ArcSight Review

It allows for easy log analysis as well as correlation and alerting.

Valuable Features

  • Logger
  • Command Center

Improvements to My Organization

The ArcSight ESM allows for easy log analysis as well as correlation and alerting. Logger is an indexed database which allows for faster, historical searching. The versatility to use SQL queries is helpful.

Room for Improvement

There are some limitations on the functionality of Rules that I would like to see expanded. I would like to see some better support options in the ArcSight community for HP Protect. Unless someone in your organization is an ArcSight SME, you are going to have a difficult time getting answers.

Use of Solution

I've used it for two years.

Deployment Issues

There were no issues with the deployment.

Stability Issues

We've not had any issues with the stability.

Scalability Issues

We've had no issues scaling it for our needs.

Customer Service and Technical Support

I would give it 3/10. A lot of the support is community based. That strategy can work, but the answers are sometimes incomplete, incorrect, and can take a long time to get.

Previous Solutions

I have used QRadar and Splunk. Both have great functionality that make them easy to use, but ArcSight has a very consistent layout and their logic is easy to figure out.

Initial Setup

I was not involved in the setup.

Pricing, Setup Cost and Licensing

I'm not involved in pricing or licensing.

Other Advice

It's a well rounded product especially with the addition of Logger and Command Center. I felt it was easy to understand and use right from the start. There are some companies that do not take advantage of everything ArcSight can offer. A problem I think ArcSight can fix with better support alternatives.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email