Pgzybd0n 400x400

HPE ArcSight Review
Allows me to view events in real time. The FlexConnector configuration is complex.


Valuable Features:

The web logger allows me to view and inquire about various events in real time. It is the most useful feature for me for the following reasons:

  • Allows me to look at the traffic in real time
  • Allows me to add filters that remove the traffic that is not interesting
  • Allows me to narrow down my research to only important traffic. 
  • Helps me in my troubleshooting work. I need to know a bit of SQL query syntax, but that is straightforward. 
  • Allows me to create reports, evaluate my findings, and send information to my customers.

Improvements to My Organization:

I was able to provide intelligence reports to my customers. The organization relies on this information in order to sell services.

Room for Improvement:

I would like to see the following:

  • An improvement in the connector/agent configuration.
    The connector configuration is CLI based. If the connectors are pre-defined and built by HPE, then the configuration/installation seems to be OK.
  • Making the FlexConnector configuration less complex.
    You need development skills in order to do your job in creating/configuring agents and connectors. I tried to learn the syntax in order to customize the software (connectors and agents) for a particular device, and it was a nightmare. The cost for this work, via HPE consultancy, is huge.

Use of Solution:

I've been using this product for three and a half years. I am one of the supporters of the product.

Deployment Issues:

Some of the connectors need to be developed in-house. There were also issues with forwarding events. We noticed that some logs were lost between connectors and the central reporting unit.

Technical Support:

I would give technical support a rating of 4 or 5 out of 10.

Previous Solutions:

We also use Splunk to compare features. ArcSight is the favorite solution for my organization.

Initial Setup:

The initial setup is straightforward, but the customization can become a nightmare very easily.

Implementation Team:

We had an in-house implementation. I would recommend a dedicated team for implementation, support, and operation.

Other Advice:

This product requires a dedicate team to operate it from a to z. HPE support needs to be clearly defined and considered.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

0 Comments

Anonymous avatar x30
Guest

Have A Question About HPE ArcSight?

Our experts can help. 213,954 professionals have used our research on 5,586 solutions.
Why do you like it?

Sign Up with Email