The objective of this performance test is to measure the time taken to create alerts in FortiSOAR™, and complete the execution of corresponding playbooks on the created alerts on a single-node FortiSOAR™ appliance and a cluster setup of FortiSOAR™.
The data from this benchmark test can help you in determining your scaling requirements for a FortiSOAR™ instance to handle the expected workload in your environment.
Component | Specifications |
CPU | 8 CPUs |
Memory | 16 GB |
Storage | 250 GB virtual disk running on top of Samsung SSD 360 Pro model attached to VMware ESX server |
Operating System | Kernel Version |
CentOS 7 | 3.10.0-1062.9.1.el7.x86_64 |
At the start of each test run -
The test was executed using an automated testbed that initiated HTTPS calls per clock tick (X alert API calls triggered at once) which created alerts in FortiSOAR™ and then triggered a playbook for each alert created. Steps are as follows:
The test is invoked in two different setups:
The data in the following tables outlines the number of alerts ingested in a clock tick, the total time taken to ingest those alerts, and the total time taken for all the playbooks triggered to finish execution.
Number of alerts created in FortiSOAR™ | Total time taken to create all alerts in FortiSOAR™ (in seconds) | Total time taken to execute all Playbooks (in seconds) |
25 | 4 | 2.5 |
50 | 5 | 3.33 |
100 | 7 | 6.23 |
Number of alerts created in FortiSOAR™ | Total time taken to create all alerts in FortiSOAR™ (in seconds) | Total time taken to execute all Playbooks (in seconds) |
25 | 2 | 1.39 |
50 | 3 | 1.88 |
100 | 5 | 3.91 |
In the sustenance test conducted on a two-node Active-Active FortiSOAR™ cluster, we could ingest 200 Alerts every 20 secs over 12 hours and observed that 381795 alerts were generated and corresponding playbooks successfully completed.
In the sustenance test conducted on a single node machine, we could ingest 100 Alerts every 20 secs over 12 hours and observed that 225257 alerts were generated and corresponding playbooks successfully completed.
Based on this test, we conclude that FortiSOAR™ could process an average of 18771 alerts in an hour in a single node and 31297 alerts in an hour in a two-node Active-Active FortiSOAR™ cluster. This includes the creation of alerts and running corresponding playbooks to process the alerts.
In a production environment the following factors might vary, which could affect the observations:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.