The Threat Stack CSP is a responsive application. The Threat Stack CSP uses minimal system resources when host activity is normal. However, during a host’s busy periods, which generate an influx of events, Threat Stack ramps up its monitoring and logging activities to gather and process those events. This temporarily increases the system resources the Threat Stack CSP uses.
If your typical resource load is high, such as 90% or more, then during busy periods on the host the Threat Stack CSP cannot fully ramp up to deliver complete traceability of events. In this situation, the Threat Stack CSP may disconnect or not provide full coverage.
In your resource load estimates for the host please plan for resource ramp-ups from the Threat Stack CSP during busy periods.