ArcSight Review

FlexConnector collects logs from your own application.

What is most valuable?

The ArcSight solution supports your security team with many SIEM features:

  • Monitoring
  • Analysis
  • Alerts
  • Incident response

In my opinion, ArcSight is an open solution. It is easy to:

  • Customize components
  • Use FlexConnector to collect logs from your own application
  • Edit rules and the dashboard
  • Create work flows
  • Enrich information for events

How has it helped my organization?

I work at an ArcSight distributor in Vietnam. I have deployed the ArcSight solution for many customers. Some organizations are using it for SOC’s core and others for monitoring their information systems, critical assets, and regulatory and policy compliance.

For how long have I used the solution?

I have over two years of experience.

What do I think about the stability of the solution?

It can be overloaded when rules and data monitoring are not optimized and the system receives too many events.

What do I think about the scalability of the solution?

ArcSight can be extended to meet the biggest customers (large enterprise) needs.

How is customer service and technical support?

ArcSight technical support is enthusiastic. They have a lot of experience and many case studies.

How was the initial setup?

ArcSight configuration and deployment is complex, because it has many components.

Which other solutions did I evaluate?

I researched Splunk, QRadar and AlienVault, and I appreciate Splunk and ArcSight.

What other advice do I have?

ArcSight provides many documents and guides for configuration and operation. Also, you can refer to its community at

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a partner of HPE ArcSight.
Add a Comment
Sign Up with Email