ArcSight Review

It has flexible and rich correlation capabilities. It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.


Valuable Features

  • It has flexible and rich correlation capabilities. This is the most mature product in this area.
  • It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.
  • Active Lists - This is the most powerful feature which supports correlation. It also has multi-column active lists, parameters manipulation, and correlation capabilities that provide great flexibility.
  • Full control of correlation flow - There are no black-box closed rules, unlike with McAfee Nitro, and no default aggregation which is hard to analyze, unlike Offenses in QRadar.

Improvements to My Organization

This is the best product to build and supports SOC operations and SOC use cases.

Room for Improvement

The layout of the analyst's console need improvement. It has had no significant changes in at least nine years. Also, the advanced statistics in visualizations simply don't work, and I've performed an analysis of these functions.

Use of Solution

We've been using it for nine years.

Deployment Issues

We have had no issues with the deployment.

Stability Issues

We have had no issues with the stability.

Scalability Issues

We have had no issues scaling it for our needs.

Customer Service and Technical Support

I have not had to use tech support for at least two years now. From what I recall, they were good.

Initial Setup

The initial setup was simple and the implementation was straightforward as the supporting documentation is pretty good. Help for setup, which is available from the analyst console, is really great and complex with diagrams and screens.

Implementation Team

ArcSight makes it easy to achieve ROI because of its great flexibility.

Other Solutions Considered

This is the best SIEM solution on the market comparing to its competitors. I'm also familiar with IBM QRadar, RSA Security Analytics, McAfee Nitro, and Splunk.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email