Instance Configuration Recommendations

AWS Instance Configuration Recommendations

Note: These recommendations can be used as a baseline for 12.5.0.0 and adjusted as needed.

This topic contains the minimum AWS instance configuration settings recommended for the NetWitness virtual stack components.

EC2 Instance:
- Instance type adjustments -you must adjust instance types according to your ingestion rate, content and parsers, dashboard reports, scheduled reports, investigations, and active users.
- Recommended settings - the recommended settings in the NW component instance tables below were calculated under the following conditions.
  - Ingestion rates of 15,000 EPS and 1.5 Gbps were used.
  - All the components were integrated.
  - The Log stream includes a Log Decoder, Concentrator, and Archiver.
  - The Packet stream includes a Network Decoder and Concentrator.
  - The Endpoint Hybrid stream includes a Endpoint Server, Concentrator and Log Decoder.
  - Respond is receiving alerts from the Reporting Engine and Event Stream Analysis.
  - The background load includes reports, charts, alerts, investigation, and respond.
Block Storage

For more information on the required volumes and the storage allocations, see the Storage Guide for NetWitness® Platform 12.3.