Forum Discussion

Copper Contributor

Feb 07, 2018

Azure ATP network traffic

Hi All, I'm planning on turning on Azure ATP but due to our network bandwidth and a little worried about the log size and amount of logs that will be generated. can anyone who is already ...

Astrid McClean

Former Employee

Feb 13, 2018

Hi Khaled,

The amount of data sent to Azure ATP is dependent on the amount of traffic your Domain Controllers receive. Typically, after we parse the traffic, we send only 1-3% of the total traffic to the service for processing.

In terms of logs, these will be held on the DC which is running the Sensor and again the size will depend on how busy your environment is. We recommend that 10GB of free space is available for Sensor logs.

Let us know if you have any further questions.

bryanb

Brass Contributor

Jun 05, 2020

Astrid McClean Hi Astrid,
Can you tell me if the capacity information "we send only 1-3% of the total traffic to the service for processing." is current?

If so, would I use the network performance data captured in the capacity planning tool?
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning

Would I use 1-3% of Max Packet /secs column?

Thank you

Dimitry Izotov
Brass Contributor
Oct 28, 2020
bryanb
Astrid McClean would love to know the answer to the question above as well.