ArcSight Review

Allows me to view events in real time. The FlexConnector configuration is complex.

What is most valuable?

The web logger allows me to view and inquire about various events in real time. It is the most useful feature for me for the following reasons:

  • Allows me to look at the traffic in real time
  • Allows me to add filters that remove the traffic that is not interesting
  • Allows me to narrow down my research to only important traffic.
  • Helps me in my troubleshooting work. I need to know a bit of SQL query syntax, but that is straightforward.
  • Allows me to create reports, evaluate my findings, and send information to my customers.

How has it helped my organization?

I was able to provide intelligence reports to my customers. The organization relies on this information in order to sell services.

What needs improvement?

I would like to see the following:

  • An improvement in the connector/agent configuration.
    The connector configuration is CLI based. If the connectors are pre-defined and built by HPE, then the configuration/installation seems to be OK.
  • Making the FlexConnector configuration less complex.
    You need development skills in order to do your job in creating/configuring agents and connectors. I tried to learn the syntax in order to customize the software (connectors and agents) for a particular device, and it was a nightmare. The cost for this work, via HPE consultancy, is huge.

For how long have I used the solution?

I've been using this product for three and a half years. I am one of the supporters of the product.

What was my experience with deployment of the solution?

Some of the connectors need to be developed in-house. There were also issues with forwarding events. We noticed that some logs were lost between connectors and the central reporting unit.

How is customer service and technical support?

I would give technical support a rating of 4 or 5 out of 10.

Which solutions did we use previously?

We also use Splunk to compare features. ArcSight is the favorite solution for my organization.

How was the initial setup?

The initial setup is straightforward, but the customization can become a nightmare very easily.

What about the implementation team?

We had an in-house implementation. I would recommend a dedicated team for implementation, support, and operation.

What other advice do I have?

This product requires a dedicate team to operate it from a to z. HPE support needs to be clearly defined and considered.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email