ArcSight Logger Review

Can handle a huge amount of logs and we are able to create use cases to fit our needs

What is our primary use case?

We have several uses for this solution like retention storage. We use Logger for some queries since we are in Talco industries. We use it for IT, MSISDN, and mobile phone. For the SM we have communication for the infrastructures including security. Plus, we use ESM for prevention and for a couple of cases we use it for fraud prevention and some for the VIP members check.

What is most valuable?

The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution.

What needs improvement?

The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved.

They should improve the speed of the indexing and queries being dumped. Technical support's response time could also be slightly improved. Although these two issues are not something bad, it's just the only things that I think have any possibility to improve, but they're not necessarily something that is bad.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

It is pretty much stable. From time to time we have cases of a connector crashing so the drama processing it is when it gets stuck but that is just an occasional case.

What do I think about the scalability of the solution?

It's pretty much scalable. You can just add remote connectors and you can add remote log types. One of the best parts of the product is FlexConnector. Implementing them is easy to configure. 

We have twenty users using this solution that mostly compromise of information security guys and cybersecurity. There are IT infrastructure engineers like Windows Unix engineers and some Talco fraud prevention specialists.

We have two guys operating this solution in these three countries so we require two to three people to maintain the whole thing.

How are customer service and technical support?

Their technical support is also good. Whenever we request anything they are arprompt and the guys are well trained. Any customer could say that it could be faster but I understand that we are not alone in this world. They have plenty of other customers so I completely understand. I would rate their support a nine out of ten. There is always room for more of a prompt response but I'm talking about hours, not days.

How was the initial setup?

I was new to cybersecurity when I joined my company and they were implementing it at the time so the initial setup was a bit complex for me. When I got introduced to it for the first time and got thousands and thousands of pages of documentation it was a bit complex for me to fully understand how it works and how it functions. At this point, I don't think it's complex. It's pretty much straightforward and it's not complex for an experienced IT or security guy. 

The full implementation took one year, but there was a huge number of connectors that we implemented across three countries including Hungary, Serbia, and Montenegro. There were a huge number of connectors and a huge number of connector servers. I believe that that's why it took a year, it might have been a bit less. 

What other advice do I have?

I would rate it a nine out of ten. I wouldn't give any solution a perfect ten. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More ArcSight Logger reviews from users
...who work at a Government
...who compared it with IBM QRadar
Add a Comment