What is most valuable?
Creating dashboards and real-time channels for real-time monitoring: This feature gives real-time alerts for the monitoring team to act upon. In certain cases, we can also create real-time email alerts for relevant teams for faster actions and resolutions.
How has it helped my organization?
This product has helped us and our customer for monitoring the security of different applications as well as different hardware devices. It helps in keeping an eye on each activity logged into our internal environment. This also helped us and our customer to meet the local regulatory requirement.
What needs improvement?
The correlation and storage have to be improved. The correlation works fine, if we have less amount of rules being written, but it becomes slow if we have more than 200 rules written for any correlation. This created buffer-buckets for all events flowing into the system. There are other ways in which this can be improved.
For how long have I used the solution?
For the last one year, I have been using the current version, i.e., HPE ArcSight ESM, Hardware Appliance L5600, Software Version 6.8.
Before that, I have used the earlier versions, i.e., v4.5 and v5.0 for nearly three years.
What do I think about the stability of the solution?
I have not encountered any stability issues with HPE ESM. It was stable all the time.
What do I think about the scalability of the solution?
We didn't encounter any scalability issues. We were able to scale it as and when required.
How is customer service and technical support?
The technical support needs improvement, as sometimes it takes time to get the actual response on the issue. It takes more than two days to reach a resolution as the support team needs a lot of basic information.
Which solutions did we use previously?
I was not using any other solution previously.
How was the initial setup?
The setup was straightforward but it still needs involvement from the support team as sometimes credentials do not work.
What's my experience with pricing, setup cost, and licensing?
This is based on the requirement and budget. I would not like to comment on the pricing or licensing.
Which other solutions did I evaluate?
We looked at other solutions such as Splunk and IBM QRadar.
Disclosure: My company has a business relationship with this vendor other than being a customer: We have an alliance with HPE for their security products.
Jan 29 2017