It has flexible and rich correlation capabilities. It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.
- It has flexible and rich correlation capabilities. This is the most mature product in this area.
- It has the capability to manipulate every parameter - sub-strings, indexes, and custom functions.
- Active Lists - This is the most powerful feature which supports correlation. It also has multi-column active lists, parameters manipulation, and correlation capabilities that provide great flexibility.
- Full control of correlation flow - There are no black-box closed rules, unlike with McAfee Nitro, and no default aggregation which is hard to analyze, unlike Offenses in QRadar.
Improvements to My Organization
This is the best product to build and supports SOC operations and SOC use cases.
Room for Improvement
The layout of the analyst's console need improvement. It has had no significant changes in at least nine years. Also, the advanced statistics in visualizations simply don't work, and I've performed an analysis of these functions.
Use of Solution
We've been using it for nine years.
We have had no issues with the deployment.
We have had no issues with the stability.
We have had no issues scaling it for our needs.
Customer Service and Technical Support
I have not had to use tech support for at least two years now. From what I recall, they were good.
The initial setup was simple and the implementation was straightforward as the supporting documentation is pretty good. Help for setup, which is available from the analyst console, is really great and complex with diagrams and screens.
ArcSight makes it easy to achieve ROI because of its great flexibility.
Other Solutions Considered
This is the best SIEM solution on the market comparing to its competitors. I'm also familiar with IBM QRadar, RSA Security Analytics, McAfee Nitro, and Splunk.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Apr 24 2016