As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
As new versions of Windows or Linux operating systems are released, the original product guides might not reflect the current Technical Support policy for those platforms. This article provides latest information about supported platforms and environments. It's updated periodically to reflect the current state of support for the SIEM ESM. Most of the following information is available in the ESM installation guide. But, some of the information is available only in Product Management statements published in the Knowledge Base.
SIEM is managed and maintained through HTML5 and some settings through the flash interface. The minimum requirements for a host connecting to the ESM are provided in the following tables.
NOTE: We strongly recommend that you upgrade to the latest available version to benefit from all enhancements and resolved issues.
Recent updates to this article
Date
Update
March 13, 2024
Added release information for ESM 11.6.10 in the "Product release information" section.
November 29, 2023
Added release information for ESM 11.6.9 in the "Product release information" section.
Contents
Click to expand the section you want to view:
1 Release Notes for ESM 11.x are cumulative. Scroll down to see information for earlier versions.
Hardware Component
Requirement
Processor (CPU)
P4-class Intel® (not Celeron) or later (Mobile/Xeon/Core2/Core i3/5/7)
AMD/AMD2 class or later (Turion64/Athlon64/Opteron64/A4/6/8)
Memory (RAM)
16 GB
NOTES:
The SIEM VMs use many features that require CPU, RAM, and high-performance disks. If the ESXi environment shares the CPU and RAM requirements with other VMs, the performance of the ESM VM might be impacted. So, it's highly recommended that you use dedicated resources and high-performance SSDs.
ESM 10.3 and later VMs can be created on the Azure, Hyper-V 2016 and later, and XEN 6.5 and later platforms.
Hardware Component
Requirement
Processor (CPU)
8 core 64-bit, Dual Core2/Nehalem or later
AMD Dual Athlon64/Dual Opteron64 or later
Memory (RAM)
16 GB or more (depending on model)
Disk space
500 GB or more (depending on model)
ESXi Server
5.0 or later
Thick or Thin provisioning
You must decide the hard disk requirements needed for your server.
The minimum requirement is 500 GB unless the VM purchased has more. See the specifications for your VM product.
Product
Description
VMware Requirements
ESM, ELM, REC
"All-In-One" /
ETM-ELM
Provides SIEM, Log Management, and Network Analysis functions.
Includes the Event Receiver.
Provides compliant Log Management and collects data for correlation and analysis by the ESM.
ESM-ELM-ERC-VM:
VMware ESX/ESXi Server 5.x+8 Processor Core
16 GB of Memory
Recommended disk space: 500 GB1
ELM
The ELM provides Compliant Log Management functions.
ELM-VM:
VMware ESX/ESXi Server v.5.x+8 Processor Cores
8 GB of Memory
Recommended VM Environment of 500 GB
ELM-VM-4-CORE-ADDON:
VMware ESX/ESXi Server v.5.x+
4 extra Processor Cores (max 32 cores total)
16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2
Enterprise Log Search (ELS)
The ELS provides high-speed Elastic search functions.
ELS-VM:
VMware ESX/ESXi Server v.5.x+8 Processor Cores
8 GB of Memory
Recommended VM Environment of 500 GB
ELS-VM-4-CORE-ADDON:
VMware ESX/ESXi Server v.5.x+4 extra Processor Cores (max 32 cores total)
16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2
Event Receiver
The Receiver collects third-party logs, events, and flow data for correlation and analysis by the ESM.
ERC-VM:
VMware ESX/ESXi Server v.5.x+8 Processor Cores
8 GB of Memory
Recommended disk space: 500 GB1
ERC-VM-4-CORE-ADDON:
VMware ESX/ESXi Server v.5.x+4 more Processor Cores (max 32 cores total)
16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1
ACE
Provides RSC and Enterprise correlation.
Identifies and scores threat events in real time or historical mode, using both rule- and risk-based logic, for the ESM.
ACE-VM:
VMware ESX/ESXi Server v.5.x+8 Processor Cores
32 GB of Memory
Recommended disk space: 500 GB1 + 480 GB SSD2
ACE-VM-4-CORE-ADDON:
VMware ESX/ESXi Server v.5.x+4 extra Processor Cores (max 32 cores total)
16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 480 GB SSD2
ADM
The ADM decodes an application session to Layer 7. This decoding provides analysis of everything: protocols, session integrity, and contents of the application. (For example, the text of an email or its attachments.)
ADM-VM:
VMware ESX/ESXi Server v.5.x+8 Processor Cores
16 GB of Memory
Recommended disk space: 500 GB1
ADM-VM-4-CORE-ADDON:
VMware ESX/ESXi Server v.5.x+4 more Processor Cores
16 GB of Memory per 4-core add-on
Recommended disk space: 500 GB1 + 240 GB SSD2
Data Streaming Bus
Provides improved device interconnection and reliability.
DSB-VM:
VMware ESX/ESXi Server v.5.x+Azure/Hyper-V 2016 or later
Citrix XEN 6.5+32 Processor Cores
96 GB of Memory
Recommended disk space: 6 TB
1
Represents usable event and flow storage at 100 IOPS after RAID configuration.
2
Minimum 50 K IOPS for SSD; a minimum of 100 IOPS more storage is recommended.
ESM supports the following Microsoft Windows operating systems:
Microsoft ended extended support for Windows Server 2003 SP2 on July 14, 2015. As of the end of 2015, the only product we support with Windows Server 2003 SP2 is Application and Change Control.
The following web browsers are supported with the ESM. Because some features of the web application use pop-up windows, Technical Support recommends that you allow pop-ups for the IP address or host name of the ESM.
Browser
Version Needed
Mozilla Firefox
Version 42 or later
Google Chrome
Version 48 or later
Apple Safari
Version 5.1.7 or later
Microsoft Internet Explorer
Version 11 or later
Microsoft Edge
Microsoft Edge based on Chromium
Not supported
(Currently not tested)
SIEM products that are listed above support the following cloud services:
Amazon Web Services
Oracle Cloud Infrastructure
Microsoft Azure
This support enables a virtual deployment of the ESM. The ESM monitors and reports on cloud servers and other types of security infrastructure that are supported in its cloud environments.