Creating dashboards and real-time channels for real-time monitoring: This feature gives real-time alerts for the monitoring team to act upon. In certain cases, we can also create real-time email alerts for relevant teams for faster actions and resolutions.
Improvements to My Organization:
This product has helped us and our customer for monitoring the security of different applications as well as different hardware devices. It helps in keeping an eye on each activity logged into our internal environment. This also helped us and our customer to meet the local regulatory requirement.
Room for Improvement:
The correlation and storage have to be improved. The correlation works fine, if we have less amount of rules being written, but it becomes slow if we have more than 200 rules written for any correlation. This created buffer-buckets for all events flowing into the system. There are other ways in which this can be improved.
Use of Solution:
For the last one year, I have been using the current version, i.e., HPE ArcSight ESM, Hardware Appliance L5600,
Software Version 6.8.
Before that, I have used the earlier versions, i.e., v4.5 and v5.0 for nearly three years.
I have not encountered any stability issues with HPE ESM. It was stable all the time.
We didn't encounter any scalability issues. We were able to scale it as and when required.
The technical support needs improvement, as sometimes it takes time to get the actual response on the issue. It takes more than two days to reach a resolution as the support team needs a lot of basic information.
I was not using any other solution previously.
The setup was straightforward but it still needs involvement from the support team as sometimes credentials do not work.
Cost and Licensing Advice:
This is based on the requirement and budget. I would not like to comment on the pricing or licensing.
Other Solutions Considered:
We looked at other solutions such as Splunk and IBM QRadar.
Disclosure: My company has a business relationship with this vendor other than being a customer: We have an alliance with HPE for their security products.