This document details the performance benchmark tests conducted in CyberSponse labs. The performance benchmarking tests were performed on CyOPs™ version 5.0.0 Build 866.
The objective of this performance test is to measure the time taken to create alerts in CyOPs™, and complete the execution of corresponding playbooks on the created alerts on a single-node CyOPs™ appliance and a cluster setup of CyOPs™.
The data from this benchmark test can help you in determining your scaling requirements for CyOPs™ instance to handle the expected workload in your environment.
Component | Specifications |
CPU | 8 CPUs |
Memory | 32 GB |
Storage | 250 GB virtual disk running on top of Samsung SSD 360 Pro model attached to VMware ESX server |
Operating System | Kernel Version |
CentOS 7 | 3.10.0-957.5.1.eI7.x86_6 |
At the start of each test run -
The test was executed using an automated test bed that initiated HTTPS calls per clock tick ( x alerts ingested per second ) which created alerts in CyOPs™ and then triggered a playbook for each alert created. Steps are as follows:
The data in the following tables outlines the number of alerts ingested in a clock tick, the total time taken to ingest those alerts, and the total time taken for all the playbooks triggered to finish execution.
Number of alerts created in CyOPs™ | Total time taken to create all alerts in CyOPs™ (in seconds) | Total time taken to execute all Playbooks (in seconds) |
25 | 6 | 10.755 |
50 | 11 | 23.729 |
100 | 23 | 47.240 |
150 | 27 | 70.388 |
170 | 37 | 79.673 |
Number of alerts created in CyOPs™ | Total time taken to create all alerts in CyOPs™ (in seconds) | Total time taken to execute all Playbooks (in seconds) |
25 | 4 | 7.111 |
50 | 7 | 13.656 |
100 | 16 | 26.456 |
150 | 22 | 37.307 |
170 | 24 | 44.557 |
200 | 26 | 53.43 |
300 | 39 | 77.537 |
In the sustenance test conducted on a two-node Active-Active CyOPs™ cluster, we could ingest 100 Alerts every 30 secs over 24 hours and observed that 176904 alerts were generated and corresponding playbooks successfully completed.
In the sustenance test conducted on a single node machine we could ingest 100 Alerts every 30 secs over 24 hours and observed that 15017 alerts were generated and corresponding playbooks successfully completed.
* The number of alerts ingested in the system are the same as the alerts generated by the performance tool.Based on this test, we conclude, that CyOPs™ could process an average of 6250 alerts in an hour in a single node and 7084 alerts in an hour in a two-node Active-Active CyOPs™ cluster. This includes creation of alerts, and running corresponding playbooks to process the alerts.
In a production environment the following factors might vary, which could affect the observations:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.