Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.
Improvements to My Organization
ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.
Room for Improvement
ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.
Use of Solution
I've been using it for the last 6 years.
Yes, minor issues were encountered and resolved in a timely manner by HP support.
Yes, Read/Write functions to DB is the main concern and this slows down the events processing.
I don't think there are any issues with Scalability.
Customer Service and Technical Support
Customer Service: GoodTechnical Support: Pretty good and timely.
Slightly complex, but manageable.
With the help of a vendor team. They are really helpful and cooperative.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 24 2014