On Tue, 16 Jul 2019 15:54:10 -0600, Ken Gilmour said:
We have a different use case to traditional analytics - We're aimed at consumers and small businesses, so instead of a SOC with one big screen refreshing 10000 rows of only alert data every 30 seconds, we have thousands of individuals refreshing all of their data every 30 seconds because there are comparatively less alerts for individuals than enterprises.
Plenty of room for lots of optimizations there, especially in conjunction with some client-side caching. If they're generating enough *new* events every 30 seconds to cause any significant load, they're either in the middle of a major event (something that shouldn't happen too often) or they have the logging is set to be so verbose that they're likely to miss actual important messages.