Professional Documents
Culture Documents
Specification Sheet: Mcafee Siem Appliances
Specification Sheet: Mcafee Siem Appliances
Specification Sheet: Mcafee Siem Appliances
April 2020
ESM-ELM-ERC-5775 2U 90V to 132V & 47 Hz to 63 1300W x 2 691 W 3.1 52 lbs Up to 10,000 (Operating) 10C to 35C (50F to 95F) 2354
ESM-ELM-ERC-6075 3 1/2"H x 17 1/4" W 180V to 264V Hz 728 3.3 56 2479
ESM-5775 x 28"L 691 3.1 52 2354
ESM-6075 728 3.3 56 2479
ELM-SSD-6/ELS-SSD-6 628 2.8 47 2137
ELM-5775/ELS-5775 691 3.1 52 2354
ELM-6075/ELS-6075 728 3.3 56 2479
ERC-2675 624 2.8 46 2125
ERC-3575 642 2.9 47 2186
ERC-SSD-6 628 2.8 47 2137
ACE-2675 624 2.8 46 2125
ACE-SSD-6 628 2.8 47 2137
ADM-3575 642 2.9 47 2186
ERC-1270 1U 90V to 132V & 47 Hz to 63 400W x 1 192.6 W 1.8 20 Up to 10,000 (Operating) 10C to 35C (50F to 95F) 656
ADM-1270 1 5/8"H x 17 1/4" W 180V to 264V Hz
x 21 5/8"L
DAS-120 4U 100-240 VAC 50/60 Hz 800W x 2 332 W 10@100- 105 lbs Up to 10,000 Ft (Operating) @ 68F 0C to 35C (32F to 95F) 1331
DAS-250 6 7/8” H x 19”W x full range 663 127VAC/ 146 lbs (operating) 2661
33 1/2”L 5@200- -20C to 60C (-4F to 140F)
240VAC (non-operating)
1. Maximum Ingestion Events Per Second (iEPS) describes peak advertised EPS for this appliance. iEPS is based on out-of-box settings with no adjustments to default event or flow aggregation and very limited overall SIEM user activity (Users, Alarms, Reports, IoCs, etc.). Any
customization in the configuration or increase in user activity may result in reduced observed EPS rates.
2. Maximum Query Events Per Second (qEPS) describes what a typical ESM appliance could expect to achieve under normal, active ESM usage conditions and reduced levels of event aggregation. Max qEPS assumes multiple analysts are accessing the system simultaneously while
background activities such as Alarms, Reports and CyberThreat (IoC) queries are executing. In addition, Max qEPS assumes that customers would adjust the event and flow aggregation rates lower than out-of-box settings. McAfee recommends using qEPS numbers as the basis for
sizing most ESM designs. Note that Max qEPS represents best performance estimates based on observations with typical larger enterprise customers; aggressive customizations or dramatic increases in user activity may result in reduced observed iEPS rates.
3. This is the total raw, unformatted storage available for a given appliance. Please note that usable storage capacity may vary by as much as 40% less, depending on the model, based on RAID configuration, operating environment, data cardinality, software version, and a number of
additional factors based on deployment customizations. For virtual models, the minimum space is a recommendation based on typical operating environments. McAfee SIEM virtual appliances may use as little as 250 GB but operating performance may not be optimal.
4. For ESM, ELM, ERC and ACE Virtual Applications, the 4-CORE-ADDON EPS values are on a per 4-Core basis. Each 4-CORE-ADDON purchased will increase its respective level of EPS for a given virtual appliance. Please Note that there is a 32-core maximum for any given
virtual appliance.
5. For ERC and ADM VM’s, it is recommended that a minimum of 1TB of storage be allocated for the base VM and 500GB for each 4-CORE-ADDON. For ESM and ELM VM’s space should be calculated based on the customer’s data retention requirements. In addition, for all virtual
appliances, especially the ESM, it is recommended that customers use dedicated SSD storage in order to reach higher Ingestion and Query EPS performance levels.
6. For standalone ERC’s, the Mgmt port(s) are used for management and event ingestion while the monitoring ports are used for flow monitoring via a SPAN or TAP port. For HA ERC’s, 2 ports must be configured for Mgmt and event ingestion, 2 ports are used to connect the ERC HA
pair together, and the remaining ports can be used for flow monitoring or additional management. For ADM, the 2 Mgmt ports are used for management and the 4 monitoring ports are used to monitor application or database event traffic. Please note that All McAfee SIEM
appliances, except DAS-120 and DAS-250, have IPMI adapters which can be used for remote console access. However, for HA ERC configurations, the IPMI port is used for the HA configuration and cannot be used for remote management. Because IPMI is not
available in virtual appliances, virtual ERCs do not support HA configuration.
7. For Appliances which ship with dual power supplies, these power units are hot swappable and can be replaced while the appliance is powered on.
8. Power consumption values will vary depending on the individual environment and system usage.
McAfee SIEM appliance specifications and descriptions herein are provided for information only, are subject to change without notice, and are provided without warranty of any kind, expressed or implied.
2821 Mission College Blvd. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be
Santa Clara, CA 95054 claimed as the property of others. Copyright © 2020 McAfee, LLC. 4453_0420
888.847.8766 APRIL 2020
www.mcafee.com