What is our primary use case?
We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.
What is most valuable?
The most valuable feature is the log monitoring.
What needs improvement?
ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced.
ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources.
The API needs to be improved.
Which solution did I use previously and why did I switch?
I have used other log management solutions including Splunk and Elasticsearch. I also use QRadar as a more general SIEM.
What other advice do I have?
This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch.
I would rate this solution a six out of ten.