The system may be using more memory and cpu than is needed if the Anomaly Detection feature is enabled, but not used.  This will not typically be an issue unless the system load is high due to a high capture rate and/or rules which are poorly formed.

Memory usage by Anomaly Detection is 5GB per capturing interface.  If the feature is not in use, this can be disable in the GUI.

If you expect high traffic and you are not using any Rules which use the Anomaly Detection feature, the memory and cpu usage will be higher than necessary.  You will free up 5GB of memory per interface by disabling Anomaly Detection in Settings -> Data Enrichment.  In the Data Enrichment Profiles box, select the drop down and set it to "Full Data Enrichment, (No Anomaly Detection)".  There is no reboot required.  The only impact is more memory available for Rules and Packet Capture.  There will also be more cpu available because the process to support Anomaly Detection is disabled.

Another impact to disabling Anomaly Detection is that Elastic Search is no longer responding to requests.  This is perceived as a security threat but is not because the server firewall prevents requests from outside of the system itself.