Forum Discussion

nafejeries's avatar
nafejeries
Copper Contributor
Apr 30, 2020

Slow performance after connected to multi threat feeds

Hi folks,   I understand Threat Intelligence connector is still in (Preview) mood. however, I would like to share my experience with slow performance/ unstable workbooks.   I have connected 10 fe...
CliveWatson's avatar
CliveWatson
Former Employee
May 01, 2020

nafejeries 

 

Hi, when did you have the issue, was it about 24hrs ago (yesterday morning)?

 

As you have deleted the workspace, its hard to help but did you get an access denied or was the data missing? 

 

Thanks 

  • nafejeries's avatar
    nafejeries
    Copper Contributor
    May 01, 2020

    CliveWatson Hi
    It was around after-noon. No, not access denied,

    - showing "Error" in the workbooks

    - configuring analytics rules slow

    - writing some KQL was taking long, +40 seconds, then I stopped it.

    simply, It was a performance issue and that was my lab.

     

    Simply, my configurations were:

    1- connect to 10 feeds from Limo Anomali, using the STIX connector, around 61k log alerts from these feeds within 24hrs

    2- enable most of the analytics rules for TI, most of them to run every 1 hours for logs from 14 days.

     

    The Engineering team can replicate these config and see 🙂