CPU and memory usage is high in Security Analytics
search cancel

CPU and memory usage is high in Security Analytics


Article ID: 222872


Updated On:


Security Analytics


The system may be using more memory and cpu than is needed if the Anomaly Detection feature is enabled, but not used.  This will not typically be an issue unless the system load is high due to a high capture rate and/or rules which are poorly formed.


Memory usage by Anomaly Detection is 5GB per capturing interface.  If the feature is not in use, this can be disable in the GUI.


If you expect high traffic and you are not using any Rules which use the Anomaly Detection feature, the memory and cpu usage will be higher than necessary.  You will free up 5GB of memory per interface by disabling Anomaly Detection in Settings -> Data Enrichment.  In the Data Enrichment Profiles box, select the drop down and set it to "Full Data Enrichment, (No Anomaly Detection)".  There is no reboot required.  The only impact is more memory available for Rules and Packet Capture.  There will also be more cpu available because the process to support Anomaly Detection is disabled.