This document answers some of the most commonly asked question(s) regarding ATI Enhancement's effect on the DAS database size and overhead
What is the common effect of ATI Enhancement on the existing DAS database in regards to the database growth and performance?
The ATI Enhancement will produce new events that are stored in the database. The number of new ATI events will vary between customers depending on the activities in their environment that could trigger ATI events. These events are like the regular Bit9 Security Platform events, but they are more focused on ATI related activity. We found no noticeable impact during internal testing and with our early customers in regards to performance of the database for these added events.
Since these ATI events are just like the regular Bit9 Security Platform events, they are purged using the settings in Administration > System Configuration > Events tab > Event Log Management. By default, they are set to purge events older than 4 weeks or 10% of the oldest events when the total count is more than 1M events (whichever comes first). The typical size of 1M events is around 500 MB. Archiving and external event logging can also be set on the same page (for details, please see Using Bit9 Security Platform – v7.0.0)