ArcSight Logger Review

Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.


What is most valuable?

Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.

What needs improvement?

We have issues with connecting standard HP network devices as they appear to not be supported by HP ArcSight. One company/product is not aligned and apparently it is expected that all the network data is in CEF format, which is impossible for the HP network sources to deliver. Instead, HP ArcSight should be able to handle any file format.

For how long have I used the solution?

We are still currently implementing it.

What was my experience with deployment of the solution?

There were no issues deploying it.

What do I think about the stability of the solution?

We have had no stability issues.

What do I think about the scalability of the solution?

There have been no issues scaling it.

How are customer service and technical support?

I'd rate technical support a 7/10.

Which solution did I use previously and why did I switch?

There was no previous solution in place.

How was the initial setup?

It's complex for several reasons -

  • Targeting and logic of systems
  • Bandwidth dependencies
  • Data privacy
  • Location
  • FW settings
  • File formats

What about the implementation team?

We're using a vendor team.

What was our ROI?

It is very expensive for what it delivers. Licensing is set at 80 servers, just enough to catch the most important ones.

**Disclosure: My company has a business relationship with this vendor other than being a customer: We're a third-party vendor.
More ArcSight Logger reviews from users
...who work at a Government
...who compared it with IBM QRadar
Add a Comment
Guest