System Requirements

Before installing CyberDoyen SIEM, ensure that your infrastructure meets the following minimum requirements.
Proper sizing is essential to achieve optimal performance and scalability.

Hardware Requirements

Note: CyberDoyen SIEM is I/O intensive. Using high-performance storage (e.g., NVMe or enterprise SSDs) is strongly recommended for production.

Software Requirements

• Operating System:
  • Linux (Ubuntu 22.04 LTS, RHEL 9, or equivalent)
  • Windows Server 2019 / 2022 (for limited deployments)
• Java Runtime:
  • Included and bundled (no separate installation required)
• Other Dependencies:
  • OpenSSL (for secure communications)
  • Sufficient ulimit settings (for file descriptors)

Understanding Events Per Second (EPS)

Events Per Second (EPS) is a key metric in SIEM systems.
It measures the number of individual log events the system can ingest, process, and store every second.

Higher EPS capacity is crucial for environments with:

• High-volume log sources (e.g., firewalls, EDRs, cloud audit logs)
• Real-time security monitoring requirements
• Retention of detailed forensic data

EPS directly impacts hardware sizing, storage planning, and system design.

CyberDoyen SIEM Performance

CyberDoyen SIEM is optimized to handle up to 50,000 EPS per deployment, depending on hardware, storage performance, and tuning.

• Small environments (up to 5,000 EPS) can run on a single server.
• Medium environments (5,000 - 20,000 EPS) benefit from a 2-3 node cluster.
• Large environments (20,000 - 50,000 EPS) require a distributed deployment with dedicated ingest, processing, and storage nodes.

Tip: Always plan headroom (~20%) above your expected peak EPS for smooth operation during traffic spikes.

Example Sizing

Next Steps

➡️ Proceed to Installation Guide once your environment is ready.