Enigma Sensor Hardware Requirements
The Enigma Sensor is a cross-platform network capture and processing agent. This page lists the hardware, operating system, and network requirements for deploying the sensor in production.
Minimum and recommended sizing
Size the sensor to the peak traffic volume it will inspect. The table below lists a bare-minimum floor plus three recommended tiers aligned to common network link speeds.
| Tier | Cores | RAM | Disk |
|---|---|---|---|
| Minimum | 2 | 4 GB | 20 GB |
| Small (up to 100 Mbps) | 4 | 8 GB | 100 GB |
| Medium (up to 1 Gbps) | 8 | 16 GB | 500 GB |
| Large (up to 10 Gbps) | 16 | 32 GB | 1 TB |
Disk figures are general guidance and are not tied to a specific PCAP retention window. Large deployments should tune PCAP retention and local buffering to keep disk usage minimal.
Operating systems
- Ubuntu 20.04 LTS, 22.04 LTS, or 24.04 LTS (native binary and systemd service)
- Windows 10 1809 or later (native service via NSSM)
- Any Linux distribution with Docker installed (container image available at ghcr.io/enigmanetz/enigma-sensor)
Network interfaces
- One NIC for management traffic and sensor communication with the Enigma API
- One capture source: a dedicated SPAN or mirror port, a network TAP, or a NIC in promiscuous mode
- On Windows, Npcap is strongly recommended over the built-in pktmon for capture throughput and promiscuous mode support
Platform guidance
- Linux is the preferred platform for production deployments. Windows with Npcap is supported across all sizing tiers.
- Disable host sleep and hibernation on sensor machines.
- Do not run a VPN client on the sensor host; VPN adapters will conflict with capture interfaces.
- Antivirus, EDR, and DLP software must allow packet capture, file creation in the sensor working directories, and container runtime operations if using Docker.
- Outbound TCP 443 to the Enigma API endpoint must be permitted through any corporate firewall, proxy, or DNS filter.