08-05-2011 04:04 AM - edited 03-10-2019 05:26 AM
08-09-2011 05:35 AM
Does the number of enabled signatures have an impact on the CPU usage?
Short answer: Yes. Long answer: It depends on signatures' status combination, configured Action(s), frequency of being matched, etc.
Overall, if you are simply testing/troubleshooting, you can Enable/Disable a signature, but if you plan on leaving it Disabled long-term, you should also Retire it to free up resources and improve sensor performance. The act of Retiring (or un-Retiring) a signature is itself a resource-intensive task for the sensor as its match/state tables have to be re-compiled, but once that completes the above status notes apply.
08-09-2011 05:35 AM
Does the number of enabled signatures have an impact on the CPU usage?
Short answer: Yes. Long answer: It depends on signatures' status combination, configured Action(s), frequency of being matched, etc.
Overall, if you are simply testing/troubleshooting, you can Enable/Disable a signature, but if you plan on leaving it Disabled long-term, you should also Retire it to free up resources and improve sensor performance. The act of Retiring (or un-Retiring) a signature is itself a resource-intensive task for the sensor as its match/state tables have to be re-compiled, but once that completes the above status notes apply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide