The Problem: Too Many Indicators, Too Much Memory:
One of the prevalent issues faced by security systems is the strain on memory caused by an excessive number of indicators.
A Strategic Solution: Taking a Step-by-Step Approach:
To address this challenge, consider a shift in the workflow. Instead of linking indicators immediately to alerts, implement a step-by-step process:
-
Separate Creation and Linking:
- Begin by creating indicators independently without immediately connecting them to the alert. This prevents an initial surge in memory usage.
-
Consolidate Indicator Details:
- After indicator creation, compile all the indicator details into a unified list. This consolidation simplifies the subsequent linking process.
-
Efficient Linking:
- Finally, use a single step to link the consolidated list of indicators to the alert. This streamlined approach significantly reduces memory usage, optimizing system performance.
Please see the following images for more reference.
Image 1
Image 2
Image 3
