1. HAWK eyeCon System Requirements

HAWK’s next generation of HAWK eyeCon allows customers to monitor, prioritize, and manage the extent and impact of the threat. In order to effectively and efficiently analyze and correlate logs across all of the networked systems, there are minimum and recommended system requirements that are needed to sustain and enhance system performance. These specific system specifications may change as additional programming changes are made and as additional hardware requirements are identified.

1.1. Recommended System Specifications

Even though the system may meet minimum requirements, there are recommended system specifications that allow for greater performance on both the data tier and engine tier. These recommended system specifications are shown below: Red Hat© Enterprise Linux 6 (RHEL6)/CentOS Linux 6 (Updated with the latest Service Packs)

1.2. Data Tier for HAWK-4500

The system specifications for the HAWK-4500 are shown below:

• Operating System:

  • HAWK_OS

• Disk/Storage:

  • Six 10k RPM drives

  • 480GB SSD Flash Cache

  • Space: 2.4TB storage capacity

• Memory:

  • 64GB RAM

• CPU:

  • Six Core 2.5GHz Processor (12 Threads)

  • 64 bit Architecture.

• Network:

  • Dual Gigabit network Cards

  • Recommend Jumbo frames to be enabled on both NIC and Switch.

1.3. Engine Tier for HAWK-2500

The system specifications for the HAWK-2500 are shown below:

• Operating System:

  • HAWK_OS

• Disk/Storage:

  • Solid State Disk

  • Space: 60GB storage capacity

• Memory:

  • 32GB RAM

• CPU:

  • Dual Six Core 2.5GHz Processor (24 Threads)

  • 64 bit Architecture.

• Network:

  • Dual Gigabit network Cards

  • Recommend Jumbo frames to be enabled on both NIC and Switch.

2. HAWK Virtual Appliance System Requirements

HAWK’s system provides a manner in which virtual clients have the ability to monitor, prioritize, and manage the extent and impact of threats to their systems. In order to effectively and efficiently analyze and correlate logs across all of these virtual systems, there are minimum and recommended system requirements that are needed to sustain and enhance system performance. These specific system specifications for the Virtual Appliance system may change as additional programming changes are made and as additional hardware requirements are identified.

2.1. Recommended Virtual Appliance System Specifications

Even though the Virtual Appliance system may meet minimum requirements, there are recommended specifications that ensures greater performance for these virtual clients. These recommended system specifications are shown below:

Note

Ideally no more than one Mongo member of a shard or vStream node should be on a single bare-metal server.

Warning

Absolutely no more than two Mongo members of a shard or vStream nodes should be on a single bare-metal server.

2.2. Data Tier HAWK-v4500

• Operating System:

  • Host Operating System:

    • VMware ESXi 5.0+ w/ Guest tools installed

    • Hyper-V w/ Guest tools installed

  • Guest Operating System:

    • HAWK_OS

• Disk/Storage:

  • Read IOPS: 900

  • Write IOPS: 450

  • Space: ((Consumption rate * retention) * compression) + 60GB

    • Consumption rate = Amount of events in GB per day.

    • Retention policy of active data in days.

    • Compression = ~0.33

    • 60GB for Operating System.

  • Virtual Machines should have reserved storage available to them. Should not be configured with storage overcommit.

• Memory:

  • Virtual Machines should have reserved memory available to them. Should not be configured with memory overcommit, as overcommitting memory will likely result in poor performance.

  • Memory: 24GB Recommended

  • Memory: 16GB Minimum

• CPU:

  • Virtual Machines should have 100% of the vCPU’s reserved.

  • 64 bit Architecture.

  • Minimum of 8 vCPU’s

• Network:

  • Gigabit Interface

  • Recommend Jumbo frames to be enabled on both NIC and Switch.

2.3. Engine Tier HAWK-v2500

• Operating System:

  • Host Operating System:

    • VMware ESXi 5.0+ w/ Guest tools installed

    • Hyper-V w/ Guest tools installed

  • Guest Operating System:

    • HAWK_OS

• Disk/Storage:

  • Read IOPS: 900

  • Write IOPS: 450

  • Space: 60GB

  • Virtual Machines should have reserved storage available to them. Should not be configured with storage overcommit.

• Memory:

  • Virtual Machines should have reserved memory available to them. Should not be configured with memory overcommit, as overcommitting memory will likely result in poor performance.

  • Memory: 16GB Recommended

  • Memory: 8GB Minimum

• CPU:

  • Virtual Machines should have 100% of the vCPU’s reserved.

  • 64 bit Architecture.

  • Minimum of 8 vCPU’s

• Network:

  • Gigabit Interface

  • Recommend Jumbo frames to be enabled on both NIC and Switch.