Arcsight Logger Review

It provides us with real-time correlation and longer-term log storage.

Valuable Features

  • Real-time correlation
  • Long-term log storage

Improvements to My Organization

It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.

Room for Improvement

I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.

Use of Solution

I've been using it for four years.

Deployment Issues

There have been no issues deploying it.

Stability Issues

It's highly stable and we haven't had any issues with instability.

Scalability Issues

The solution is designed to be easily scalable depending on different organizations and their existing expansions.

Customer Service and Technical Support

The level of technical support is intermediate. Although they're helpful and polite, they don't help with emergency situations. However, the global ArcSight community is sufficient for the resolution of most critical errors.

Previous Solutions

It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.

Initial Setup

The initial setup was a bit complicated to follow since there are many different components present within it. However, the complexity once learned adds a level of flexibility that you can play with.

Implementation Team

We did it through a vendor team. Proper planning in place ensures smooth execution.

Other Advice

Plan, implement, explore and protect.

Disclosure: My company has a business relationship with this vendor other than being a customer: We’re a partner company.
Add a Comment
Sign Up with Email