ArcSight Review

The response is good for Read/Write functions but I've encountered other minor issues. Better than it's competitors.


Valuable Features

Correlation Rules, Dashboards, Active Channels, Active Lists and many more. All these features make this product better than it's competitors.

Improvements to My Organization

ArcSight functions to integrate all network & security logs. It's very easy to use and thus real time monitoring has become easy by implementing active channel with all correlated alerts. SOC can monitor these correlated alerts and take action on them.

Room for Improvement

ArcSight uses Oracle DB, which is a bit slow for read/write functions and the main downside to this product. Recently, HP came up with a custom DB for ArcSight 6.0 which they are calling CORR engine. With these Read/Write functions, response is good but unfortunately I've encountered many other minor issues which have room for improvement.

Use of Solution

I've been using it for the last 6 years.

Deployment Issues

Yes, minor issues were encountered and resolved in a timely manner by HP support.

Stability Issues

Yes, Read/Write functions to DB is the main concern and this slows down the events processing.

Scalability Issues

I don't think there are any issues with Scalability.

Customer Service and Technical Support

Customer Service: GoodTechnical Support: Pretty good and timely.

Initial Setup

Slightly complex, but manageable.

Implementation Team

With the help of a vendor team. They are really helpful and cooperative.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
Add a Comment
Guest
Sign Up with Email