM Widget, and Metered Widgets to correct
Throughput SKU Count calculations are now performed utilizing the ROUNDUP
Version: 10.6.0916
Release Notes
Update
Changed SIEM and Metered SIEM PacketDB labels to RawDB
Changed Metered "Quantity of Sites" dropdown list default value from one to zero
Changed SIEM Input Event Rate maximum permissible value from 250,000 to 1,00
Bug Fix
Updated Network BOM Widget to correctly calculate requirements for additional SA
Updated Metered Network calculations
Updated Metered SIEM calculations
Updated Total Metered Network existing customer data input, permitting value(s) o
Updated Total Metered SIEM existing customer data input, permitting value of zero
Network Formula Reference

Bill of Materials Calculations
Updated SAN Rack calculation [cell P175], IF statement now references PDecoder_
Version: 10.6.0726
Release Notes
Update
Updated Appliance Reference specifications
Updated Series 5 Core specifications
Updated Series 5 ESA specifications
Updated Series 5 Hybrid specifications
Updated Log Hybrid - Maximum Supported Average Event Rate to 20,000 EPS
Bug Fix

Updated SIEM Hybrid Appliance capacity calculations to correctly calculate HYBRID
Updated SIEM Archiver Appliance capacity calculations to correctly calculate availa
Updated Network Packet Hybrid capacity calculations IF Statement logic to mainta
Updated Bill of Materials Concentrator 12TB DAC SKU for Appliance based model s
SIEM Formula Reference

Log Hybrid Quantity and Storage
Updated User Input :: Log Hybrid + DAC Selected [cell K114], removed double quo
Updated Log Hybrid Storage Type Widget Label [cell K116], removed double quote
Updated Log Hybrid Storage Type Widget Label [cell K116], IF statement now refer
Updated PacketDB Capacity in TB for Selected Option [cell K117], removed double
Updated PacketDB Capacity in TB for Selected Option [cell K117], IF statement now
Updated MetaDB Capacity in TB for Selected Option [cell K118], removed double q
Updated MetaDB Capacity in TB for Selected Option [cell K118], IF statement now
Archiver Storage
Updated Total Storage Available in TB Based on DAC or SAN Shelf Count + Overrid
Updated Concentrator 12TB DAC SKU for Appliance based model to SA-HPD12H1

Packet Hybrid Quantity and Storage
Updated User Input :: Hybrid + DAC Selected [cell K72], removed double quotes fr
Updated Packet Hybrid Storage Type Widget Label [cell K74], removed double quo
Updated Packet Hybrid Storage Type Widget Label [cell K74], IF statement now ref
Updated PacketDB Capacity in TB for Selected Option [cell K75], removed double q
Updated PacketDB Capacity in TB for Selected Option [cell K75], IF statement now
Updated MetaDB Capacity in TB for Selected Option [cell K76], removed double qu
Updated MetaDB Capacity in TB for Selected Option [cell K76], IF statement now r
Update Concentrator 12TB DAC SKU for Appliance based model to SA-HPD12H1
Version: 10.6.0628
Release Notes
Update

Updated SIEM calculation(s) maximum supported Event Rates [EPS] per device
This | NETWITNESS SCENARIO PLANNER has a single entry input for SIEM Even
Event Rate is, input the value equal to the "AVERAGE aggregate log event rate
Bug Fix
Updated SIEM Archiver Virtual Machine disk allocation calculations
Updated warning and advisory widget banner conditional logic
Updated SIEM BOM calculations for throughput model correcting blank SKU values
Global Formula Reference

Network & SIEM
Changed Log Decoder - Maximum Supported Average Event Rate [cell K32] from 2
Changed Log Concentrator - Maximum Supported Average Event Rate [cell K33] fr
Changed Archiver - Maximum Supported Average Event Rate [cell K34] from 20,00

Daily Usage Calculations
Long Term Calculations
Created Defined Name "ArchiverPacketDB_for_Period" for Long Term (Compress
Created Defined Name "ArchiverMetaDB_for_Period" for Long Term (Compresse
Metrics Relevant to Metered Offerings
Modified SIEM Throughput for Raw Logs for 24 Hours in GB [cell K158] calculati
Modified SIEM Perpetual SKU [cell K161] nested IF statement. Corrected an erro
VM Formula Reference
SIEM Virtual Machine Calculations
Archiver Virtual Machine Total DB Sizing
Modified PacketDB in TB [cell K214] to equal defined name value "ArchiverPack
Modified MetaDB in TB [cell K215] to equal defined name value "ArchiverMetaD
Modified IndexDB in TB [cell K216] to equal defined name value "ArchiverMeta
Archiver Virtual Machine DB Sizing Per VM
Modified PacketDB in TB [cell K230] to equal calculation of "ArchiverPacketDB_
Modified MetaDB in TB [cell K231] to equal calculation of "ArchiverMetaDB_for_

Modified IndexDB in TB [cell K232] to equal calculation of "(ArchiverMetaDB_fo
Version: 10.6.0624
Release Notes
Packaging
Inclusion of a "Change Log"
Consistent and easily identifiable versioning
"Send Us Feedback" email hyperlink included on all primary user input calculation
Enhancements
Added display of "Per Day" and "Per Period" breakdown of the Index, Packet, and M
Added Manual Override for Decoder, Concentrator, Archiver, and Hybrid appliance
Added retention by user selected storage options
Added dynamically updated display of the PacketDB and Days of retention availab
Added maximum supported Line Rate and Event Rate throughput per service (Glob
Added maximum supported DACs and UltraDACs (Global Formula Reference)
Added an "Approximate" network utilization helper widget (Network Tab)
Added equivalent sustained line rate metric for network monitoring sizing
Added Decoder to Concentrator required bandwidth metric to both network monito
Added Concentrator to ESA required bandwidth metric to both network monitoring
Added Hybrid to ESA required bandwidth metric to both network monitoring and S
Added Appliance hardware specifications
Added SKUs Reference
Added a Bill of Materials builder which includes the Appliance Based Model and the
Added an basic "Approximate" Event Rate and Event Size helper widget (SIEM Tab
Added a comprehensive "Approximate" Event Rate and Event Size helper (SIEM De
Added software virtual machine sizing for both Network and SIEM scoping providin
Added software virtual machine sizing minimum required IOPS per Decoder, Conce
Added software virtual machine maximum supported Line Rates and Event Rates (
Added software virtual machine Manual Override for Decoder, Concentrator, and A
Bug Fix
Consistent use of decimal and thousands separator
Version: 10.6.0624

Updated Archiver Virtual Machine DB Sizing Per VM PacketDB calculation [cell K230
Updated Archiver Virtual Machine DB Sizing Per VM MetaDB calculation [cell K231]
Version: 10.6.0617
Full Distribution
Minor Modifications
Minor modifications made to enable full distribution to both RSA and Channel Partn
Version: 10.6.0616
Network Tab
Send Us Feedback
Updated "Send Us Feedback" eMail hyperlink to include current version number in
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when Network tab
SIEM Tab
Send Us Feedback
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when SIEM tab is
Metered Tab
Send Us Feedback
Unlocked "Send Us Feedback" eMail hyperlink cell to enable link when Metered tab
Version: 10.6.0606
Virtual Machine QE Performance Benchmarks
Added Security Analytics Server, Broker, Event Stream Analytics Server, and Malw
Assigned Defined Names to Security Analytics Server, Broker, Event Stream Analy

Network Monitoring Virtual Machine Calculations
Removed Security Analytics Server, Broker, Event Stream Analytics Server, and Ma
Removed Security Analytics Server, Broker, and Event Stream Analytics Server cal
Network Devices Tab

Other VMs
Updated SA vCPUs [cell O45] value to Defined Name VM_SAServer_vCPUs
Updated SA vRAM [cell Q45] value to Defined Name VM_SAServer_vRAM
Updated SA Disk [cell R45] value to Defined Name VM_SAServer_DiskTB
Updated Broker vCPUs [cell O46] value to Defined Name VM_Broker_vCPUs
Updated Broker vRAM [cell Q46] value to Defined Name VM_Broker_vRAM
Updated Broker Disk [cell R46] value to Defined Name VM_Broker_DiskTB
Updated ESA vCPUs [cell O47] value to Defined Name VM_ESA_vCPUs
Updated ESA vRAM [cell Q47] value to Defined Name VM_ESA_vRAM
Updated ESA Disk [cell R47] value to Defined Name VM_ESA_DiskTB
Updated MA vCPUs [cell O48] value to Defined Name VM_MA_vCPUs
Updated MA vRAM [cell Q48] value to Defined Name VM_MA_vRAM
Updated MA Disk [cell R48] value to Defined Name VM_MA_DiskTB
SIEM Devices Tab

Other VMs
Updated SA vCPUs [cell U45] value to Defined Name VM_SAServer_vCPUs
Updated SA vRAM [cell W45] value to Defined Name VM_SAServer_vRAM
Updated SA Disk [cell X45] value to Defined Name VM_SAServer_DiskTB
Updated Broker vCPUs [cell U46] value to Defined Name VM_Broker_vCPUs
Updated Broker vRAM [cell W46] value to Defined Name VM_Broker_vRAM
Updated Broker Disk [cell X46] value to Defined Name VM_Broker_DiskTB
Updated ESA vCPUs [cell U47] value to Defined Name VM_ESA_vCPUs
Updated ESA vRAM [cell W47] value to Defined Name VM_ESA_vRAM
Updated ESA Disk [cell X47] value to Defined Name VM_ESA_DiskTB
Version: 10.6.0603

Updated Log Concentrator vRAM value [cell E15] based on test results of performa
Updated Log Concentrator vRAM value [cell E16] based on test results of performa
Updated Packet Concentrator vRAM value [cell K15] based on test results of perfor
Updated Packet Concentrator vRAM value [cell K16] based on test results of perfor
SIEM Tab
Notice Widget
Updated wording of the notice text and included GlobalSubTitle variable into notice
Version: 10.6.0527
Approximate :: Event Rate and Event Size Calculations
Updated Event Size Total [cell D145] calculation to include IFERROR, eliminating th
SIEM Devices Tab

Approximate
Updated Event Size [cell G6] calculation to include IFERROR, eliminating the displa
Version: 10.6.0526
Added Windows Active Directory Server calculation
Added Windows IIS and Exchange Server calculation
Updated Windows General Purpose Server calculation
Replaced Switch calculation with DNS and DHCP Servers calculation
Updated Router calculation to Routers and Switches
Updated all Device Class Event Rates and Event Sizes
SIEM Tab
Approximate Widget

Added Windows Active Directory Server input
Added Windows IIS / Exchange Server input
Updated Windows input to Windows General Purpose
Replaced Switch input with DNS and DHCP Servers input
Updated Router input to Routers and Switches
Help Tab
SIEM Approximate Widget
Updated SIEM Approximate Widget to mirror SIEM Tab Approximate Widget
Updated SIEM Approximate Widget Help Text
Version: 10.6.0523
Metered Formula Reference
Network Monitoring Calculations
Widget One Calculations
Added "Network Line Rate x Network Utilization % x Site Quantity" (cell K14) calcu
Widget Two Calculations
Widget Three Calculations
Widget One, Two, and Three Aggregate Calculations
Added "Aggregate Network Line Rate x Network Utilization % x Site Quantity" (cell
SIEM Monitoring Calculations
Added "Raw Retention for 24 Hours in GB/Day x Site Quantity" (cell K112) calculat
Added "Aggregate :: Raw Retention for 24 Hours in GB/Day x Site Quantity" (cell K
Metered Tab
Network Monitoring Input Widget 1

Assigned Equivalent Sustained Line Rate (cell E24) value equal to 'Metered Formul
Assigned Equivalent Sustained Line Rate (cell K24) value equal to 'Metered Formul
Assigned Equivalent Sustained Line Rate (cell Q24) value equal to 'Metered Formu
Total Metered Network Widget
Assigned Equivalent Sustained Line Rate (cell W24) value equal to 'Metered Formu
SIEM Monitoring Input Widget 1
Assigned GB/Day (cell B43) value equal to 'Metered Formula Reference'!K112
Assigned GB/Day (cell H43) value equal to 'Metered Formula Reference'!K137
Assigned GB/Day (cell N43) value equal to 'Metered Formula Reference'!K162
Total Metered SIEM Widget
Assigned GB/Day (cell T43) value equal to 'Metered Formula Reference'!K182
Version: 10.6.0520
Deleted "Meta Retention [on Disk] for 24 Hours x Meta Reduction in TB" calculation
Deleted "Meta Retention [on Disk] for 24 Hours x Meta Reduction x Retention Perio
Reassigned "NetworkMetaDB_for_24H" Defined Name to cell K17 [Meta Retention
Reassigned "NetworkMetaDB_for_Period" Defined Name to cell K18 [Meta Retentio

Global Dropdown Lists
Assigned Defined Name "NetworkUtilizationList" to cell range B85-B184
Created Metadata Ratio List with range of values from 1% to 20%
Assigned Defined Name "MetadataRatioList" to cell range E85-E104
Network Tab
Network Monitoring Input Widget
Assigned defined named list "NetworkUtilizationList" to Utilization dropdown box u
Assigned defined named list "MetadataRatioList" to Metadata Ratio dropdown box

Enabled data validation error alert to Utilization dropdown user input field. Valid in
Enabled data validation error alert to Metadata Ratio dropdown user input field. V
Enabled data validation error alert to Raw Retention dropdown user input field. Va
Enabled data validation error alert to Meta Retention dropdown user input field. Va
Hybrid Appliance Widget
Updated dynamic table Raw Days column formulas to use available Defined Name
Updated dynamic table Meta Days column formulas to use available Defined Name

Updated Index Retention for 24 Hours in TB x Site Quantity formula (cell K22) to us
Added "Aggregate Meta Retention for 24 Hours in TB x Site Quantity" calculation (c
Added "Aggregate Meta Retention for 24 Hours x Retention Period in Days x Site Q
Updated "Aggregate Raw Retention for 24 Hours in TB x Site Quantity" (cell K88) c
Updated "Aggregate Malware Analysis Throughput for Raw Packets for 24 Hours in
Updated "Aggregate Network Monitoring SKU Count" (cell K93) calculation to not in
Added "Aggregate Network Monitoring SKU Count + Existing Licensed Network Mo
Updated "Network Monitoring Subscription SKU" (cell K95) calculation to lookup SK
Updated "Network Monitoring Perpetual SKU" (cell K96) calculation to lookup SKU b
Added "Aggregate Malware Analysis SKU Count + Existing Licensed Malware Analy
Updated "Malware Analysis Subscription SKU" (cell K99) calculation to lookup SKU
Updated "Malware Analysis Perpetual SKU" (cell K99) calculation to lookup SKU bas

Updated "SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Quantity
Added "SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Quantity]
Updated "SIEM SKU Count (per50GB)" (cell K186) calculation to not include existin
Updated "SIEM Subscription SKU" (cell K187) calculation to lookup SKU based on v
Updated "SIEM Perpetual SKU" (cell K188) calculation to lookup SKU based on valu
Metered Tab
Assigned MetaDB Per Day (cell C22) value equal to 'Metered Formula Reference'!K
Assigned MetaDB Per Period (cell F22) value equal to 'Metered Formula Reference'
Assigned MetaDB Per Day (cell I22) value equal to 'Metered Formula Reference'!K4
Assigned MetaDB Per Period (cell L22) value equal to 'Metered Formula Reference'
Assigned MetaDB Per Day (cell O22) value equal to 'Metered Formula Reference'!K
Assigned MetaDB Per Period (cell R22) value equal to 'Metered Formula Reference'

Enabled data validation error alert to Licensed Network Monitoring user input field
Enabled data validation error alert to Licensed Malware Analysis user input field (c
Enabled data validation error alert to Licensed SIEM Monitoring user input field (ce
Version: 10.6.0519
Network Tab
Bill of Materials Widget
Added conditional formatting for Appliance -> Software selection "Invalid Configur
SIEM Tab
Added conditional formatting for Appliance -> Software selection "Invalid Configur
Version: 10.6.0518
Changed Throughput Based Model SAN hardware SKUs for both Decoder SAN and
From
SA-VNX2HD-SM-P
SA-VNX2HD-MD-P
SA-VNX2HD-LG-P
Updated nested IF statement in cell P175

Logic now correctly adds total required emulex cards IF Decoder SAN OR Conce

Changed Throughput Based Model SAN hardware SKUs for Decoder SAN, Concentr
From
SA-VNX2HD-SM-P

SA-VNX2HD-MD-P
SA-VNX2HD-LG-P
Help Tab
Help Tab
Initial entry of the help text associated with each displayed widget
Version: 10.6.0517
Network Tab
Changed Appliance -> Software selection combination to read "Invalid Configuratio
Unlocked BOM cells to allow for copy
SIEM Tab
Changed Appliance -> Software selection combination to read "Invalid Configuratio
Unlocked BOM cells to allow for copy
Metered Tab
Unlocked "Licensed Network Monitoring" user input field - cell W11
Unlocked "Licensed Malware Analysis" user input field - cell W13

Unlocked "Licensed SIEM Monitoring" user input field - cell W33
Version: 10.6.0516
SKU Reference
SKU Reference
SKU Reference updated from May 2016 price list

End

R Change Log
Last Update
apacity selections [removed DACS and added Powervaults]
EM Bill of Materials results from S5 to S6
based on new metrics from engineering

on new metrics from engineering
and SIEM
AC selection to 'S5 + DAC'

TB Powervault. Selection is 'S5 + 1*72TB PV'
o Powervault]. Selection is 'S6'
TB Powervault. Selection is 'S6 + 1*72TB PV'
owervaults. Selection is 'S6 + 2*72TB PV'

4TB Powervault. Selection is 'S6 + 1*144TB PV'
ork and SIEM Bill of Materials
le ESA for both Network and SIEM
d Additional ESAs Based on Maximum Supported Rates for both Network and SIEM
ult selection to network and log decoder, and archiver capacity dropdown selections
ult selection to network and log concentrator capacity dropdown selections
ials widget
EM Bill of Materials widget
IEM "Other" VM widget
documentation
ic to correctly add a Broker based on SIEM tab selections

onditional logic
selections for both Network and SIEM for Powervault capacity

ze Powervault capacity
utilize Powervault capacity
Planner is NOT the definitive source of SKUs

EM capacity selections, associated retention calculations updated, and updated Bill of Materials widget
lculation to the bottom of the Network Input Widget

ude 'Event Utilization'
include 'Event Utilization'

opdown Selections
acity selections, associated retention calculations updated, and updated Bill of Materials widgets
g and packet Concentrator dropdown
QE Benchmark Lookup Tables for AWS

E tested specifications for
UCED from 66 to 60
l disk calculation [cell E52]

old Storage Requirement calculation [cell K41]

ded to ALL virtual machine calculation widgets
o Network and SIEM Bill of Materials widgets
to all virtual machine calculation widgets
n number structure
to SIEM INPUT and Metered SIEM INPUT fields

ut Meta Data Ratio dropdown selection
QE Benchmark Lookup Table
d specifications for
ps [Network]
0 EPS [SIEM]
ate Widget total event size calculation [cell D146]
e Lookup Table
w includes Read IOPS and Write IOPS
to include Read IOPS and Write IOPS

nclude Read IOPS and Write IOPS
Widget, and Metered Widgets to correctly calculate Throughput SKU Count Quantities
now performed utilizing the ROUNDUP function
labels to RawDB
down list default value from one to zero
permissible value from 250,000 to 1,000,000
calculate requirements for additional SAN racks based on Decoder SAN and Concentrator SAN aggrega
stomer data input, permitting value(s) of zero

mer data input, permitting value of zero
IF statement now references PDecoder_Storage_Type=SAN OR PConcentrator_Storage_Type=SAN
Average Event Rate to 20,000 EPS

alculations to correctly calculate HYBRID + DAC selection
calculations to correctly calculate available capacity
alculations IF Statement logic to maintain consistancy with SIEM Log Hybrid IF Statement logic
B DAC SKU for Appliance based model selection for both Network and SIEM
lected [cell K114], removed double quotes from TRUE FALSE returned values
abel [cell K116], removed double quotes from TRUE FALSE returned values
abel [cell K116], IF statement now references LHybrid_DAC_Selected Defined Named
ted Option [cell K117], removed double quotes from IF condition statement
ted Option [cell K117], IF statement now references LHybrid_DAC_Selected Defined Named
ed Option [cell K118], removed double quotes from IF condition statement
ed Option [cell K118], IF statement now references LHybrid_DAC_Selected Defined Named
d on DAC or SAN Shelf Count + Override [cell K106] to correctly calculate available capacity
ppliance based model to SA-HPD12H1
ed [cell K72], removed double quotes from TRUE FALSE returned values
et Label [cell K74], removed double quotes from TRUE FALSE returned values
et Label [cell K74], IF statement now references PHybrid_DAC_Selected Defined Named
ted Option [cell K75], removed double quotes from IF condition statement
ted Option [cell K75], IF statement now references PHybrid_DAC_Selected Defined Named
ed Option [cell K76], removed double quotes from IF condition statement
ed Option [cell K76], IF statement now references PHybrid_DAC_Selected Defined Named
pliance based model to SA-HPD12H1

ported Event Rates [EPS] per device
R has a single entry input for SIEM Event Rate [EPS], unlike previous versions which had two entries. T
the "AVERAGE aggregate log event rate for a typical busy day"
k allocation calculations
ner conditional logic
hput model correcting blank SKU values presenting when low Event Rates are input
ed Average Event Rate [cell K32] from 20,000 to 30,000

ported Average Event Rate [cell K33] from 20,000 to 30,000
verage Event Rate [cell K34] from 20,000 to 30,000
DB_for_Period" for Long Term (Compressed) Raw Retention for 24 Hours in TB x Retention Period in Day
B_for_Period" for Long Term (Compressed) Meta Retention for 24 Hours in TB x Retention Period in Days
for 24 Hours in GB [cell K158] calculation. Added ROUNDUP function so result is a whole number integ
] nested IF statement. Corrected an erroneous cell reference affecting lookup values below 250 GB
equal defined name value "ArchiverPacketDB_for_Period"

qual defined name value "ArchiverMetaDB_for_Period"
qual defined name value "ArchiverMetaDB_for_Period x 0.05"
equal calculation of "ArchiverPacketDB_for_Period ÷ Archiver_VM_Count"

qual calculation of "ArchiverMetaDB_for_Period ÷ Archiver_VM_Count"

qual calculation of "(ArchiverMetaDB_for_Period x 0.05) ÷ Archiver_VM_Count"
ed on all primary user input calculation pages
" breakdown of the Index, Packet, and Meta databases for both Network and SIEM sizing
entrator, Archiver, and Hybrid appliances
PacketDB and Days of retention available based on the user selected storage
Event Rate throughput per service (Global Formula Reference)
aDACs (Global Formula Reference)
n helper widget (Network Tab)
c for network monitoring sizing
andwidth metric to both network monitoring and SIEM sizing
width metric to both network monitoring and SIEM sizing
metric to both network monitoring and SIEM sizing
udes the Appliance Based Model and the Throughput Based Models
and Event Size helper widget (SIEM Tab)
ent Rate and Event Size helper (SIEM Devices Tab)
both Network and SIEM scoping providing vCPUs, vRAM, and disk allocation sizing
mum required IOPS per Decoder, Concentrator, and Archiver virtual machines
supported Line Rates and Event Rates (Global Formula Reference)
erride for Decoder, Concentrator, and Archiver VMs
eparator

g Per VM PacketDB calculation [cell K230] to include compression
g Per VM MetaDB calculation [cell K231] to include compression
tribution to both RSA and Channel Partners
nk to include current version number in the eMail subject

ink cell to enable link when Network tab is password protected

ink cell to enable link when SIEM tab is password protected

ink cell to enable link when Metered tab is password protected
vent Stream Analytics Server, and Malware Analysis section with values based on QE testing
tics Server, Broker, Event Stream Analytics Server, and Malware Analysis values

ulations
, Event Stream Analytics Server, and Malware Analysis calculated values section
, and Event Stream Analytics Server calculated values section
ned Name VM_SAServer_vCPUs

ed Name VM_SAServer_vRAM
d Name VM_SAServer_DiskTB
Defined Name VM_Broker_vCPUs
efined Name VM_Broker_vRAM
fined Name VM_Broker_DiskTB
fined Name VM_ESA_vCPUs
ned Name VM_ESA_vRAM
ed Name VM_ESA_DiskTB
ned Name VM_MA_vCPUs
ned Name VM_MA_vRAM
d Name VM_MA_DiskTB
ned Name VM_SAServer_vCPUs

ned Name VM_SAServer_vRAM
d Name VM_SAServer_DiskTB
Defined Name VM_Broker_vCPUs
Defined Name VM_Broker_vRAM
fined Name VM_Broker_DiskTB
fined Name VM_ESA_vCPUs
fined Name VM_ESA_vRAM
ed Name VM_ESA_DiskTB

l E15] based on test results of performance under query loads
l E16] based on test results of performance under query loads
cell K15] based on test results of performance under query loads
cell K16] based on test results of performance under query loads
luded GlobalSubTitle variable into notice
e Calculations
ation to include IFERROR, eliminating the display of #DIV/0! When all input fields are zero
include IFERROR, eliminating the display of #DIV/0! When all input fields are zero
e Calculations
alculation
calculation
DHCP Servers calculation
Switches
Event Sizes

al Purpose
Servers input
or SIEM Tab Approximate Widget
ation % x Site Quantity" (cell K14) calculation

culations
work Utilization % x Site Quantity" (cell K86) calculation
Day x Site Quantity" (cell K112) calculation

culations
Hours in GB/Day x Site Quantity" (cell K182) calculation

cell E24) value equal to 'Metered Formula Reference'!K14
cell K24) value equal to 'Metered Formula Reference'!K39
cell Q24) value equal to 'Metered Formula Reference'!K64
cell W24) value equal to 'Metered Formula Reference'!K86
'Metered Formula Reference'!K112
ours x Meta Reduction in TB" calculation

ours x Meta Reduction x Retention Period in TB" calculation
fined Name to cell K17 [Meta Retention for 24 Hours in TB]
efined Name to cell K18 [Meta Retention for 24 Hours x Retention Period in Days]
nList" to cell range B85-B184

values from 1% to 20%
t" to cell range E85-E104
ationList" to Utilization dropdown box user input field

oList" to Metadata Ratio dropdown box user input field

ation dropdown user input field. Valid input range is 1% to 100%
data Ratio dropdown user input field. Valid input range is 1% to 20%
Retention dropdown user input field. Valid input range is 1 to 1,095. (3 years)
ormulas to use available Defined Names (cells Q35 - Q39)

formulas to use available Defined Names (cells R35 - R39)

B x Site Quantity formula (cell K22) to use non-reduced meta calculation of K20*IndexRatio


culations
ours in TB x Site Quantity" calculation (cell K90)
ours x Retention Period in Days x Site Quantity" calculation (cell K91)
Hours in TB x Site Quantity" (cell K88) calculation to not include existing licensed network monitoring
oughput for Raw Packets for 24 Hours in TB x Site Quantity" (cell K87) calculation to not include existing
KU Count" (cell K93) calculation to not include existing licensed network monitoring
Count + Existing Licensed Network Monitoring" (cell K94) calculation
SKU" (cell K95) calculation to lookup SKU based on value in cell K94
U" (cell K96) calculation to lookup SKU based on value in cell K94
ount + Existing Licensed Malware Analysis" (cell K98) calculation
KU" (cell K99) calculation to lookup SKU based on value in cell K98
(cell K99) calculation to lookup SKU based on value in cell K98

culations
r 24 Hours in GB [Includes Site Quantity]" (cell K184) calculation to not include existing licensed SIEM
24 Hours in GB [Includes Site Quantity] + Existing Licensed SIEM" (cell K185) calculation
K186) calculation to not include existing licensed SIEM
7) calculation to lookup SKU based on value in cell K185
calculation to lookup SKU based on value in cell K185

equal to 'Metered Formula Reference'!K20 (Non On Disk Reduced value)
e equal to 'Metered Formula Reference'!K21 (Non On Disk Reduced value)

qual to 'Metered Formula Reference'!K45 (Non On Disk Reduced value)

equal to 'Metered Formula Reference'!K70 (Non On Disk Reduced value)

sed Network Monitoring user input field (cell W11). Valid input range is 1 to 999
sed Malware Analysis user input field (cell W13). Valid input range is 1 to 999
sed SIEM Monitoring user input field (cell W33). Valid input range is 1 to 9,999
-> Software selection "Invalid Configuration" result now displays in red text
-> Software selection "Invalid Configuration" result now displays in red text
dware SKUs for both Decoder SAN and Concentrator SAN

To
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
emulex cards IF Decoder SAN OR Concentrator SAN is selected
dware SKUs for Decoder SAN, Concentrator SAN, and Archiver SAN
To
SA-VNX2HD-5600

SA-VNX2HD-5800
SA-VNX2HD-7600
h each displayed widget
ombination to read "Invalid Configuration"
ombination to read "Invalid Configuration"
ser input field - cell W11

r input field - cell W13
input field - cell W33

e for the SIEM

Global Variables
Workbook
Header Values
Global Workbook Header Title
Global Workbook Header SubTitle
Global Workbook Navigation Bar Title
Footer Values
Global Workbook Footer Version
Global Workbook Footer Hyperlink Text
Network & SIEM

Description
Log Concentrator Metadata Ratio
Raw Log Compression Ratio
Log Meta Compression Ratio
Meta On Disk Reduction
Index Ratio
SessionDB Size Per Entry (bytes)
Description
Packet Decoder - Maximum Supported Line Rate
Packet Concentrator - Maximum Supported Line Rate
Packet Decoder - Maximum Supported Sustained Rate
Packet Concentrator - Maximum Supported Sustained Rate
Packet Hybrid - Maximum Supported Line Rate
Description
Log Decoder - Maximum Supported Average Event Rate

Log Concentrator - Maximum Supported Average Event Rate
Archiver - Maximum Supported Average Event Rate
Log Hybrid - Maximum Supported Average Event Rate
Description
Decoder - Maximum Supported DACs
Concentrator - Maximum Supported DACs
Archiver - Maximum Supported DACs
Hybrid - Maximum Supported DACs
Description
ESA - Maximum Supported EPS Rate
ESA - Maximum Supported Packet Line Rate
Description
Decoder - Maximum Supported UltraDACs
Archiver - Maximum Supported UltraDACs
Description
SAN - Maximum Supported Appliances per VNX Controller
SAN - Maximum Supported Appliances per Unity Controller
Description
Virtual Machine - Packet Decoder Supported Line Rate
Virtual Machine - Packet Concentrator Supported Line Rate
Virtual Machine - Log Decoder Supported EPS Rate
Virtual Machine - Virtual Log Collector Supported EPS Rate
Virtual Machine - Log Concentrator Supported EPS Rate
Virtual Machine - Archiver Supported EPS Rate
Global Dropdown Lists

Network & SIEM

Packet Decoder Log Decoder
32TB DAC 32TB DAC
46TB DAC 46TB DAC
72TB PV 72TB PV
144TB PV 144TB PV
96TB SED PV 96TB SED PV
142TB UltraDAC 142TB UltraDAC
180TB UltraDAC 180TB UltraDAC
VNX2 SAN - SM VNX2 SAN - SM
VNX2 SAN - MD VNX2 SAN - MD
VNX2 SAN - LG VNX2 SAN - LG
Unity SAN Unity SAN
Archiver
32TB DAC
46TB DAC
72TB PV
144TB PV
96TB SED PV
142TB UltraDAC
180TB UltraDAC
VNX2 SAN - SM
VNX2 SAN - MD
VNX2 SAN - LG
Unity SAN
Network Utilization List Metadata Ratio List

1% 1%
2% 2%
3% 3%
4% 4%
5% 5%
6% 6%

7% 7%
8% 8%
9% 9%
10% 10%
11% 11%
12% 12%
13% 13%
14% 14%
15% 15%
16% 16%
17% 17%
18% 18%
19% 19%
20% 20%
21%
22%
23%
24%
25%
26%
27%
28%
29%
30%
31%
32%
33%
34%
35%
36%
37%
38%
39%

40%
41%
42%
43%
44%
45%
46%
47%
48%
49%
50%
51%
52%
53%
54%
55%
56%
57%
58%
59%
60%
61%
62%
63%
64%
65%
66%
67%
68%
69%
70%
71%
72%

73%
74%
75%
76%
77%
78%
79%
80%
81%
82%
83%
84%
85%
86%
87%
88%
89%
90%
91%
92%
93%
94%
95%
96%
97%
98%
99%
100%

RSA | NETWITNESS SCENAR
ine Rate
ted Line Rate
ustained Rate
ted Sustained Rate
e Rate
rage Event Rate

d Average Event Rate
Event Rate
ge Event Rate
Cs
Rate
Cs
Cs
per VNX Controller

per Unity Controller
rted Line Rate

upported Line Rate
d EPS Rate
upported EPS Rate
ported EPS Rate
S Rate

oder Packet Concentrator
AC 33TB DAC
AC 56TB PV
V 113TB PV
V 78TB SED PV
D PV VNX2 SAN - SM
UltraDAC VNX2 SAN - MD
UltraDAC VNX2 SAN - LG
AN - SM Unity SAN
AN - MD
AN - LG
AN
VM Type
VMware
AWS
Azure
Metadata Ratio List

RSA | NETWITNESS SCEN
Value Defined Name

RSA GlobalTitle
| NETWITNESS SCENARIO PLANNER GlobalSubTitle
RSA | NETWITNESS SCENARIO PLANNER GlobalNavTitle
Value Defined Name

11.3.11.2019 GlobalVersionNumber
Send Us Feedback GlobalContactText
Value Defined Name

100% LConcentratorMetaRatio
10 RawLogCompressRatio
4 LogMetaCompressRatio
50% MetaDiskReduction
3% IndexRatio
34 SessionDB_Size_Per_Entry
Value Defined Name

10,000 DecoderMaxLineRate
10,000 ConcentratorMaxLineRate
8,000 DecoderMaxSustainedLineRate
8,000 ConcentratorMaxSustainedLineRate
2,000 HybridMaxLineRate
Value Defined Name

30,000 LDecoderMaxEventRate

30,000 ConcentratorMaxEventRate
30,000 ArchiverMaxEventRate
20,000 HybridMaxEventRate
Value Defined Name

8 DecoderMaxDACs
8 ConcentratorMaxDACs
8 ArchiverMaxDACs
1
Value Defined Name

100,000 ESAMaxEPSRate
8,000 ESAMaxLineRate
Value Defined Name

1 DecoderMaxUltraDACs
1 ArchiverMaxUltraDACs
Value Defined Name

4 SANMaxAppliances
6 UnityMaxAppliances
Value Defined Name

1,500 VM_PDecoder_Supported_Line_Rate
1,500 VM_PConcentrator_Supported_Line_Rate
15,000 VM_LDecoder_Supported_EPS_Rate
15,000 VM_VLC_Supported_EPS_Rate
15,000 VM_LConcentrator_Supported_EPS_Rate
15,000 VM_Archiver_Supported_EPS_Rate

Log Concentrator Packet Hybrid
33TB DAC S5
56TB PV S5 + DAC
113TB PV S5 + 1*96TB PV
78TB SED PV S6
VNX2 SAN - SM S6 + 1*96TB PV
VNX2 SAN - MD S6 + 2*96TB PV
VNX2 SAN - LG S6 + 1*144TB PV
Unity SAN
Packet Other VMs Log Other VMs

NetWitness Server NetWitness Server
Broker Broker
ESA+CH ESA+CH
Malware UEBA
VLC
Log Metadata Ratio List

100%
125%
150%
175%
200%

A | NETWITNESS SCENARIO PLANNER v11.3.11.2019
try
te
neRate
nedLineRate

Rate
ed_Line_Rate
ported_Line_Rate
ed_EPS_Rate
S_Rate
ported_EPS_Rate
d_EPS_Rate

Log Hybrid
S5
S5 + DAC
S5 + 1*96TB PV
S6
S6 + 1*96TB PV
S6 + 2*96TB PV
S6 + 1*144TB PV

Capacity Reference
Packet Decoder, Log Decoder, & Archiver

SAN
Description Partition Size 95% in GB
VNX2 SAN - Shelf 44,022 41,821
VNX2 SAN - SM 44,022 41,821
VNX2 SAN - MD 44,022 41,821
VNX2 SAN - LG 44,022 41,821
Unity SAN 64,480 61,256
Unity SAN - Shelf 64,480 61,256
DAC
Description Partition Size 95% in GB
32TB DAC 27,290 25,926
32TB DAC 35,470 33,697
46TB DAC 44,708 42,473
46TB DAC 48,425 46,004
72TB PV 43,680 41,496
72TB PV 54,600 51,870
144TB PV 85,536 81,259
144TB PV 106,920 101,574
96TB SED PV 57,600 54,720
96TB SED PV 64,800 61,560
142TB UltraDAC 150,070 142,567
180TB UltraDAC 180,000 171,000
Series 5 Hybrid
Head U
SKU PacketDB Partition

SA-S5-HYBRID-P 17,408
SA-S5-HYBRID-L 17,408
DAC
SA-HDDAC-46 37,253
SA-HDDAC-46 22,354
PowerVault(s
NW-PVHD96-L 36,000
PowerVault(s)
NW-PVHD96-L 57,600
Series 6 Hybrid
Head U
SA-S6-HYBRID-N 21,600
SA-S6-HYBRID-L 21,600
PowerVault(s
NW-PVHD96-L 36,000
NW-PVHD96-L 36,000
NW-PVHD144-L 53,460
PowerVault(s)
NW-PVHD96-L 57,600
NW-PVHD96-L 57,600

NW-PVHD144-L 96,228
Subscription Metered Offering

NETM
SKU Description
SA-NETMON-S-T1 Tier 1, 1-10TB/day NetM PerTB
SA-NETMON-S-T5 Tier 5, >250TB/day NetM PerTB
SIEM
SKU Description
SA-SIEM-S-T1 Tier 1, 50-250GB/day SIEM Per50GB
SA-SIEM-S-T2 Tier 2, 251GB-1TB/day SIEM Per50GB
SA-SIEM-S-T3 Tier 3, 1-2TB/day SIEM Per50GB
SA-SIEM-S-T4 Tier 4, 2-5TB/day SIEM Per50GB
SA-SIEM-S-T5 Tier 5, >5TB/day SIEM Per50GB
Malware A
SKU Description
SA-NETMW-S-T1 Tier 1, 1-10TB/day MA PerTB
SA-NETMW-S-T5 Tier 5, >250TB/day MA PerTB
UEB
SKU Description
NW-UEBA-S-T1 Tier 1, UEBA 1,000-2,500 Users

NW-UEBA-S-T8 Tier 8, UEBA >500,000 Users
Perpetual Metered Offering

NETM
SKU Description
SA-NETMON-P-T1 Tier 1, 1-10TB/day NetM PerTB
SA-NETMON-P-T5 Tier 5, >250TB/day NetM PerTB
SIEM
SKU Description
SA-SIEM-P-T1 Tier 1, 50-250GB/day SIEM Per50GB
SA-SIEM-P-T2 Tier 2, 251GB-1TB/day SIEM Per50GB
SA-SIEM-P-T3 Tier 3, 1-2TB/day SIEM Per50GB
SA-SIEM-P-T4 Tier 4, 2-5TB/day SIEM Per50GB
SA-SIEM-P-T5 Tier 5, >5TB/day SIEM Per50GB
Malware A
SKU Description
SA-NETMW-P-T1 Tier 1, 1-10TB/day MA PerTB
SA-NETMW-P-T5 Tier 5, >250TB/day MA PerTB
UEB

SKU Description
NW-UEBA-P-T1 Tier 1, UEBA 1,000-2,500 Users
NW-UEBA-P-T8 Tier 8, UEBA >500,000 Users

ver Concentrator
SAN
TB Desciption Partition Size
40.84 VNX2 SAN - Shelf 21,504
40.84 VNX2 SAN - SM 21,504
40.84 VNX2 SAN - MD 21,504
40.84 VNX2 SAN - LG 21,504
59.82 Unity SAN 41,950
59.82 Unity SAN - Shelf 41,950
DAC
TB Description Partition Size
25.32 12TB DAC 10,320
32.91 33TB DAC 25,600
41.48 56TB PV 38,220
44.93 113TB PV 74,844
40.52 78TB SED PV 50,400
50.65
79.35
99.19
53.44
60.12
139.23
166.99
Head Unit
95% in GB TB Available MetaDB Partition

16,538 16.15 10,138
16,538 16.15 15,872
DACs
35,390 34.56 7,455
21,236 20.74 22,354
PowerVault(s) for Logs

34,200 33.40 36,000
PowerVault(s) for Packets

54,720 53.44 14,400
Head Unit
20,520 20.04 21,600
20,520 20.04 21,600
PowerVault(s) for Logs

34,200 33.40 36,000
34,200 33.40 36,000
50,787 49.60 53,460
PowerVault(s) for Packets

54,720 53.44 14,400
54,720 53.44 14,400

91,417 89.27 21,384
NETMON
cription Minimum TB
M PerTB 1
M PerTB 11
etM PerTB 51
NetM PerTB 101
M PerTB 251
SIEM
cription Minimum GB
EM Per50GB 1
IEM Per50GB 251
Per50GB 1,024
Per50GB 2,048
er50GB 5,120
Malware Analysis
cription Minimum TB
PerTB 1
PerTB 11
A PerTB 51
MA PerTB 101
PerTB 251
UEBA
cription Minimum TB
0 Users 1,000
0 Users 2,501
00 Users 5,001

000 Users 10,001
000 Users 25,001
0,000 Users 50,001
00,000 Users 100,001
Users 500,001
NETMON
cription Minimum TB
M PerTB 1
M PerTB 11
etM PerTB 51
NetM PerTB 101
M PerTB 251
SIEM
cription Minimum GB
EM Per50GB 1
IEM Per50GB 251
Per50GB 1,024
Per50GB 2,048
er50GB 5,120
Malware Analysis
cription Minimum TB
PerTB 1
PerTB 11
A PerTB 51
MA PerTB 101
PerTB 251
UEBA

cription Minimum TB
0 Users 1,000
0 Users 2,501
00 Users 5,001
000 Users 10,001
000 Users 25,001
0,000 Users 50,001
00,000 Users 100,001
Users 500,001

RSA | NETWITNESS SCENARI
SAN Configurations
AN SAN
95% in GB TB
20,429 19.95 Description
20,429 19.95 VNX2 SAN - SM
20,429 19.95 VNX2 SAN - MD
20,429 19.95 VNX2 SAN - LG
39,853 38.92 Unity SAN
39,853 38.92
AC
95% in GB TB
9,804 9.57
24,320 23.75
36,309 35.46
71,102 69.44
47,880 46.76
95% in GB TB Available

9,631 9.41
15,078 14.73
95% in GB TB Available Note

7,082 6.92 SA-HDDAC-46 packet configuration (Series
21,236 20.74 SA-HDDAC-46 log configuration (Serie

34,200 33.40 SA-PVHD96-L PV log configuration (Series 5 Hybri

13,680 13.36 SA-PVHD96-L PV packet configuration (Series 5 Hy
95% in GB TB Available
20,520 20.04
20,520 20.04

34,200 33.40 SA-PVHD96-L 1st PV log configuration (Series 6 Hy
34,200 33.40 SA-PVHD96-L 2nd PV log configuration (Series 6 H
50,787 49.60 SA-PVHD144-L log configuration (Series 6 Hybrid

13,680 13.36 SA-PVHD96-L 1st PV packet configuration (Series 6
12,000 11.72 SA-PVHD96-L 2nd PV packet configuration (Series 6

20,315 19.84 SA-PVHD144-L packet configuration (Series 6 Hyb
High TB
10
50
100
250
999
High GB
250
1,023
2,047
5,119
9,999
High TB
10
50
100
250
999
High TB
2,500
5,000
10,000

25,000
50,000
100,000
500,000
999,999
High TB
10
50
100
250
999
High GB
250
1,023
2,047
5,119
9,999
High TB
10
50
100
250
999

High TB
2,500
5,000
10,000
25,000
50,000
100,000
500,000
999,999

ons
SAN
1st Rack 2-n Rack
Shelf Limit Shelf Limit Max Shelves
12 13 33
12 13 49
12 13 60
12 13 56

Note
guration (Series 5 Hybrids ONLY)
tion (Series 5 Hybrids ONLY)
Note
uration (Series 5 Hybrids ONLY)
Note
nfiguration (Series 5 Hybrids ONLY)
Note
ation (Series 6 Hybrids ONLY)
Note
configuration (Series 6 Hybrids ONLY)
t configuration (Series 6 Hybrids ONLY)

guration (Series 6 Hybrids ONLY)

Network Monitoring
Metrics Relevant to Capacity Planning
User Input :: Network Line Rate in Mbps
User Input :: Network Utilization %
User Input :: Network Metadata Ratio %
User Input :: Desired Raw Retention Period in Days
User Input :: Desired Meta Retention Period in Days
Network Line Rate x Network Utilization %
Required Decoder to Concentrator Bandwidth
Required Concentrator to Event Stream Analysis Bandwidth
Raw Retention for 24 Hours in TB
Raw Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in TB
Meta Retention for 24 Hours x Retention Period in Days
Index Retention for 24 Hours in TB
Index Retention for 24 Hours x Retention Period in TB
Appliance Calculations
Packet Decoder Quantity
User Input :: Packet Decoder Count Manual Override Quantity
Packet Decoder Count Based on Line Rate
Packet Decoder Count Based on Line Rate Utilization
Packet Decoder Count Based on DAC Shelf Limit
Total Packet Decoder Count
Total Packet Decoders Required Based on Line Rate, Utilization Rate
Is Result a Vaild/Supported Configuration?
Decoder Appliance Widget Alert Message

Packet Decoder Storage
User Input :: DAC or SAN
User Input :: Unity SAN Selected
User Input :: UltraDAC Selected
User Input :: PowerVault Selected
Packet Decoder Storage Type Widget Label
1st Shelf Capacity in TB for Selected Option
2nd Shelf Capacity in TB for Selected Option
Quantity of DAC or SAN Shelves Required to Satisfy Retention
Quantity of DAC or SAN Shelves Required Based on Line Rate, Utiliza
Total Storage Available in TB Based on DAC or SAN Shelf Count + Ove
Total Storage Available in Days Based on DAC or SAN Shelf Count
Maximum Shelves Available for Selected SAN
Quantity of Packet Decoder Emulex Cards Required
Quantity of SAN Racks Required
Quantity of UltraDAC Racks Required
Packet Concentrator Quantity

User Input :: Packet Concentrator Count Manual Override Quantity
Packet Concentrator Count Based on Line Rate
Packet Concentrator Count Based on Line Rate Utilization
Packet Concentrator Count Based on DAC Shelf Limit
Total Packet Concentrator Count
Total Packet Concentrators Required Based on Line Rate, Utilization
Concentrator Appliance Widget Alert Message
Packet Concentrator Storage

Packet Concentrator Storage Type Widget Label

Quantity of DAC or SAN Shelves Required
Quantity of DAC Shelves Required Due To Manual Override
Quantity of Packet Concentrator Emulex Cards Required
Additional SAN Racks
Packet Hybrid Quantity and Storage

User Input :: Hybrid + DAC Selected
User Input :: Hybrid Count Manual Override Quantity
Packet Hybrid Storage Type Widget Label
PacketDB Capacity in TB for Selected Option
MetaDB Capacity in TB for Selected Option
Total Hybrids Required to Support PacketDB
Total Hybrids Required to Support MetaDB
Total Hybrids Required to Support Line Rate
Hybrid Count Designated By
Total Hybrid Count
Total PacketDB Days
Total MetaDB Days
Packet Hybrid Appliance Widget Alert Message
Approximate Utilization Calculations

Metrics Relevant to Network Utilization
User Input :: 12:00 AM

User Input :: 12:00 PM
Average Network Line Rate Utilization Based on [Above] User Input
Average Network Line Rate Based on [Above] User Input

User Input :: Dropbox :: Include Malware Analysis
User Input :: Dropbox :: Include Event Stream Aanalysis
User Input :: Dropbox :: Include UEBA
Amazon AWS SKU
Network Monitoring Throughput for Raw Packets for 24 Hours in TB
Network Monitoring SKU Count
Network Monitoring Subscription SKU
Network Monitoring Perpetual SKU
Malware Analysis Throughput for Raw Packets for 24 Hours in TB

Malware Analysis SKU Count
Malware Analysis Subscription SKU
Malware Analysis Perpetual SKU
Bill of Materials User Input Selections and Logic

User Input :: Appliance Model Selected
User Input :: Subscription License Selected
User Input :: Perpetual License Selected
Throughput Model Selected
User Input :: Decoder & Concentrator Selected
User Input :: Hybrid Selected
User Input :: Hardware Selected
User Input :: Software Selected
User Input :: Decoder Storage Selected
Decoder UltraDAC Selected
Decoder Storage Type
Decoder Unity SAN Selected
User Input :: Concentrator Storage Selected
Concentrator Storage Type
Concentrator Unity SAN Selected
Include Broker
User Input :: AWS SA Server Selected
Legacy Capacity SKU Count
Legacy Capacity SKU
Components
Appliance-bas
HW
SA License
MA License

SA Server NW-S6H-AS
Broker NW-S6H-BRO
ESA SA-S6H-ESA
Malware NW-S6H-MAL
UEBA NW-S6H-UEBA
Packet Decoder NW-S6H-N-DEC
Decoder 32TB DAC SA-HDD32-LP
Decoder 46TB DAC SA-DACHD-P
Decoder 72TB PV NW-PVHD72-L
Decoder 96TB SED PV NW-PVHDE96-L
Decoder 142TB UltraDAC SA-HDD142-LP
Decoder 180TB UltraDAC SA-HDD180-LP
Decoder VNX2 SAN - SM SA-VNX2HD-5600
Decoder VNX2 SAN - MD SA-VNX2HD-5800
Decoder VNX2 SAN - LG SA-VNX2HD-7600
Decoder SAN Shelves SA-VNX2HD-SHLF
Decoder Unity SAN NWS-Unity600
Decoder Unity SAN Shelves NWS-U6APHD-SHLF
Packet Concentrator NW-S6H-N-CON
Concentrator 12TB DAC SA-HPD12H1
Concentrator 33TB DAC SA-DACHP
Concentrator 56TB PV NW-PVHP56-L
Concentrator 78TB SED PV NW-PVHPE78-L
Concentrator VNX2 SAN - SM SA-VNX2HD-5600
Concentrator VNX2 SAN - MD SA-VNX2HD-5800
Concentrator VNX2 SAN - LG SA-VNX2HD-7600
Concentrator SAN Shelves SA-VNX2HP-SHLF
Concentrator Unity SAN NWS-Unity600
Concentrator Unity SAN Shelves NWS-U6APHP-SHLF
Emulex Card SA-DP-8GB-SANHBA
Ultra Rack SA-ULTRA-RACK

SAN Rack SA-VNX2-RACK
Unity Rack NWS-U600-Rack
Packet Hybrid SA-S5-HYBRID-P
Packet Hybrid NW-S6-HYBRID-N
Hybrid 46TB DAC SA-HDD46-LPH
Hybrid 72TB PV NW-PVHD72-L

od in Days
riod in Days
%
width
Analysis Bandwidth
ntion Period in Days
n Period in Days
n Period in TB
ual Override Quantity

te
te Utilization
elf Limit
n Line Rate, Utilization Rate, DAC Limit, or Override

n?
ge

bel
d to Satisfy Retention
d Based on Line Rate, Utilization Rate, DAC Limit, or Override
AC or SAN Shelf Count + Override
DAC or SAN Shelf Count
ds Required
Manual Override Quantity

e Rate
e Rate Utilization
C Shelf Limit
ed on Line Rate, Utilization Rate, DAC Limit, or Override

n?
essage

o Manual Override
Cards Required
ride Quantity
l
tion
on
tDB
DB
Rate
essage

ased on [Above] User Input
bove] User Input
e Analysis
ream Aanalysis
w Packets for 24 Hours in TB
ackets for 24 Hours in TB

nd Logic
ed
elected
ted
Appliance-based model
HW SW

H-AS Invalid Configuration
H-BRO Invalid Configuration
ESA Invalid Configuration
H-MAL Invalid Configuration
H-UEBA Invalid Configuration
H-N-DEC Invalid Configuration
32-LP
HD-P
HD72-L
HD144-L
HDE96-L
142-LP
180-LP
2HD-5600
2HD-5800
2HD-7600
2HD-SHLF
nity600
6APHD-SHLF
H-N-CON Invalid Configuration
12H1
HP
HP56-L
HP113-L
HPE78-L
2HD-5600
2HD-5800
2HD-7600
2HP-SHLF
nity600
6APHP-SHLF
GB-SANHBA
RA-RACK

2-RACK
600-Rack
YBRID-P Invalid Configuration
HYBRID-N Invalid Configuration
46-LPH
HD72-L
HD144-L

Value Defined Name

1,000 NetworkLineRate
60% NetworkUtilization
5% NetworkMetadataRatio
7 NetworkRawRetentionPeriod
30 NetworkMetaRetentionPeriod
600 Mbps NetworkLineRateUtilization
30 Mbps NetworkDtoC_Bandwidth
30 Mbps NetworkCtoESA_Bandwidth
5.89 NetworkPacketDB_for_24H
41.25 NetworkPacketDB_for_Period
0.29 NetworkMetaDB_for_24H
8.84 NetworkMetaDB_for_Period
0.01 NetworkIndexDB_for_24H
0.27 NetworkIndexDB_for_Period
Value Defined Name

0 PDecoder_Manual_Override
1
1
1
1 PDecoder_Count
Line Rate
1 PDecoder_Valid_Config
PDecoder_Widget_Alert

Value Defined Name
DAC PDecoder_Storage_Type
0 PDecoder_Unity_Selected
0 PDecoder_UltraDAC_Selected
1 PDecoder_PV_Selected
PowerVaults PDecoder_Widget_Storage_Label
40.52
50.65
2
2 PDecoder_Storage_Count
91.18
15.47 PDecoder_Storage_Days
PDecoder_SANMaxShelves
0
0
0
Value Defined Name

0 PConcentrator_Manual_Override
1
1
1
1 PConcentrator_Count
Line Rate
1 PConcentrator_Valid_Config
PConcentrator_Widget_Alert
Value Defined Name

DAC PConcentrator_Storage_Type
0 PConcentrator_Unity_Selected
1 PConcentrator_PV_Selected
PowerVaults PConcentrator_Widget_Storage_Label
35.46

35.46
1
1 PConcentrator_Storage_Count
35.46
120.33 PConcentrator_Storage_Days
PConcentrator_SANMaxShelves
0
0
Value Defined Name

1 PHybrid_DAC_Selected
0
Hybrids + DAC PHybrid_Widget_Storage_Label
73.48
33.40
1
1
1
Line Rate
1 PHybrid_Count
12.46 PHybrid_PacketDB_Days
113.33 PHybrid_MetaDB_Days
PHybrid_Widget_Alert
Value Line Rate

30.00% 300 Mbps Network Line Rate x Utilization
30.00% 300 Mbps
35.00% 350 Mbps
45.00% 450 Mbps
50.00% 500 Mbps
55.00% 550 Mbps

60.00% 600 Mbps
65.00% 650 Mbps
70.00% 700 Mbps
75.00% 750 Mbps
80.00% 800 Mbps
85.00% 850 Mbps
95.00% 950 Mbps
85.00% 850 Mbps
80.00% 800 Mbps
75.00% 750 Mbps
70.00% 700 Mbps
65.00% 650 Mbps
60.00% 600 Mbps
55.00% 550 Mbps
50.00% 500 Mbps
45.00% 450 Mbps
40.00% 400 Mbps
30.00% 300 Mbps
59.58%
596 Mbps Calculated but not currently used or displayed o
Value Defined Name

0 IncludeMA
1 IncludeESA
0 IncludePUEBA
NW-AWSAGENT-P
6
6.00
SA-NETMON-S-T1
SA-NETMON-P-T1
6

7
SA-NETMW-S-T1
SA-NETMW-P-T1
Value Defined Name

0 PAppliance_Selected
1 PSubscription_Selected
0 PPerpetual_Selected
1 PThroughput_Selected
1 PDecoderConcentrator_Selected
0 PHybrid_Selected
1 PHardware_Selected
0 PSoftware_Selected
72TB PV PDecoderStorage
0 PDecoder_UltraDAC_Selected
DAC PDecoder_Storage_Type
0 PDecoder_Unity_Selected
56TB PV PConcentrator_Storage
DAC PConcentrator_Storage_Type
0 PConcentrator_Unity_Selected
1 PHybrid_DAC_Selected
0 IncludeBroker
0 VM_POther_AWSSAServer_Selected
2
SA-25TB-CAP-P-SW
Throughput-based model
HW SW
SA-NETMON-S-T1

NW-S6H-AS-NL
NW-S6H-BRO-NL
SA-S6H-ESA-NL
NW-S6H-MAL-NL
NW-S6H-UEBA-NL
NW-S6H-NDEC-NL
SA-HDDAC-32
SA-HDDAC-46
NW-PVHD72
NW-PVHD144
NW-PVHDE96
SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HD-SHLF
NWS-Unity600
NWS-U6TPHD-SHLF
NW-S6H-CON-NL
SA-HPDAC-12
SA-HPDAC-33
NW-PVHP56
NW-PVHP113
NW-PVHPE78
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HP-SHLF
NWS-Unity600
NWS-U6TPHP-SHLF
SA-DP-8GB-SANHBA
SA-ULTRA-RACK

SA-VNX2-RACK
NWS-U600-Rack
SA-S5H-PHYBRID-NL
NW-S6H-NHYBRID-NL
SA-HDDAC-46
NW-PVHD72
NW-PVHD144

eriod
Period
tion
th
idth
24H
Period
4H
eriod
4H
eriod

e
ed
lected
age_Label
nt
s
ves
_Override
onfig
Alert
_Type
elected
cted
Storage_Label

_Count
_Days
Shelves
e_Label
k Line Rate x Utilization

ntly used or displayed on Network Tab

Selected
lected
e
ed
_Type
elected
ver_Selected
Bill Of Materials
SKU Count SKU
6 SA-NETMON-S-T1

1 NW-S6H-AS-NL
1 SA-S6H-ESA-NL
1 NW-S6H-NDEC-NL
2 NW-PVHD72
1 NW-S6H-CON-NL
1 NW-PVHP56

SIEM
Metrics Relevant to Capacity Planning
User Input :: Event Rate in EPS
User Input :: Utilization %
User Input :: Event Size in Bytes
User Input :: Log Metadata Ratio %
User Input :: Short Term Raw Retention Period in Days
User Input :: Short Term Meta Retention Period in Days
User Input :: Long Term Retention Period in Days
User Input :: Long Term Warm/Cold Retention Period in Days
Required Log Decoder Bandwidth
Required Log Decoder to Log Concentrator Bandwidth
Required Log Concentrator to Event Stream Analysis Bandwidth
Short Term Calculations

SessionDB Retention for 24 Hours in TB
SessionDB Retention for 24 Hours in TB x Retention Period
Raw Retention for 24 Hours in Bytes
Raw Retention for 24 Hours in GB/Day
Raw Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in Bytes
Meta Retention for 24 Hours in TB
Meta Retention for 24 Hours in TB x Retention Period in Days
Meta Retention for 24 Hours in TB + SessionDB
Meta Retention for 24 Hours in TB + SessionDB x Retention Period in
Index Retention for 24 Hours in TB
Index Retention for 24 Hours in TB x Retention Period

Long Term Calculations
Long Term Raw Retention for 24 Hours in GB
Long Term (Compressed) Raw Retention for 24 Hours in TB
Long Term (Compressed) Raw Retention for 24 Hours in TB x Retenti
Long Term (Compressed) Meta Retention for 24 Hours in TB
Long Term (Compressed) Meta Retention for 24 Hours in TB x Reten
Long Term (Compressed) Total Retention for 24 Hours in TB
Long Term (Compressed) Total Retention for 24 Hours in TB x Retenti
Long Term Warm / Cold Storage Requirements in TB
Appliance Calculations
Log Decoder Quantity
User Input :: Log Decoder Count Manual Override Quantity
Log Decoder Count Based on Event Rate
Log Decoder Count Based on DAC Shelf Limit
Total Log Decoder Count
Total Log Decoders Required Based on Event Rate, DAC Limit, or Ove
Log Decoder Appliance Widget Alert Message
Log Decoder Storage

Log Decoder Storage Type Widget Label
Quantity of DAC or SAN Required Shelves to Satisfy Retention
Quantity of DAC or SAN Shelves Required Based on Event Rate, DAC

Quantity of Log Decoder Emulex Cards Required
Log Concentrator Quantity

User Input :: Log Concentrator Count Manual Override Quantity
Log Concentrator Count Based on Event Rate
Log Concentrator Count Based on DAC Shelf Limit
Total Log Concentrator Count
Total Log Concentrators Required Based on Event Rate, DAC Limit, o
Log Concentrator Appliance Widget Alert Message
Log Concentrator Storage

Log Concentrator Storage Type Widget Label
Quantity of DAC or SAN Shelves Required Based on Event Rate, DAC
Quantity of Log Concentrator Emulex Cards Required
Archiver Quantity
User Input :: Archiver Count Manual Override Quantity
Archiver Count Based on Event Rate

Archiver Count Based on DAC Shelf Limit
Total Archiver Count
Total Archivers Required Based on Event Rate, DAC Limit, or Overrid
Archiver Appliance Widget Alert Message
Archiver Storage
Archiver Storage Type Widget Label
Quantity of DAC Shelves Required Due To Manual Override
Quantity of Archiver Emulex Cards Required
Log Hybrid Quantity and Storage

User Input :: Log Hybrid + DAC Selected
User Input :: Log Hybrid Count Manual Override Quantity
Log Hybrid Storage Type Widget Label
PacketDB Capacity in TB for Selected Option
MetaDB Capacity in TB for Selected Option
Total Log Hybrids Required to Support PacketDB
Total Log Hybrids Required to Support MetaDB
Total Log Hybrids Required to Support Event Rate
Log Hybrid Count Designated By

Total Log Hybrid Count
Total PacketDB Days
Total MetaDB Days
Log Hybrid Appliance Widget Alert Message
Device Class Event Size Event Rate

Unix / Linux 250 10.0
Windows AD 500 50.0
Windows IIS 400 15.0
Windows 500 10.0
Web Server 300 15.0
Proxy Server 500 50.0
AV 350 10.0
NAS 500 10.0
Database 550 25.0
DNS / DHCP 500 50.0
Router / Switch 225 25.0
Firewall 500 250.0
IDS 450 5.0
VPN 300 5.0
NW EndPoint 1,500 1.0
Total 0
Approximate Metrics
Total Devices
Event Rate
Event Size
Log GiB per Day

User Input :: Dropbox :: Add ESA Selected
User Input :: Dropbox :: Add UEBA Selected
Amazon AWS SKU
SIEM Throughput for Raw Logs for 24 Hours in TB
SIEM Throughput for Raw Logs for 24 Hours in GB
SIEM SKU Count (per50GB)
SIEM Subscription SKU
SIEM Perpetual SKU
UEBA User Count
UEBA Subscription SKU
UEBA Perpetual SKU
Bill of Materials User Input Selections and Logic

User Input :: Appliance Model Selected
User Input :: Subscription License Selected
User Input :: Perpetual License Selected
Throughput Model Selected
User Input :: Decoder & Concentrator Selected
User Input :: Hybrid Selected
User Input :: Hardware Selected
User Input :: Software Selected
User Input :: Decoder Storage Selected
Decoder UltraDAC Selected
Decoder Storage Type
Decoder Unity SAN Selected
User Input :: Concentrator Storage Selected
Concentrator Storage Type
Concentrator Unity SAN Selected

User Input :: Archiver Storage Selected
Archiver UltraDAC Selected
Archiver Storage Type
Archiver Unity SAN Selected
User Input :: Dropbox :: Add Archiver
Include Broker
User Input :: AWS SA Server Selected
User Input :: Azure SA Server Selected
Legacy Capacity SKU Count
Legacy Capacity SKU
Components
Appliance-bas
HW
SA License
UEBA License
SA Server NW-S6H-AS
Broker NW-S6H-BRO
ESA NW-S6H-ESA
UEBA Server NW-S6H-ESA (for UEBA)
Log Decoder NW-S6H-L-DEC
Decoder 32TB DAC SA-HDD32-LL
Decoder 46TB DAC SA-DACHD-L
Decoder 96TB SED PV NW-PVHDE96-L
Decoder 142TB UltraDAC SA-HDD142-LL
Decoder 180TB UltraDAC SA-HDD180-LL
Decoder VNX2 SAN - SM SA-VNX2HD-5600
Decoder VNX2 SAN - MD SA-VNX2HD-5800
Decoder VNX2 SAN - LG SA-VNX2HD-7600
Decoder SAN Shelves SA-VNX2HD-SHLF

Decoder Unity SAN NWS-Unity600
Decoder Unity SAN Shelves NWS-U6APHD-SHLF
Log Concentrator NW-S6H-L-CON
Concentrator 12TB DAC SA-HPD12H1
Concentrator 33TB DAC SA-DACHP
Concentrator 78TB SED PV NW-PVHPE78-L
Concentrator VNX2 SAN - SM SA-VNX2HD-5600
Concentrator VNX2 SAN - MD SA-VNX2HD-5800
Concentrator VNX2 SAN - LG SA-VNX2HD-7600
Concentrator SAN Shelves SA-VNX2HP-SHLF
Concentrator Unity SAN NWS-Unity600
Concentrator Unity SAN Shelves NWS-U6APHP-SHLF
Archiver NW-S6H-ARCH
Archiver 32TB DAC SA-HDD32-ARCH
Archiver 46TB DAC SA-HDD46-ARCH
Archiver 72TB PV NW-PVHD72A-L
Archiver 144TB PV NW-PVHD144A-L
Archiver 96TB SED PV NW-PVHDE96A-L
Archiver 142TB UltraDAC SA-HDD-142-ARCH
Archiver 180TB UltraDAC SA-HDD-180-ARCH
Archiver VNX2 SAN - SM SA-VNX2HD-5600
Archiver VNX2 SAN - MD SA-VNX2HD-5800
Archiver VNX2 SAN - LG SA-VNX2HD-7600
Archiver SAN Shelves SA-VNX2HD-SHLF
Archiver Unity SAN NWS-Unity600
Archiver Unity SAN Shelves NWS-U6APHDA-SHLF
Emulex Card SA-DP-8GB-SANHBA
Ultra Rack SA-ULTRA-RACK
SAN Rack SA-VNX2-RACK
Ultra Rack NWS-U600-Rack
Log Hybrid SA-S5-HYBRID-L

Log Hybrid NW-S6-HYBRID-L
Hybrid 46TB DAC SA-HDD46-LLH

Period in Days
Period in Days
d in Days
ention Period in Days
tor Bandwidth
am Analysis Bandwidth
x Retention Period
ntion Period in Days
ention Period in Days

sionDB
sionDB x Retention Period in Days
ention Period

for 24 Hours in TB
for 24 Hours in TB x Retention Period in Days
n for 24 Hours in TB
n for 24 Hours in TB x Retention Period in Days
n for 24 Hours in TB
n for 24 Hours in TB x Retention Period in Days
ments in TB
Override Quantity
Limit
vent Rate, DAC Limit, or Override

n?
ssage
s to Satisfy Retention
d Based on Event Rate, DAC Limit, or Override

equired
anual Override Quantity

Rate
helf Limit
on Event Rate, DAC Limit, or Override

n?
t Message
d Based on Event Rate, DAC Limit, or Override
rds Required
erride Quantity

t
Rate, DAC Limit, or Override

n?
e
o Manual Override
Override Quantity
tion
on
acketDB
MetaDB
vent Rate

age
culations
Quantity Total Event Rate Decimal GB/Day

0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
0 0 0.00
20,000 20,000 2,592.00
0 0 0.0

d
ted
ours in TB
ours in GB
nd Logic
ed
elected
ted

Appliance-based model
HW SW
H-AS Invalid Configuration

H-BRO Invalid Configuration
H-ESA Invalid Configuration
H-ESA (for UEBA) Invalid Configuration
H-L-DEC Invalid Configuration
32-LL
HD-L
HD72-L
HD144-L
HDE96-L
142-LL
180-LL
2HD-5600
2HD-5800
2HD-7600
2HD-SHLF

nity600
6APHD-SHLF
H-L-CON Invalid Configuration
12H1
HP
HP56-L
HP113-L
HPE78-L
2HD-5600
2HD-5800
2HD-7600
2HP-SHLF
nity600
6APHP-SHLF
H-ARCH Invalid Configuration
32-ARCH
46-ARCH
HD72A-L
HD144A-L
HDE96A-L
-142-ARCH
-180-ARCH
2HD-5600
2HD-5800
2HD-7600
2HD-SHLF
nity600
6APHDA-SHLF
GB-SANHBA
RA-RACK
2-RACK
600-Rack
YBRID-L Invalid Configuration

HYBRID-L Invalid Configuration
46-LLH
HD72-L
HD96-L
HD144-L

Value Defined Name

10,000 LogEventRate
50% LogUtilization
500 LogEventSize
100% LogMetaDataRatio
60 LogRawRetentionPeriod
60 LogMetaRetentionPeriod
365 LogLongTermRetentionPeriod
0 LogLongTermWarmRetentionPeriod
19 Mbps
19 Mbps LogDtoC_Bandwidth
19 Mbps LogCtoESA_Bandwidth
Value
0.013359
0.801519
216,000,000,000 Bytes
201.17 GB/Day LogGBPerDay
0.21 LogPacketDB_for_24H
12.59 LogPacketDB_for_Period
216,000,000,000 Bytes
0.20
11.79
0.21 LogMetaDB_for_24H
12.59 LogMetaDB_for_Period
0.00629
0.38 LogIndexDB_for_Period

Value Defined Name
239
0.02
8.53 ArchiverPacketDB_for_Period
0.03
10.67 ArchiverMetaDB_for_Period
0.05 ArchiverDB_for_24H
19.20 ArchiverDB_for_Period
0.00 ArchiverWarmRetentionTB
Value Defined Name

0 LDecoder_Manual_Override
1
1
1 LDecoder_Count
Event Rate
1 LDecoder_Valid_Config
LDecoder_Widget_Alert
Value Defined Name

DAC LDecoder_Storage_Type
0 LDecoder_Unity_Selected
0 LDecoder_UltraDAC_Selected
1 LDecoder_PV_Selected
PowerVaults LDecoder_Widget_Storage_Label
40.52
50.65
1
1 LDecoder_Storage_Count
40.52
193.14 LDecoder_Storage_Days

LDecoder_SANMaxShelves
0
0
0
Value Defined Name

0 LConcentrator_Manual_Override
1
1
1 LConcentrator_Count
Event Rate
1 LConcentrator_Valid_Config
LConcentrator_Widget_Alert
Value Defined Name

DAC LConcentrator_Storage_Type
0 LConcentrator_Unity_Selected
1 LConcentrator_PV_Selected
PowerVaults LConcentrator_Widget_Storage_Label
35.46
35.46
1
1 LConcentrator_Storage_Count
35.46
169.00 LConcentrator_Storage_Days
LConcentrator_SANMaxShelves
0
0
Value Defined Name

0 Archiver_Manual_Override
1

1
1 Archiver_Count
Event Rate
1 Archiver_Valid_Config
Archiver_Widget_Alert
Value Defined Name

DAC Archiver_Storage_Type
0 Archiver_Unity_Selected
1 Archiver_UltraDAC_Selected
0 Archiver_PV_Selected
UltraDACs Archiver_Widget_Storage_Label
166.99
166.99
1
1 Archiver_Storage_Count
166.99
3,174.00 Archiver_Storage_Days
Archiver_SANMaxShelves
0
0
1
Value Defined Name

1 LHybrid_DAC_Selected
0
Hybrids + DAC LHybrid_Widget_Storage_Label
53.44
53.44
1
1
1
Event Rate

1 LHybrid_Count
254.69 LHybrid_PacketDB_Days
254.69 LHybrid_MetaDB_Days
LHybrid_Widget_Alert
Binary GiB/Day
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
2413.99
0.00
Value Defined Name

0 Approx_TotalDevices
0.00 Approx_EventRate
0.00 Approx_EventSize
0.00 Approx_LogGBPerDay

Value Defined Name
1 IncludeLogESA
0 IncludeLogUEBA
NW-AWSAGENT-P
0.20
201
5
SA-SIEM-S-T1
SA-SIEM-P-T1
10,000 UEBAUserCount
NW-UEBA-S-T3
NW-UEBA-P-T3
Value Defined Name

0 LAppliance_Selected
1 LSubscription_Selected
0 LPerpetual_Selected
1 LThroughput_Selected
0 LDecoderConcentrator_Selected
1 LHybrid_Selected
1 LHardware_Selected
0 LSoftware_Selected
72TB PV LDecoderStorage
0 LDecoder_UltraDAC_Selected
DAC LDecoder_Storage_Type
0 LDecoder_Unity_Selected
56TB PV LConcentrator_Storage
DAC LConcentrator_Storage_Type
0 LConcentrator_Unity_Selected
1 LHybrid_DAC_Selected

180TB UltraDAC ArchiverStorage
1 Archiver_UltraDAC_Selected
DAC Archiver_Storage_Type
0 Archiver_Unity_Selected
1 IncludeArchiver
0 IncludeLBroker
0 VM_LOther_AWSSAServer_Selected
0 VM_LOther_AzureSAServer_Selected
1
SA-15TB-CAP-L-SW
Throughput-based model
HW SW
SA-SIEM-S-T1
NW-UEBA-S-T3
NW-S6H-AS-NL
NW-S6H-BRO-NL
NW-S6H-ESA-NL
NW-S6H-ESA-NL (for UEBA)
NW-S6H-LDEC-NL
SA-HDDAC-32
SA-HDDAC-46
NW-PVHD72
NW-PVHD144
NW-PVHDE96
SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HD-SHLF

NWS-Unity600
NWS-U6TPHD-SHLF
NW-S6H-CON-NL
SA-HPDAC-12
SA-HPDAC-33
NW-PVHP56
NW-PVHP113
NW-PVHPE78
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HP-SHLF
NWS-Unity600
NWS-U6TPHP-SHLF
NW-S6H-ARCH-NL
SA-HDDAC-32
SA-HDDAC-46
NW-PVHD72
NW-PVHD144
NW-PVHDE96A
SA-HDUDAC-142
SA-HDUDAC-180
SA-VNX2HD-5600
SA-VNX2HD-5800
SA-VNX2HD-7600
SA-VNX2HD-SHLF
NWS-Unity600
NWS-U6TPHDA-SHLF
SA-DP-8GB-SANHBA
SA-ULTRA-RACK
SA-VNX2-RACK
NWS-U600-Rack
SA-S5H-LHYBRID-NL

NW-S6H-LHYBRID-NL
SA-HDDAC-46
NW-PVHD72
NW-PVHD96
NW-PVHD144

d
Period
ntionPeriod

Period
eriod
TB
e
ed
ected
age_Label
nt

ves
_Override
nfig
Alert
_Type
elected
cted
Storage_Label
_Count
_Days
Shelves
ide

d
cted
ge_Label
es
e_Label

s

Selected
ected
e
ed
_Type
elected

cted
ver_Selected
rver_Selected
Bill Of Materials
SKU Count SKU
5 SA-SIEM-S-T1
1 NW-S6H-AS-NL
1 NW-S6H-ESA-NL

1 NW-S6H-ARCH-NL
1 SA-HDUDAC-180

1 NW-S6H-LHYBRID-NL
1 NW-PVHD96

Metered Offering
User Input Network Line Rate in Mbps
User Input Network Utilization %
User Input Metadata Ratio %
User Input Desired Raw Retention Period in Days
User Input Desired Meta Retention Period in Days
User Input :: Include Malware Analysis Selected
User Input Quantity of Sites
Network Line Rate x Network Utilization % x Site Quantity
Malware Analysis Throughput for Raw Packets for 24 Hours in TB x S
Raw Retention for 24 Hours in TB [Includes Site Quantity]
Raw Retention for 24 Hours x Retention Period in Days [Includes Site
Meta Retention for 24 Hours in TB x Site Quantity
Meta Retention for 24 Hours x Retention Period in Days x Site Quanti
Index Retention for 24 Hours in TB x Site Quantity
Index Retention for 24 Hours x Retention Period in TB x Site Quantit


User Input :: Quantity of Sites
Raw Retention for 24 Hours in TB x Site Quantity
Raw Retention for 24 Hours x Retention Period in Days x Site Quanti

User Input :: Quantity of Sites

Raw Retention for 24 Hours in TB x Site Quantity
Widget One, Two, and Three Aggregation Calculations

User Input :: Customer Type Selection
User Input :: SKU Type Selection
User Input :: Current Customer Licensed Network Monitoring
User Input :: Current Customer Licensed Malware Analysis
Aggregate Network Line Rate x Network Utilization % x Site Quantity
Aggregate Malware Analysis Throughput for Raw Packets for 24 Hou
Aggregate Raw Retention for 24 Hours in TB x Site Quantity
Aggregate Meta Retention for 24 Hours in TB x Site Quantity
Aggregate Meta Retention for 24 Hours x Retention Period in Days x
Aggregate Index Retention for 24 Hours x Retention Period in TB x S
Aggregate Network Monitoring SKU Count
Aggregate Network Monitoring SKU Count + Existing Licensed Netw
Aggregate Malware Analysis SKU Count
Aggregate Malware Analysis SKU Count + Existing Licensed Malware


SessionDB Retention for 24 Hours in TB x Site Quantity
SessionDB Retention for 24 Hours in TB x Retention Period [Includes
Raw Retention for 24 Hours in Bytes x Site Quantity
Raw Retention for 24 Hours in GB/Day [Includes Site Quantity]
Raw Retention for 24 Hours in TB x Retention Period in Days [Include
Meta Retention for 24 Hours in Bytes [Includes Site Quantity]
Meta Retention for 24 Hours in TB [Includes Site Quantity]
Meta Retention for 24 Hours in TB x Retention Period in Days [Includ
Meta Retention for 24 Hours in TB + SessionDB [Includes Site Quanti
Index Retention for 24 Hours in TB x Retention Period [Includes Site
SIEM Throughput for Raw Logs for 24 Hours in TB [Includes Site Qua
SIEM Throughput for Raw Logs for 24 Hours in GB [Includes Site Qua
SIEM Perpetual SKU


Raw Retention for 24 Hours in GB/Day x Site Quantity
Index Retention for 24 Hours in TB [Includes Site Quantity]
SIEM Perpetual SKU


Raw Retention for 24 Hours in GB/Day [Includes Site Quantity]
Index Retention for 24 Hours in TB [Includes Site Quantity]
SIEM Perpetual SKU
Widget One, Two, and Three Aggregation Calculations

User Input :: New Customer
User Input :: SKU Type
User Input :: Current Customer Licensed SIEM Monitoring
Aggregate :: Raw Retention for 24 Hours in GB/Day [Includes Site Qu
Aggregate :: Raw Retention for 24 Hours in TB [Includes Site Quantit
Aggregate :: Raw Retention for 24 Hours in TB x Retention Period in
SIEM Perpetual SKU

d in Days
od in Days
elected
% x Site Quantity
ackets for 24 Hours in TB x Site Quantity
des Site Quantity]
des Site Quantity]
Period in Days [Includes Site Quantity]
Quantity
n Period in Days x Site Quantity
Quantity
n Period in TB x Site Quantity

d in Days
od in Days
elected
% x Site Quantity
Quantity
Period in Days x Site Quantity
Quantity
Quantity
d in Days
od in Days
elected
% x Site Quantity

Quantity
Quantity
Quantity
n Calculations
Network Monitoring
Malware Analysis
Utilization % x Site Quantity
t for Raw Packets for 24 Hours in TB x Site Quantity
n TB x Site Quantity
in TB x Site Quantity
x Retention Period in Days x Site Quantity
x Retention Period in TB x Site Quantity
nt
nt + Existing Licensed Network Monitoring
+ Existing Licensed Malware Analysis

Period in Days
Period in Days
x Site Quantity
x Retention Period [Includes Site Quantity]
te Quantity
ncludes Site Quantity]
des Site Quantity]
ntion Period in Days [Includes Site Quantity]
cludes Site Quantity]
des Site Quantity]
ention Period in Days [Includes Site Quantity]
sionDB [Includes Site Quantity]
sionDB x Retention Period in Days [Includes Site Quantity]
Quantity
ention Period [Includes Site Quantity]
ours in TB [Includes Site Quantity]
ours in GB [Includes Site Quantity]

Period in Days
Period in Days
x Site Quantity
te Quantity
Site Quantity
des Site Quantity]
des Site Quantity]
udes Site Quantity]
Period in Days
Period in Days
x Site Quantity
te Quantity

ncludes Site Quantity]
des Site Quantity]
des Site Quantity]
udes Site Quantity]
n Calculations
SIEM Monitoring
in GB/Day [Includes Site Quantity]
in TB [Includes Site Quantity]
in TB x Retention Period in Days [Includes Site Quantity]
ours in GB [Includes Site Quantity] + Existing Licensed SIEM

Value
1,000
60%
5%
7
45
0
1
600 Mbps
0.00
0.00
5.89
5.89
41.25
0.29
13.26
0.01
0.40
6
SA-NETMON-S-T1
SA-NETMON-P-T1
0
0
0
Value
1,000

60%
5%
7
45
0
0
0 Mbps
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0
0
0
0
0
0
Value
1,000
60%
5%
7
45
0
0
0 Mbps
0.00

0.00
0.00
0.00
0.00
0.00
0.00
0.00
0.00
0
0
0
0
0
0
Value
1 TRUE = New, FALSE = Existing
1 1= Subscription, 2 = Perpetual
0
0
600 Mbps
0.00
5.89
41.25
0.29
13.26
0.40
6
6
SA-NETMON-S-T1
SA-NETMON-P-T1
0
0

0
0
Value Reference Names Only - NOT Excel Display Nam

10,000 LogEventRate
500 LogEventSize
1
0.026717
2.404558
432,000,000,000 Bytes
402.33 GB/Day
432,000,000,000 Bytes
0.39
35.36
0.01259
0.39
402.00
9
SA-SIEM-S-T2
SA-SIEM-P-T2

10,000 LogEventRate
500 LogEventSize

0
0.000000
0.000000
0 Bytes
0.00 GB/Day
0 Bytes
0.00
0.00
0.00000
0.00
0.00
0
0
0

10,000 LogEventRate
500 LogEventSize
0
0.000000
0.000000
0 Bytes

0.00 GB/Day
0 Bytes
0.00
0.00
0.00000
0.00
0.00
0
0
0

0 TRUE = New, FALSE = Existing
1 1= Subscription, 2 = Perpetual
400
402.33 GB/Day
402.33
802.33
9
SA-SIEM-S-T2
SA-SIEM-P-T2


sting
petual

NOT Excel Display Names

d

d

sting
petual


Virtual Machine Lookup Table
SA Server and Collocated Components (Jetty, Broker, IM, RE) Virtual Machine
VM Port Rate vCPU
SA Server SSL 12
AWS Port Rate vCPU

SA Server SSL 1,000 Mbps 8
SA Server SSL 1,500 Mbps 16
SA Server SSL 10,000 EPS 8
Azure Port Rate vCPU

Broker Virtual Machine

VM Port Rate vCPU
Broker SSL 4
AWS Port Rate vCPU

Broker SSL 4

Broker SSL 4
Network Monitoring
VM Port Rate vCPU
P Decoder SSL 50 Mbps 4

P Decoder SSL 1,000 Mbps 12
P Concentrator SSL 50 Mbps 4
P Concentrator SSL 1,000 Mbps 16
P Warehouse SSL 500 Mbps 6
P Warehouse SSL 1,000 Mbps 6
P Warehouse SSL 1,500 Mbps 8
P ESA + CH SSL 7,000 Mbps 32
Malware Analysis SSL 7,000 Mbps 16
AWS Port Rate vCPU

P ESA + CH SSL 500 Mbps 8
Malware Analysis SSL
SIEM
VM Port Rate vCPU
L Decoder SSL 2,500 EPS 6
L Concentrator SSL 2,500 EPS 4

Archiver SSL 2,500 EPS 4
L Warehouse SSL 10,000 EPS 8
L Warehouse SSL 15,000 EPS 10
L ESA + CH SSL 90,000 EPS 32
L Collector SSL 15,000 EPS 8
L UEBA SSL 90,000 EPS 16
AWS Port Rate vCPU



Network Monitoring
Other Virtual Machines Calculations
Other Virtual Machine Type
User Input :: Virtual Machine
User Input :: Virtual Machine Type
Other Virtual Machine Count
Other Virtual Machine AWS Instance Name
Other Virtual Machine Type Label
Other Virtual Machine Resource Allocation Label
Other Virtual Machine Minimum Required vCPUs
Other Virtual Machine Minimum Required vRAM
Other Virtual Machine Minimum Required Read IOPS
Other Virtual Machine Minimum Required Write IOPS
Other Virtual Machine Minimum Required Disk Allocation
Other Virtual Machine Minimum Required Disk Allocation Type
Other Virtual Machine Widget Footer Label
Other Virtual Machine Widget Footer Value
Other Virtual Machine Widget Alert Message
SA Server and Collocated Components (Jetty, Broker, IM, RE) Vir

AWS Instance Name
Minimum Required vCPU's
Minimum Required vCPU's GHz
Minimum Required vRAM

Minimum Required Read IOPS
Minimum Required Write IOPS
Minimum Required Disk Allocation

AWS Instance Name
Event Stream Analysis Server and Collocated Components (Con

AWS Instance Name
Malware Analysis Server Virtual Machine

AWS Instance Name
Packet Decoder Virtual Machine Calculations

Packet Decoder Virtual Machine Quantity
User Input :: Packet Decoder VM Count Manual Override Quan
Packet Decoder VM Count Based on Line Rate
Packet Decoder VM Count Based on Line Rate Utilization
Total Packet Decoder VM Count
Total Packet Decoder VMs Required Based on Line Rate, Utilizati
Packet Decoder VM Widget Alert Message
Packet Decoder Virtual Machine Type

Packet Decoder Widget Amazon Instance Name
Packet Decoder Widget Type
Packet Decoder Widget Resource Allocation
Packet Decoder Widget Disk Allocation
Packet Decoder Widget Disk Allocation Operating System Type
Packet Decoder Widget Disk Allocation PacketDB Type
Packet Decoder Widget Disk Allocation SessionDB Type
Packet Decoder Widget Disk Allocation MetaDB Type
Packet Decoder Widget Disk Allocation Index Type
Packet Decoder Widget Footer Label
Packet Decoder Widget Footer Value
Packet Decoder Virtual Machine DB Sizing Per VM

(Network Line Rate x Network Utilization %) ÷ VM_PDecoder_C
Minimum Required vCPU's For Each Packet Decoder VM
Minimum Required vCPU's GHz For Each Packet Decoder VM
Minimum Required vRAM for Each Packet Decoder VM
Line Rate Adjustment for OS Disk Calculation
OS Disk
PacketDB

SessionDB
MetaDB
Index
Total
Packet Concentrator Virtual Machine Calculations

Packet Concentrator Virtual Machine Quantity
User Input :: Packet Concentrator VM Count Manual Override Q
Packet Concentrator VM Count Based on Line Rate
Packet Concentrator VM Count Based on Line Rate Utilization
Total Packet Concentrator VM Count
Total Packet Concentrator VMs Required Based on Line Rate, U
Packet Concentrator VM Widget Alert Message
Packet Concentrator Virtual Machine Type

Packet Concentrator Widget Amazon Instance Name
Packet Concentrator Widget Type
Packet Concentrator Widget Resource Allocation
Packet Concentrator Widget Disk Allocation
Packet Concentrator Widget Disk Allocation Operating System T
Packet Concentrator Widget Disk Allocation SessionDB Type
Packet Concentrator Widget Disk Allocation MetaDB Type
Packet Concentrator Widget Disk Allocation Index Type
Packet Concentrator Widget Footer Label
Packet Concentrator Widget Footer Value
Packet Concentrator Virtual Machine DB Sizing Per VM

(Network Line Rate x Network Utilization %) ÷ VM_PConcentrat
Minimum Required vCPU's For Each Packet Concentrator VM
Minimum Required vCPU's GHz For Each Packet Concentrator V

Minimum Required vRAM for Each Packet Concentrator VM
Line Rate Adjustment for OS Disk Calculation
OS Disk
SessionDB
MetaDB
Index
Total
SIEM
Other Virtual Machines Calculations
Other Virtual Machine Type
User Input :: Virtual Machine
Other Virtual Machine Count
Other Virtual Machine AWS Instance Name
Other Virtual Machine Type Label
Other Virtual Machine Resource Allocation Label
Other Virtual Machine Minimum Required vCPUs
Other Virtual Machine Minimum Required vRAM
Other Virtual Machine Minimum Required Read IOPS
Other Virtual Machine Minimum Required Write IOPS
Other Virtual Machine Minimum Required Disk Allocation
Other Virtual Machine Minimum Required Disk Allocation Type
Other Virtual Machine Widget Footer Label
Other Virtual Machine Widget Footer Value
SA Server and Collocated Components (Jetty, Broker, IM, RE) Vir

AWS Instance Name


AWS Instance Name
Event Stream Analysis Server and Collocated Components (Con

AWS Instance Name
User Entity and Behavioral Analysis Virtual Machine

AWS Instance Name

Log Collector Virtual Machine
AWS Instance Name
Log Decoder Virtual Machine Calculations

Log Decoder Virtual Machine Quantity
User Input :: Virtual Machine Log Decoder Count Manual Overr
Log Decoder VM Count Based on Event Rate x Event Utilization
Log Decoder VM Count Based on Sustained Event Rate
Total Log Decoder VM Count
Total Log Decoder VMs Required Based on Line Rate, Utilization
Log Decoder VM Widget Alert Message
Log Decoder Virtual Machine Type

Log Decoder Widget Amazon Instance Name
Log Decoder Widget Type
Log Decoder Widget Resource Allocation
Log Decoder Widget Disk Allocation
Log Decoder Widget Disk Allocation Operating System Type
Log Decoder Widget Disk Allocation PacketDB Type
Log Decoder Widget Disk Allocation SessionDB Type
Log Decoder Widget Disk Allocation MetaDB Type
Log Decoder Widget Disk Allocation Index Type
Log Decoder Widget Footer Label
Log Decoder Widget Footer Value

Log Decoder Virtual Machine DB Sizing Per VM
LogEventRate x LogUtilization ÷ VM_LDecoder_Count
Minimum Required vCPU's For Each Log Decoder VM
Minimum Required vCPU's GHz For Each Log Decoder VM
Minimum Required vRAM for Each Log Decoder VM
Event Rate Adjustment for OS Disk Calculation
OS Disk
RawDB
SessionDB
Log Concentrator Virtual Machine Type
MetaDB
User Input :: Virtual Machine Type 2 VM_PConcentrator_
Index m4.1
VM_PConcentrator_Instance_Name_Label
Total
Packet Concentrator Widget Type Concentrator Instances
Packet Concentrator Widget Resource Allocation Resource
Log ConcentratorVM_PConcentrator_Widget_Resource_Label
Virtual Machine Calculations
Packet Concentrator Widget Disk Allocation Disk Allocation
Log Concentrator Virtual Machine
VM_PConcentrator_Widget_Disk_Label Quantity
User Input
Packet :: Virtual Machine
Concentrator Widget Log
DiskConcentrator Count Manual
Allocation Operating SystemO
VM_PConcentrator_OS_Disk_Label
Log Concentrator VM Count Based on Event Rate x Event Utiliza
Packet
Log Concentrator
Concentrator WidgetBased
VM Count Disk Allocation SessionDB
on Sustained Type
Event Rate
VM_PConcentrator_SessionDB_Disk_Label
Total LogConcentrator
Packet ConcentratorWidget
VM Count
Disk Allocation MetaDB Type
Total Log Concentrator VMs Required Based on Event Rate, Sus
IsPacket
ResultConcentrator Widget
a Vaild/Supported Disk Allocation Index Type
Configuration? SSD
Packet
Log Concentrator
Concentrator Widget Alert
VM Widget FooterMessage
Label Enhanced Netwo
VM_PConcentrator_Widget_Footer_Label
Packet Concentrator Widget Footer Value No VM_PConce
Concentrator Virtual Machine Type
Log Concentrator Widget Amazon Instance Name
Log Concentrator Widget Type
Log Concentrator Widget Resource Allocation
Log Concentrator Widget Disk Allocation

Log Concentrator Widget Disk Allocation Operating System Typ
Log Concentrator Widget Disk Allocation SessionDB Type
Log Concentrator Widget Disk Allocation MetaDB Type
Log Concentrator Widget Disk Allocation Index Type
Log Concentrator Widget Footer Label
Log Concentrator Widget Footer Value
Log Concentrator Virtual Machine DB Sizing Per VM

LogEventRate x LogUtilization ÷ VM_LConcentrator_Count
Minimum Required vCPU's For Each Log Concentrator VM
Minimum Required vCPU's GHz For Each Log Concentrator VM
Minimum Required vRAM for Each Log Concentrator VM
OS Disk
SessionDB
Log Archiver Virtual Machine Type
MetaDB
User Input :: Virtual Machine Type 2 VM_PConcentrator_
Index m4.1
Total
Packet Concentrator Widget Type Concentrator Instances
Packet Concentrator Widget Resource Allocation Resource
VM_PConcentrator_Widget_Resource_Label
Archiver Virtual Machine Calculations
Packet Concentrator Widget Disk Allocation Disk Allocation
Archiver Virtual Machine Quantity
VM_PConcentrator_Widget_Disk_Label
User Input
Packet :: Virtual Machine
Concentrator Widget Archiver Count Manual
Disk Allocation Override
Operating SystemQ
VM_PConcentrator_OS_Disk_Label
Virtual Machine - Archiver VM Count Based on Event Rate x Eve
PacketMachine
Virtual Concentrator Widget
- Archiver VMDisk Allocation
Count Based onSessionDB
SustainedType
Event
VM_PConcentrator_SessionDB_Disk_Label
Virtual
PacketMachine - TotalWidget
Concentrator Archiver VMAllocation
Disk Count MetaDB Type
Virtual Machine - Total Archiver VMs Required Based on Event
PacketMachine
- Is Result Disk Allocation Index
a Vaild/Supported Type
Configuration? SSD
PacketMachine
- Archiver VMFooter
WidgetLabel Enhanced Netwo
Alert Message
VM_PConcentrator_Widget_Footer_Label
Packet Concentrator Widget Footer Value No VM_PConce
Concentrator Virtual Machine Type

Log Archiver Widget Amazon Instance Name
Log Archiver Widget Type
Log Archiver Widget Resource Allocation
Log Archiver Widget Disk Allocation
Log Archiver Widget Disk Allocation Operating System Type
Log Archiver Widget Disk Allocation SessionDB Type
Log Archiver Widget Disk Allocation MetaDB Type
Log Archiver Widget Disk Allocation Index Type
Log Archiver Widget Footer Label
Log Archiver Widget Footer Value
Archiver Virtual Machine DB Sizing Per VM

LogEventRate x LogUtilization ÷ VM_Archiver_Count
Minimum Required vCPU's For Each Archiver VM
Minimum Required vCPU's GHz For Each Archiver VM
Minimum Required vRAM for Each Archiver VM
OS Disk
RawDB
MetaDB
Index
Total

marks
Virtual Machine
vCPU vRAM Read IOPS Write IOPS
31.18 GHz 50 GB 100 350

32 GB
64 GB
32 GB
64 GB

112 GB
112 GB

10.40 GHz 10 GB 100 350

16 GB

14 GB
vCPU GHz vRAM Read IOPS Write IOPS

10.39 GHz 25 GB 50 150
10.39 GHz 25 GB 50 250
10.39 GHz 25 GB 50 350

20.79 GHz 40 GB 150 200
31.18 GHz 50 GB 200 400
41.58 GHz 75 GB 200 500
10.39 GHz 25 GB 50 1,350
10.39 GHz 25 GB 100 1,700
10.39 GHz 25 GB 150 2,100
31.18 GHz 50 GB 250 4,600
41.58 GHz 50 GB 550 5,500
62.38 GHz 75 GB 1,050 6,500
15.59 GHz 20 GB 50 50
15.59 GHz 30 GB 50 50
20.79 GHz 40 GB 50 50
83.16 GHz 94 GB 50 50
41.58 GHz 50 GB 300 650

15 GB
30 GB
60 GB
30 GB
60 GB
160 GB
32 GB
61 GB
122 GB

15.60 GHz 25 GB 50 75
20.79 GHz 25 GB 100 100
25.99 GHz 25 GB 150 150
41.58 GHz 50 GB 300 50
51.98 GHz 60 GB 550 100
10.39 GHz 25 GB 300 1,800
10.39 GHz 25 GB 400 2,350
15.59 GHz 25 GB 500 4,500

25.99 GHz 50 GB 1,600 6,500
31.18 GHz 60 GB 1,600 7,600
10.39 GHz 25 GB 150 250
10.39 GHz 25 GB 150 250
15.59 GHz 25 GB 150 350
31.18 GHz 40 GB 1,300 700
36.38 GHz 45 GB 1,200 900
20.79 GHz 30 GB 50 50
25.99 GHz 35 GB 50 50
83.16 GHz 94 GB 50 50
20.79 GHz 8 GB 50 50
41.58 GHz 64 GB 500 500

15 GB
30 GB
60 GB
16 GB
32 GB
64 GB
16 GB
32 GB
64 GB
32 GB
61 GB
122 GB
15 GB

112 GB
112 GB
112 GB
112 GB
112 GB
112 GB
112 GB
112 GB

112 GB
140 GB
140 GB
140 GB
16 GB
me
on Label
ed vCPUs
ed vRAM
ed Read IOPS
ed Write IOPS
ed Disk Allocation
ed Disk Allocation Type
bel
lue
n?
sage
etty, Broker, IM, RE) Virtual Machine

ated Components (Context Hub) Virtual Machine

y
Manual Override Quantity
e Rate
e Rate Utilization
ed on Line Rate, Utilization Rate, or Override

n?
ge
e Name
tion
Operating System Type

acketDB Type
essionDB Type
MetaDB Type
ndex Type
ng Per VM
n %) ÷ VM_PDecoder_Count
ket Decoder VM
Packet Decoder VM
et Decoder VM
ation

s
antity
unt Manual Override Quantity
n Line Rate
n Line Rate Utilization
Based on Line Rate, Utilization Rate, or Override

n?
essage
pe
tance Name
location
tion
tion Operating System Type
tion SessionDB Type
tion MetaDB Type
tion Index Type
l
e
Sizing Per VM
n %) ÷ VM_PConcentrator_Count
ket Concentrator VM
Packet Concentrator VM

et Concentrator VM
ation
me
on Label
ed vCPUs
ed vRAM
ed Read IOPS
ed Write IOPS
ed Disk Allocation
ed Disk Allocation Type
bel
lue
etty, Broker, IM, RE) Virtual Machine

ated Components (Context Hub) Virtual Machine
ual Machine

er Count Manual Override Quantity
Rate x Event Utilization %
ned Event Rate
on Line Rate, Utilization Rate, or Override

n?
ame
rating System Type

ketDB Type
ionDB Type
aDB Type
ex Type

er VM
ecoder_Count
Decoder VM
Log Decoder VM
Decoder VM
lation
2 VM_PConcentrator_Type :: 1= VMware, 2 = AWS

stance Name m4.10xlarge
bel
oncentrator Instances VM_PConcentrator_Widget_Type_Label
Allocation Resource Allocation Per Instance
abel
tion Disk Allocation Per Instance
tity
ntrator Count Manual
tion Operating SystemOverride
Type Quantity
SSD
ent Rate x Event Utilization %
tion SessionDB
ustained Type
Event Rate HDD
bel
tion MetaDB Type HDD VM_PConcentrator_MetaDB_Disk_Label
sed on Event Rate, Sustained Rate, or Override
tion Index Type
n? SSD VM_PConcentrator_Index_Disk_Label
el
age Enhanced Networking Enabled
el
ue No VM_PConcentrator_Widget_Footer_Value
ce Name
ation

Operating System Type
SessionDB Type
MetaDB Type
Index Type
ing Per VM
ncentrator_Count
Concentrator VM
Log Concentrator VM
oncentrator VM
lation
2 VM_PConcentrator_Type :: 1= VMware, 2 = AWS

stance Name m4.10xlarge
bel
oncentrator Instances VM_PConcentrator_Widget_Type_Label
Allocation Resource Allocation Per Instance
abel
tion Disk Allocation Per Instance
ount
tion Manual Override
Operating SystemQuantity
Type SSD
sed on Event Rate x Event Utilization %
tionon
sed SessionDB
SustainedType HDD
Event Rate
bel
nt
tion MetaDB Type HDD VM_PConcentrator_MetaDB_Disk_Label
quired Based on Event Rate, Sustained Rate, or Override
tion Index
orted Type
Configuration? SSD VM_PConcentrator_Index_Disk_Label
el Message
lert Enhanced Networking Enabled
el
ue No VM_PConcentrator_Widget_Footer_Value

ame
rating System Type

ionDB Type
aDB Type
x Type
M
hiver_Count
hiver VM
Archiver VM
ver VM
lation

Instance Name Enhanced Networking

m4.2xlarge No
m4.4xlarge No
m4.2xlarge No
m4.4xlarge No
Instance Name OS
Standard D14 v2 CentOS

m4.xlarge No
Instance Name OS
Standard DS3 v2 CentOS

c4.2xlarge Yes
c4.4xlarge Yes
c4.8xlarge Yes
c4.4xlarge No
c4.8xlarge No
m4.10xlarge No
m4.2xlarge No
r4.2xlarge No
r4.4xlarge No

c4.2xlarge Yes
c4.4xlarge Yes
c4.8xlarge Yes
m4.xlarge No
m4.2xlarge No
m4.4xlarge No
m4.xlarge No
m4.2xlarge No
m4.4xlarge No
m4.2xlarge No
r4.2xlarge No
r4.4xlarge No
c4.2xlarge No
Instance Name OS

Standard F8 CentOS
Value Defined Name

1 VM_POther_Machine :: 1=NW Server, 2=Broker
1 VM_POther_Type :: 1= VMware, 2 = AWS
1 VM_POther_Count
VM_POther_Instance_Name_Label
Virtual Machines VM_POther_Widget_Type_Label
Resource Allocation Per VM VM_POther_Widget_Resource_Label
12 VM_POther_vCPUs
50 VM_POther_vRAM
100 VM_POther_RIOPS
350 VM_POther_WIOPS
1.50 TB VM_POther_DiskTB
SAS VM_POther_Disk_Label
nimum Required TOTAL IOPS Per VM VM_POther_Widget_Footer_Label
450 VM_POther_Widget_Footer_Value
1 VM_POther_Valid_Config
VM_POther_Widget_Alert
Value Defined Name

VM_SAServer_Instance_Name
12 VM_SAServer_vCPUs
31.18 GHz VM_SAServer_vCPUsGHz
50 GB VM_SAServer_vRAM

100 VM_SAServer_RIOPS
350 VM_SAServer_WIOPS
1.50 TB VM_SAServer_DiskTB
Value Defined Name

VM_Broker_Instance_Name
4 VM_Broker_vCPUs
10.40 GHz VM_Broker_vCPUsGHz
10 GB VM_Broker_vRAM
100 VM_Broker_RIOPS
350 VM_Broker_WIOPS
1.50 TB VM_Broker_DiskTB
Value Defined Name

VM_PESAServer_Instance_Name
32 VM_PESAServer_vCPUs
83.16 GHz VM_PESAServer_vCPUsGHz
94 GB VM_PESAServer_vRAM
50 VM_PESAServer_RIOPS
50 VM_PESAServer_WIOPS
1.50 TB VM_PESAServer_DiskTB
Value Defined Name

VM_MAServer_Instance_Name
16 VM_MAServer_vCPUs
41.58 GHz VM_MAServer_vCPUsGHz
50 GB VM_MAServer_vRAM
300 VM_MAServer_RIOPS
650 VM_MAServer_WIOPS
1.50 TB VM_MAServer_DiskTB

Value Defined Name
0
1
1
1 VM_PDecoder_Count
Utilization Rate
1 VM_PDecoder_Valid_Config
VM_PDecoder_Widget_Alert
Value Defined Name

1 VM_PDecoder_Type :: 1= VMware, 2 = AWS
VM_PDecoder_Instance_Name_Label
Decoder VMs VM_PDecoder_Widget_Type_Label
Resource Allocation Per VM VM_PDecoder_Widget_Resource_Label
Disk Allocation Per VM VM_PDecoder_Widget_Disk_Label
SAS VM_PDecoder_OS_Disk_Label
SAS VM_PDecoder_PacketDB_Disk_Label
SAS VM_PDecoder_SessionDB_Disk_Label
SAS VM_PDecoder_MetaDB_Disk_Label
SAS VM_PDecoder_Index_Disk_Label
nimum Required TOTAL IOPS Per VM VM_PDecoder_Widget_Footer_Label
600 VM_PDecoder_Widget_Footer_Value
Value Defined Name

600 Mbps
12 VM_PDecoder_vCPUs_Per_Count
31.18 GHz VM_PDecoder_vCPUsGHz_Per_Count
50 GB VM_PDecoder_vRAM_Per_Count
200 VM_PDecoder_RIOPS
400 VM_PDecoder_WIOPS
1066.67
1.50 TB VM_PDecoder_OSDiskTB_Per_Count
41.25 TB VM_PDecoder_PacketDB_Per_Count

0.06 TB VM_PDecoder_SessionDB_Per_Count
0.60 TB VM_PDecoder_MetaDB_Per_Count
0.030 TB VM_PDecoder_IndexDB_Per_Count
43.44 TB VM_PDecoder_DiskTotalTB_Per_Count
Value Defined Name

0
1
1
1 VM_PConcentrator_Count
Utilization Rate
1 VM_PConcentrator_Valid_Config
VM_PConcentrator_Widget_Alert
Value Defined Name

1 VM_PConcentrator_Type :: 1= VMware, 2 = AW
Concentrator VMs VM_PConcentrator_Widget_Type_Label
Resource Allocation Per VM VM_PConcentrator_Widget_Resource_Label
Disk Allocation Per VM VM_PConcentrator_Widget_Disk_Label
SAS VM_PConcentrator_OS_Disk_Label
SAS VM_PConcentrator_SessionDB_Disk_Label
SAS VM_PConcentrator_MetaDB_Disk_Label
SSD VM_PConcentrator_Index_Disk_Label
nimum Required TOTAL IOPS Per VM VM_PConcentrator_Widget_Footer_Label
6,050 VM_PConcentrator_Widget_Footer_Value
Value Defined Name

600 Mbps
16 VM_PConcentrator_vCPUs_Per_Count
41.58 GHz VM_PConcentrator_vCPUsGHz_Per_Count

50 GB VM_PConcentrator_vRAM_Per_Count
550 VM_PConcentrator_RIOPS
5,500 VM_PConcentrator_WIOPS
1066.67
1.50 TB VM_PConcentrator_OSDiskTB_Per_Count
1.24 TB VM_PConcentrator_SessionDB_Per_Count
8.84 TB VM_PConcentrator_MetaDB_Per_Count
0.442 TB VM_PConcentrator_IndexDB_Per_Count
12.02 TB VM_PConcentrator_TotalDiskTB_Per_Count
Value Defined Name

1 VM_LOther_Machine :: 1=NW Server, 2=Broker
1 VM_LOther_Type :: 1= VMware, 2 = AWS, 3 = A
1 VM_LOther_Count
VM_LOther_Instance_Name_Label
Virtual Machines VM_LOther_Widget_Type_Label
Resource Allocation Per VM VM_LOther_Widget_Resource_Label
12 VM_LOther_vCPUs
50 VM_LOther_vRAM
100 VM_LOther_RIOPS
350 VM_LOther_WIOPS
1.50 TB VM_LOther_DiskTB
SAS VM_LOther_Disk_Label
nimum Required TOTAL IOPS Per VM VM_LOther_Widget_Footer_Label
450 VM_LOther_Widget_Footer_Value
Value Defined Name

VM_LSAServer_Instance_Name
12 VM_LSAServer_vCPUs

31.18 GHz VM_LSAServer_vCPUsGHz
50 GB VM_LSAServer_vRAM
100 VM_LSAServer_RIOPS
350 VM_LSAServer_WIOPS
1.50 TB VM_LSAServer_DiskTB
Value Defined Name

VM_LBroker_Instance_Name
4 VM_LBroker_vCPUs
10.40 GHz VM_LBroker_vCPUsGHz
10 GB VM_LBroker_vRAM
100 VM_LBroker_RIOPS
350 VM_LBroker_WIOPS
1.50 TB VM_LBroker_DiskTB
Value Defined Name

VM_LESAServer_Instance_Name
32 VM_LESAServer_vCPUs
83.16 GHz VM_LESAServer_vCPUsGHz
94 GB VM_LESAServer_vRAM
50 VM_LESAServer_RIOPS
50 VM_LESAServer_WIOPS
1.50 TB VM_LESAServer_DiskTB
Value Defined Name

VM_LUEBAServer_Instance_Name
16 VM_LUEBAServer_vCPUs
41.58 GHz VM_LUEBAServer_vCPUsGHz
64 GB VM_LUEBAServer_vRAM
500 VM_LUEBAServer_RIOPS
500 VM_LUEBAServer_WIOPS
1.50 TB VM_LUEBAServer_DiskTB

Value Defined Name
VM_VLC_Instance_Name
8 VM_VLC_vCPUs
20.79 GHz VM_VLC_vCPUsGHz
8 GB VM_VLC_vRAM
50 VM_VLC_RIOPS
50 VM_VLC_WIOPS
1.50 TB VM_VLC_DiskTB
Value Defined Name

0
1
0 Metrics Not Currently Collected to Calculate
1 VM_LDecoder_Count
Line Rate
1 VM_LDecoder_Valid_Config
VM_LDecoder_Widget_Alert
Value Defined Name

1 VM_LDecoder_Type :: 1= VMware, 2 = AWS, 3 =
VM_LDecoder_Instance_Name_Label
Decoder VMs VM_LDecoder_Widget_Type_Label
Resource Allocation Per VM VM_LDecoder_Widget_Resource_Label
Disk Allocation Per VM VM_LDecoder_Widget_Disk_Label
SAS VM_LDecoder_OS_Disk_Label
SAS VM_LDecoder_PacketDB_Disk_Label
SAS VM_LDecoder_SessionDB_Disk_Label
SAS VM_LDecoder_MetaDB_Disk_Label
SAS VM_LDecoder_Index_Disk_Label
nimum Required TOTAL IOPS Per VM VM_LDecoder_Widget_Footer_Label
200 VM_LDecoder_Widget_Footer_Value

Value Defined Name
5,000
8 VM_LDecoder_vCPUs_Per_Count
20.79 GHz VM_LDecoder_vCPUsGHz_Per_Count
25 GB VM_LDecoder_vRAM_Per_Count
100 VM_LDecoder_RIOPS
100 VM_LDecoder_WIOPS
250.00
0.32 TB VM_LDecoder_OSDiskTB_Per_Count
12.59 TB VM_LDecoder_PacketDB_Per_Count
0.01 TB VM_LDecoder_SessionDB_Per_Count
0.20 TB VM_LDecoder_MetaDB_Per_Count
0.005 TB VM_LDecoder_IndexDB_Per_Count
13.12 TB VM_LDecoder_DiskTotalTB_Per_Count
Value Defined Name

0
1
1 VM_LConcentrator_Count
Line Rate
1 VM_LConcentrator_Valid_Config
VM_LConcentrator_Widget_Alert
Value Defined Name

1 VM_LConcentrator_Type :: 1= VMware, 2 = AW
VM_LConcentrator_Instance_Name_Label
Concentrator VMs VM_LConcentrator_Widget_Type_Label
Resource Allocation Per VM VM_LConcentrator_Widget_Resource_Label
Disk Allocation Per VM VM_LConcentrator_Widget_Disk_Label

SAS VM_LConcentrator_OS_Disk_Label
SAS VM_LConcentrator_SessionDB_Disk_Label
SAS VM_LConcentrator_MetaDB_Disk_Label
SSD VM_LConcentrator_Index_Disk_Label
nimum Required TOTAL IOPS Per VM VM_LConcentrator_Widget_Footer_Label
2,750 VM_LConcentrator_Widget_Footer_Value
Value Defined Name

5,000
4 VM_LConcentrator_vCPUs_Per_Count
10.39 GHz VM_LConcentrator_vCPUsGHz_Per_Count
25 GB VM_LConcentrator_vRAM_Per_Count
400 VM_LConcentrator_RIOPS
2,350 VM_LConcentrator_WIOPS
250.00
0.32 TB VM_LConcentrator_OSDiskTB_Per_Count
1.80 TB VM_LConcentrator_SessionDB_Per_Count
12.59 TB VM_LConcentrator_MetaDB_Per_Count
0.629 TB VM_LConcentrator_IndexDB_Per_Count
15.34 TB VM_LConcentrator_TotalDiskTB_Per_Count
Value Defined Name

0
1
1 VM_Archiver_Count
Line Rate
1 VM_Archiver_Valid_Config
VM_Archiver_Widget_Alert
Value Defined Name

1 VM_Archiver_Type :: 1= VMware, 2 = AWS, 3 =
VM_Archiver_Instance_Name_Label
Archiver VMs VM_Archiver_Widget_Type_Label
Resource Allocation Per VM VM_Archiver_Widget_Resource_Label
Disk Allocation Per VM VM_Archiver_Widget_Disk_Label
SAS VM_Archiver_OS_Disk_Label
SAS VM_Archiver_SessionDB_Disk_Label
SAS VM_Archiver_MetaDB_Disk_Label
SSD VM_Archiver_Index_Disk_Label
nimum Required TOTAL IOPS Per VM VM_Archiver_Widget_Footer_Label
400 VM_Archiver_Widget_Footer_Value
Value Defined Name

5,000
4 VM_Archiver_vCPUs_Per_Count
10.39 GHz VM_Archiver_vCPUsGHz_Per_Count
25 GB VM_Archiver_vRAM_Per_Count
150 VM_Archiver_RIOPS
250 VM_Archiver_WIOPS
250.00
0.32 TB VM_Archiver_OSDiskTB_Per_Count
8.53 TB VM_Archiver_PacketDB_Per_Count
10.67 TB VM_Archiver_MetaDB_Per_Count
0.533 TB VM_Archiver_IndexDB_Per_Count
20.05 TB VM_Archiver_TotalDiskTB_Per_Count


1=NW Server, 2=Broker, 3=ESA+CH, 4=MA
VMware, 2 = AWS
Name_Label
pe_Label
source_Label
oter_Label
oter_Value
fig
ert
_Name
Hz

ame
ce_Name
GHz
e_Name
Hz

onfig
Alert
= VMware, 2 = AWS
_Name_Label
Type_Label
Resource_Label
Disk_Label
_Label
B_Disk_Label
DB_Disk_Label
_Disk_Label
isk_Label
Footer_Label
Footer_Value
Per_Count
Hz_Per_Count
er_Count
B_Per_Count
B_Per_Count

DB_Per_Count
_Per_Count
_Per_Count
lTB_Per_Count
unt
d_Config
dget_Alert
e :: 1= VMware, 2 = AWS
ance_Name_Label
dget_Type_Label
dget_Resource_Label
dget_Disk_Label
_Disk_Label
sionDB_Disk_Label
taDB_Disk_Label
ex_Disk_Label
dget_Footer_Label
dget_Footer_Value
Us_Per_Count
UsGHz_Per_Count

AM_Per_Count
PS
OPS
DiskTB_Per_Count
sionDB_Per_Count
taDB_Per_Count
exDB_Per_Count
alDiskTB_Per_Count
1=NW Server, 2=Broker, 3=ESA+CH, 4=UEBA, 5=VLC

VMware, 2 = AWS, 3 = Azure
ame_Label
pe_Label
source_Label
oter_Label
oter_Value
e_Name

Hz
Name
ce_Name
GHz
nce_Name
s
sGHz
M
S
PS
TB

e
ollected to Calculate
nfig
Alert
= VMware, 2 = AWS, 3 = Azure

_Name_Label
Type_Label
Resource_Label
Disk_Label
_Label
B_Disk_Label
DB_Disk_Label
_Disk_Label
sk_Label
Footer_Label
Footer_Value

er_Count
Hz_Per_Count
er_Count
B_Per_Count
B_Per_Count
DB_Per_Count
_Per_Count
_Per_Count
lTB_Per_Count
nt
d_Config
get_Alert
e :: 1= VMware, 2 = AWS, 3 = Azure

ance_Name_Label
get_Type_Label
get_Resource_Label
get_Disk_Label

Disk_Label
sionDB_Disk_Label
taDB_Disk_Label
ex_Disk_Label
get_Footer_Label
get_Footer_Value
Us_Per_Count
UsGHz_Per_Count
M_Per_Count
PS
OPS
DiskTB_Per_Count
sionDB_Per_Count
taDB_Per_Count
exDB_Per_Count
alDiskTB_Per_Count
nfig
lert

VMware, 2 = AWS, 3 = Azure
Name_Label
ype_Label
esource_Label
Disk_Label
Label
B_Disk_Label
Disk_Label
k_Label
ooter_Label
ooter_Value
er_Count
z_Per_Count
r_Count
_Per_Count
_Per_Count
Per_Count
Per_Count
TB_Per_Count

``

Compression Factor
Device Avg Message Size Avg EPS/Device Raw Bytes/Second Raw Bytes/Day
aix 193.42 0.5 96.71 8355704.22
apache 304.54 0.3 91.36 7893609.80
cacheflow 357.77 34.5 12342.91 1066427758.71
checkpointfw1 371.75 29.6 11003.88 950735562.13
ciscoacs 192.03 0.3 57.61 4977541.19
ciscocontenteng 254.73 1.0 254.73 22008558.73
ciscocss 154.39 0.3 46.32 4001914.39
ciscoidsxml 496.60 0.4 198.64 17162426.63
ciscopix 210.57 30.1 6338.16 547617159.53
ciscorouter 178.73 0.3 53.62 4632674.07
ciscoswitch 156.91 0.3 47.07 4067236.35
ciscovpn 224.56 0.5 112.28 9700833.59
epolicy 325.06 0.3 97.52 8425560.02
extremesw 123.28 0.3 36.98 3195483.77
foundryswitch 137.68 0.3 41.31 3568754.02
hpswitch 133.64 0.3 40.09 3463842.19
hpux 169.83 0.3 50.95 4402038.06
intelvpn 135.77 29.3 3978.07 343705442.50
intrushield 302.12 0.3 90.64 7830867.68
ironport 148.40 0.3 44.52 3846487.50
iss 262.08 0.4 104.83 9057384.00
ita 576.72 0.5 288.36 24914216.75
junipervpn 277.50 0.3 83.25 7192798.24
linux 137.28 1.3 178.47 15419804.83
mazu 275.67 0.3 82.70 7145280.00
microsoftiis 399.03 0.3 119.71 10342891.87
msexchange 382.11 0.3 114.63 9904282.45
mssql 440.70 0.3 132.21 11422888.98
nfrnids 716.69 0.3 215.01 18576512.12
nic 243.18 4.5 1094.33 94550058.49
nokiaipso 151.52 1.1 166.67 14400708.27
nortelpassport 152.33 0.3 45.70 3948361.64
nortelvpn 214.29 0.3 64.29 5554370.72
oracle 474.09 0.3 142.23 12288380.76
rhlinux 175.52 0.5 87.76 7582637.29
rsaacesrv 278.61 0.3 83.58 7221459.44
sns 376.77 0.3 113.03 9765856.55
solaris 201.08 0.3 60.32 5211887.22
tippingpoint 274.69 0.3 82.41 7119948.27
unknown 210.48 0.5 105.24 9092940.64
winevent_nic 426.82 0.9 384.14 33189746.70
winevent_snare 323.79 0.5 161.90 13987921.01
Total 143 38934 3363909791

0.29
Compressed Bytes/Day Com. GB/Day Com. GB/Year

2423154.22 0.00 0.82
2289146.84 0.00 0.78
309264050.03 0.29 105.13
275713313.02 0.26 93.72
1443486.95 0.00 0.49
6382482.03 0.01 2.17
1160555.17 0.00 0.39
4977103.72 0.00 1.69
158808976.26 0.15 53.98
1343475.48 0.00 0.46
1179498.54 0.00 0.40
2813241.74 0.00 0.96
2443412.40 0.00 0.83
926690.29 0.00 0.32
1034938.67 0.00 0.35
1004514.24 0.00 0.34
1276591.04 0.00 0.43
99674578.32 0.09 33.88
2270951.63 0.00 0.77
1115481.38 0.00 0.38
2626641.36 0.00 0.89
7225122.86 0.01 2.46
2085911.49 0.00 0.71
4471743.40 0.00 1.52
2072131.20 0.00 0.70
2999438.64 0.00 1.02
2872241.91 0.00 0.98
3312637.81 0.00 1.13
5387188.52 0.01 1.83
27419516.96 0.03 9.32
4176205.40 0.00 1.42
1145024.88 0.00 0.39
1610767.51 0.00 0.55
3563630.42 0.00 1.21
2198964.81 0.00 0.75
2094223.24 0.00 0.71
2832098.40 0.00 0.96
1511447.29 0.00 0.51
2064785.00 0.00 0.70
2636952.79 0.00 0.90
9625026.54 0.01 3.27
4056497.09 0.00 1.38
975533839 0.91 331.62

Appliance Reference
Series 6 Core
NW Server, Decoder, Concentrator, Broker, Archiver, Malware
Description
Model
Processor
Processor Speed
Processor Cache
Processor # of Cores
Processor # of Processors
Processor # of Threads
Total Memory
Internal Disk Controller Type
External Disk Controller Type
SAN Connectivity (HBA) - Optional
Remote Management Card
Series 6 Drives
Series 6E Drives
Chassis
Weight
NIC Card

Dimensions
Power
BTU/hr
Series 5 Core
NW Server, Decoder, Concentrator, Broker, Archiver, Malware
Description
Model
Processor
Processor Speed
Processor Cache
Total Memory
SAN Connectivity (HBA) - Optional
Drives
Chassis
Weight

NIC Card
Dimensions
Power

Series 6 ESA/Analytics
tor, Broker, Archiver, Malware Event Stream Analysis, UEBA
Specification Description
Dell PowerEdge R640 Model
Intel Xeon Gold 6134 Processor
3.2 Ghz Processor Speed
24.75 MB Processor Cache
8 Processor # of Cores
2 Processor # of Processors
16 Processor # of Threads
128 GB Total Memory
Dell PERC H740P Internal Disk Controller Type
Dell PERC H840 External Disk Controller Type
Emulex 2x16Gb Fiber SAN Connectivity (HBA)
iDRAC8 Enterprise Remote Management Card
Total – 4 Drives
2 X 1TB, NL-SAS 7.2K Series 6 Drives
2 X 2TB, NL-SAS 7.2K
Total – 4 Drives
2 X 1.2TB, SAS 10K SED Series 6E Drives
2 X 2.4TB, SAS 10K SED
1U Chassis
21.9 kg (48.28 lbs) Weight
Intel X710
Dual Port 10 Gigabit DA/SFP+ NIC Card
Dual Port I350 1 Gigabit

H: 4.28 cm (1.68 in.)
W: 48.20 cm (18.97 in.) Dimensions
D: 79.47 cm (31.29 in.)
1100W Power
Redundant
4,100 BTU/hr (Maximum) BTU/hr
Series 5 ESA
tor, Broker, Archiver, Malware Event Stream Analysis
Specification Description
Dell PowerEdge R630xl Model
Intel Xeon E5 -2667v3 Processor
3.2 Ghz Processor Speed
20 MB Processor Cache
8 Processor # of Cores
2 Processor # of Processors
16 Processor # of Threads
128 GB Total Memory
Dell PERC H730 Internal Disk Controller Type
Dell PERC H830 External Disk Controller Type
Emulex 2X8Gb Fiber SAN Connectivity (HBA)
iDRAC8 Enterprise Remote Management Card
Total – 6 Drives
2 X 1TB, 2.5” HDD Drives
4 X 2TB, 2.5” HDD
1U Chassis
18.4 kg (40.5 lbs) Weight

On Board
2 X 10 Gb Copper NIC Card
2 X 10 Gb & 2 X 1Gb Copper
* Other Options Available
H: 4.28 cm (1.68 in.)

W: 48.23 cm (18.98 in.) Dimensions
D: 75.51 cm (29.72 in.)
1100W Power
Redundant

RSA | NETWITNESS
BA
Specification
Dell PowerEdge R640
Intel Xeon Gold 6126
2.6 Ghz
19.25 MB
12
2
24
256 GB
Dell PERC H740P
Dell PERC H840
N/A
iDRAC8 Enterprise
Total – 6 Drives
4 X 2TB, SAS 10K
Total – 6 Drives
1U
21.9 kg (48.28 lbs)
Intel X710
Dual Port 10 Gigabit DA/SFP+

H: 4.28 cm (1.68 in.)
W: 48.20 cm (18.97 in.)
D: 79.47 cm (31.29 in.)
1100W
Redundant
4,100 BTU/hr (Maximum)
Specification
Dell PowerEdge R630xl
Intel Xeon E5 -2680v3
2.5 Ghz
30 MB
12
2
24
256 GB
Dell PERC H730
Dell PERC H830
N/A
iDRAC8 Enterprise
Total – 6 Drives
2 X 1TB, 2.5” HDD
4 X 2TB, 2.5” HDD
1U
18.4 kg (40.5 lbs)

On Board
2 X 10 Gb Copper
H: 4.28 cm (1.68 in.)

W: 48.23 cm (18.98 in.)
D: 75.51 cm (29.72 in.)
1100W
Redundant

RSA | NETWITNESS SCENARIO PLANNER v11.3.11.2019
Series 6 Hybrid
Network Hybrid, Log Hybrid, Endpoint Log Hybrid
Description
Model
Processor
Processor Speed
Processor Cache
Total Memory
SAN Connectivity (HBA)
Series 6 Drives
Series 6E Drives
Chassis
Weight
NIC Card

Dimensions
Power
BTU/hr
Series 5 Hybrid
Network Hybrid, Log Hybrid
Description
Model
Processor
Processor Speed
Processor Cache
Total Memory
SAN Connectivity (HBA)
Drives
Chassis
Weight

NIC Card
Dimensions
Power

TNESS SCENARIO PLANNER v11.3.11.2019
dpoint Log Hybrid

Specification
Dell PowerEdge R740
Intel Xeon Gold 6132
2.6 Ghz
19.00 MB
14
2
28
128 GB
Dell PERC H740P
Dell PERC H840
Emulex 2x16Gb Fiber
iDRAC8 Enterprise
Total – 14 Drives
2 X 1.6TB, SSD
Total – 14 Drives
2 X 1.92TB, SSD SED
10 X 8TB, NL-SAS 7.2K SED
2U
33.1 kg (72.91 lbs)
Intel X710
Dual Port 10 Gigabit DA/SFP+

H: 8.68 cm (3.42 in.)
W: 48.20 cm (18.98 in.)
D: 73.75 cm (29.04 in.)
1100W
Redundant
4,100 BTU/hr (Maximum)
Specification
Dell PowerEdge R730xd
Intel Xeon E5 -2680v3
2.5 Ghz
30 MB
12
2
24
128 GB
Dell PERC H730
Dell PERC H830
N/A
iDRAC8 Enterprise
Total – 14 Drives
2 X 800GB, 2.5" SSD
4 X 1TB, 3.5” HDD
8 X 6TB, 3.5” HDD
2U
36.5 kg (80.47 lbs)

On Board
2 X 10 Gb Copper
H: 8.73 cm (3.44 in.)

W: 44.40 cm (17.49 in.)
D: 68.40 cm (26.92 in.)
1100W
Redundant

RSA NetWitness Scenario Planner v11.3.11.2019

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

RSA NetWitness Scenario Planner v11.3.11.2019

Загружено:

Авторское право:

Доступные форматы

NETWOR R S A | N E T W I T N E S S SC E N A R I O PL AN N E R

Input Approximate Bill of Materials Omit MA Add ESA

Decoder Appliance Concentrator Appliance Hybrid Appliance

≈ 15.5 Days ≈ 120.3 Days Meta Retention ≈ 113.3 Days

Decoder VMs Concentrator VMs Other VMs

Decoder VMs 1 Concentrator VMs 1 Virtual Machines 1

Disk Allocation Per VM Disk Disk Allocation Per VM Disk

# Internal Use - Confidential

Event Utilization 50%

Metadata Ratio 100%

Meta Retention 60 Days

Long Term Retention 365 Days

Warm / Cold Retention 0 Days

Per Day Per Period

# Internal Use - Confidential

Disk Allocation Per VM Disk

Minimum Required TOTAL IOPS Per VM 200

# Internal Use - Confidential

# Internal Use - Confidential

Disk Allocation Per VM Disk

Minimum Required TOTAL IOPS Per VM 2,750

# Internal Use - Confidential

Bill of Materials Add Archiver Add ESA Omit UEBA

UEBA User 10,000 Quantity

Online Physical Host Installation Guide

# Internal Use - Confidential

Disk Allocation Per VM Disk

Minimum Required TOTAL IOPS Per VM 400

# Internal Use - Confidential

This | NETWITNESS SCENARIO PLANNER assumes

# Internal Use - Confidential

Online Virtual Host Installation Guide

Online AWS Installation Guide

Online Azure Installation Guide

Minimum Required TOTAL IOPS Per VM 450

Send Us Feedback 11.3.11.2019

# Internal Use - Confidential

# Internal Use - Confidential

Line Rate 1,000 Mbps

Meta Retention 45 Days

SKU Count SKU Throughput Per Day

Per Day Per Period

Event Size 500 Bytes

Metadata Ratio 100%

# Internal Use - Confidential

Meta Retention 90 Days

SKU Count SKU Throughput Per Day

Per Day Per Period

# Internal Use - Confidential

Line Rate 1,000 Mbps

Meta Retention 45 Days

SKU Count SKU Throughput Per Day

Per Day Per Period

Event Size 500 Bytes

Metadata Ratio 100%

# Internal Use - Confidential

Meta Retention 90 Days

SKU Count SKU Throughput Per Day

Per Day Per Period

# Internal Use - Confidential

Line Rate 1,000 Mbps

Meta Retention 45 Days

SKU Count SKU Throughput Per Day

Per Day Per Period