|
|
|
|
|
|
by slt2021
1246 days ago
|
|
|
the reason for that is near real-time detection of threats requires aggregation of terabytes of data according to rules (continuous GROUP BY on thousands columns on a sliding window) - and these aggregates by design have to be stored in RAM. Otherwise these detections stop being near-realtime and become offline detection instead, just like any other sql server. |
|
|