Reduction of the database size

Disk Space Consumption Reduction

 

The ways to reduce the disk space usage are:

1.Store the low-level data for the shortest possible time. The database size is proportional to the amount of low-level data stored in the database, so lower the amount by keeping the low-level date as briefly as possible. This can be configured through tabs Admin->Server Settings->Database Retention.

note

Note

A low-level event is something a process does. So, write a file, do a DNS lookup, create a registry entry, etc. These can be seen in the Events view.

2.Store less low-level data. Instead of storing all data, keep only the most important data or data related directly to detections. This will not lower the protection because everything is still being analyzed to detect suspicious activity even if not everything is stored. The amount of stored data can be changed in the tab Admin->Server Settings->Data collection. But some EEI features don’t work or are limited when not everything is stored. More information about these limitations is here.

3.Use Event Filters to selectively not store low-level events from some executables or computers. Dashboard->Events Load helps to find executables and computers that report most low-level events and where filters should be applied.

4.Check database settings that can cause increased disk usage:

a.For MySql, check binary log usage. See more information here.

b.For Microsoft SQL Server, check recovery models. See more information here.

These settings are commonly used for backups so if they are needed, make sure that they are configured and used correctly.