# Appendix A
## **Sensor**
Sensor is a gateway appliance (physical in most cases) that receives a SPAN/Mirror copy of all the traffic moving in and out of the firewall. Most Static Analysis and DPI happen at the sensor. The Sensor is also responsible for describing the traffic model(s) and sending over the metadata to the master for further analysis.
### **Recommended Configuration**
| **Bandwidth** | **CPU/Cores** | **Threads** | **RAM (GB)** | **SSD (GB)** |
| ------------- | ------------- | ----------- | ------------ | ------------ |
| **500 Mpbs** | **8** | **16** | **32** | **256** |
| **1Gbps** | **16** | **32** | **64** | **512** |
| **5Gbps** | **36** | **72** | **320** | **2000** |
| **10Gbps** | **72** | **144** | **512** | **4000** |
## Log Collector
Is used to collect Logs and Flows from the client network. It needs to upload the compressed data to Collector in the cloud.
### Recommended Configuration
| **EPS** | **CPU** | **RAM (GB)** | **Diskspace (GB)** |
| ---------- | --------------------- | ------------ | ------------------ |
| 500-1000 | 4 cores / 8 threads | 16 | 128 |
| 1000-2000 | 8 cores/ 16 threads | 32 | 256 |
| 2000-5000 | 8 cores/16 threads | 64 | 256/512 |
| 5000-10000 | 16 cores / 32 threads | 128 | 1TB |
## Responder
Is responsible agentless Response & Remediation and needs to communicate with the Master in the cloud.
### Recommended Configuration
| **Size** | **Response & Remediation** only | **Threat Hunt** (IOCs based live or log hunts) | **Generic Hunts** (artifact collection viz., memory, services, autostart etc.,) |
| -------------------- | ---------------------------------- | ---------------------------------------------- | ------------------------------------------------------------------------------- |
| 100-200 endpoints | 16GB RAM, 8 cores, 128GB Diskspace | 16GB RAM, 8 cores, 128GB Diskspace | 32GB RAM, 8 cores, 128GB Diskspace |
| 200-1000 endpoints | 16GB RAM, 8 cores, 128GB Diskspace | 32GB RAM, 8 cores, 128GB Diskspace | 32GB RAM, 8 cores, 256GB Diskspace |
| 100-3000 endpoints | 16GB RAM, 8 cores, 128GB Diskspace | 64 GB RAM, 16 cores, 256GB Diskspace | 64GB RAM, 16cores, 512GB Diskspace |
| 3000-5000 endpoints | 16GB RAM, 8 cores, 128GB Diskspace | 64GB RAM, 16 cores, 256GB Diskspace | 64GB RAM, 16 cores, 1TB Diskspace |
| Upto 10000 endpoints | 16GB RAM, 8 cores, 128GB Diskspace | 128GB RAM, 32 cores, 512GB Diskspace | 16GB RAM, 8 cores, 2TB Diskspace |
| Above 10k+ | Call for specs | Call for specs | Call for specs |
## Sample Deployment Architecture
Simple network architecture depicting Sensor, Log Collector and Responder in a typical deployment.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.blusapphire.io/appendix-a.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.