Micro focus logo

Micro Focus ArcSight Review
Allows integration and log collection with different devices.


Valuable Features:

The valuable features are:

  • Integration and log collection with different devices.
  • Collecting logs from many different sources. If you have your own app, you can do logging for it. In addition, you can customize log parsing.
  • Correlations of logs from different device types.
  • Built-in content such as reports, dashboard, compliance, and standard packages.
  • Option to correlate logs with business data.
  • Option to adjust the product to different roles: operations, decision makers, and administrators.
  • You can adjust the web console interface to match the specific role.
  • Integration with other products, such as databases and IPSs.
  • Additional features are available with simple extensions. The solution enables you to monitor logs and to analyze data, but you can also use additional add-ins such as reputation services that can integrate ArcSight ESM with tipping point IPS.
  • Correlations of logs from different device types.
  • Ready-made content that can be used immediately.
  • Customized business tables can be correlated. For example, the employee sick leave register can be correlated with Windows login logs.

Room for Improvement:

I would like to see the following improvements:

  • Less time to administer and track logs on separate devices.
  • Ease of changing the product underneath. For example, instead of Juniper routers, we started to use Check Point routers.
  • Reporting: I would like an easier way to find the root cause.
  • Simplicity: I would like to see an easier way to figure out which column has the mapped data.
  • Component accessibility: Components are managed in different places; console, web console, and administration web. It would be nice to have easier access.
  • Better UX: I would like to see a better user experience with the web client. Sometimes, it is very slow and not very intuitive.
  • Better documentation or "how-to" videos: Usually documentation for devices, whose logs are going to be collected, is poor. Those guides are split in two parts: 1. To-do content for device administrator. 2. To-do content on the ArcSight side. When a customer uses these guides, it is not clear what he has to do. Sometimes the customer asks specific questions that the ArcSight implementer cannot answer. Some of these questions are about specific roles, privileges needed for a domain, or database use when the specific source is added.
  • Simplified licensing and license extension for console users: Console users are licensed separately. Those licenses are expensive. The web console is introduced with limited features.

Stability Issues:

There were some stability issues in the partner versions. The client versions were stable.

Scalability Issues:

There were no scalability issues.

Technical Support:

The technical support was not very good. They are slow and not very efficient. I rely on personal contacts to solve my issues.

Initial Setup:

The installation was straightforward. It has some built-in connectors that are easy to set up.

Cost and Licensing Advice:

The product is not cheap. If you set it up and use it well, it is a worthwhile purchase.

Other Solutions Considered:

We evaluated Splunk and McAfee Log Manager.

Other Advice:

Prior to implementation, do an internal assessment and analyze business, technical, and other requirements. Know your inventory and ask for a project methodology approach. Ask your partner for a referral visit to other customer sites.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a partner.

0 Comments

Anonymous avatar x30
Guest

Have A Question About Micro Focus ArcSight?

Our experts can help. 227,901 professionals have used our research on 5,829 solutions.
Why do you like it?

Sign Up with Email