ArcSight Logger Review

A robust solution than can handle complex operations and analytics, but the reporting capabilities are limited

What is our primary use case?

ArcSight logger was used for storing your logs, long-term, in a structured way. You can search in it, you can structure your data in it, and you can generate simple reports. 

What is most valuable?

It's a robust, mature product and you can do some complex operations and analytics.

For correlation and structuring data, it's very good.

It's a secure platform.

What needs improvement?

ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use.

You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk.

You can do reporting but it's not up to date in terms of interactive reports that are presented well.

I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms.

If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now.

In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited.

With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company.

They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.

For how long have I used the solution?

I am an expert with ArcSight, in all of their products. I have been working with them for 15 years.

What do I think about the stability of the solution?

It's a stable product.

How are customer service and technical support?

I don't call support as I have 15 years of experience. I have more experience than support, but it used to be good.

What other advice do I have?

We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments.

This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform.

I would rate this solution a six out of ten.

**Disclosure: My company has a business relationship with this vendor other than being a customer: partner
More ArcSight Logger reviews from users
...who work at a Government
...who compared it with IBM QRadar
Add a Comment