ArcSight ESM supports our team or department in meeting compliance requirements. It provides some industry-related use cases by default, which directly map to controls like those related to MITRE framework.

There are 800 to 1000 rules related to MITRE that help us to deploy ArcSight, as well as specific rules related to compliance frameworks like PCI.

These are considered "extenders" that extend compliance and other standards. They combine individual rules into packages that can be deployed in ArcSight. So, in one place, we can monitor logs according to industry standards within our ESM.

However, we still need to find the right approach for specific packages based on the types of devices and logs we receive. We need to enable or disable rules based on our actual customer traffic compared to the existing user rules.

That's why we first need to check our organization's traffic and compare it to our current user rules. If the rules are applicable, then we enable or disable them.

There's also a dashboard that provides a better understanding of the rules. You can see how many rules are created within 24 hours and which ones trigger most frequently. This information is helpful in managing the rules effectively.

We primarily as a Security Information and Event Management (SIEM) solution.

I am a solution architect. I use it on project basis. 

I supervise a team at our company that uses this solution. Our organization uses the solution with our customers. We run a SOC for our clients that are on ArcSight. We provide monitoring, SIM administration, and incident management to our customers.

We have many use cases including multiple route logins, multiple administrator login failures, multiple failures, and successful logins.

Our use cases are for both a government-based entity and an international oil and gas entity, and so our use cases flow for security across both domains. Very similar threat cases are created, but they're targeted specifically for the client's operating environment, including standard access control, endpoint control, and things like that. The use cases themselves vary from active directory exploits to endpoint exploits. We use it for real-time alerting, so we run an alert-centric model that we partnered with a log service and we do a discovery centric model on the back end, so we have a hybrid.

We use this solution as a SIEM monitoring tool in our enterprise and for customers who have been using it, like shared operations. It's mostly used for cyber security by cyber security professionals for incident management and analysis.

The solution can be deployed on-prem and on the cloud. It depends on the requirements. We mainly use AWS, but Azure is also used.

We have analysts and architects using this solution. There are more than 20 people who are specialists and are using it. The team can be as large as more than 100 people. It all depends upon infrastructure and the clients that the particular infrastructure is supporting.

It is our SIEM of choice in our managed SIEM services offering. Its multi-tenant capability, virtually universal connector framework, and licensing model made it the clear choice to deliver a value-add as an MSSP.

ArcSight Enterprise Security Manager (ESM) is used in the customer side, specifically where there is an investment because the solution, when implemented, helps with integration. ArcSight Enterprise Security Manager (ESM) is able to ingest logs and integrate with all the third-party products, so its utility becomes higher. Integration is very important because if the solution isn't able to integrate with others, then data doesn't come under SIEM and becomes incomplete.

We use ESM for compliance, log retention, and general security operations. We don't use all the features. We have been late in terms of taking advantage of the cloud option. 

We have outsourced our SOX management to an IT company because I cannot maintain and manage that in the bank. We had selected them because they were using ArcSight. They are a very professional security company. They came up with this suggestion of switching from ArcSight to LogRhythm. We are currently using ArcSight, but we would be switching to LogRhythm.

They are using the latest version of ArcSight ESM. It is all on-prem. Our production setup cannot be on a public cloud. In India, cloud deployment is not allowed for financial services. It has to be either a co-location or in-house.

I primarily use ArcSight ESM for security and network monitoring. We are dealing with Active Directory, so we use ArcSight ESM to track the actions administrators take on accounts, like disabling and enabling accounts or accounts going expired and why.

We use it for our internal and vendor daily base of log analysis and threat analysis.

ArcSight monitors any down time with patch management. Whenever any project is on-boarded such as in our security core or asset and wealth management technology, the hardware goes through ArcSight. That is basically our use case whether we're doing the patch management, or the upgrades on that tool, or managing the centralized desktop. ArcSight monitors the failures in the cloud. We have the tech classifications in the CMDB which is integrated with ArcSight and ArcSight pulls out everything on the CMDB and I'm able to see it all - the CMDB database and the CVS scores which are also integrated in ArcSight. I can know that for a particular monitoring track or detected incident, this is the particular CVS score. I'm a VP and enterprise architect, and we're customers of ArcSight. 

We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens.

We have many use cases. Our Windows devices, antivirus, and firewall are integrated with ArcSight. I have used ArcSight ESM versions 6.1.1, 6.9, 7.0, and 7.2.

We have two connectors. One is a smart connector, and one is a select connector. It's a simple ESM tool. 

ArcSight ESM is used as a security information and event management (SIEM) solution. It has been used in banks.

We use the product for everything. It serves as our company's management platform, handling our tech needs, block systems, alerts, custom rules, triggered events, analytics, investigations, incident closures, case creations, whitelists, and various other tasks.

The tool is good for correlation and aggregation. We use it as a collection platform. 

I'm an administrator, and I implement ArcSight Enterprise Security Manager (ESM). I use ArcSight SIEM and have all the security information, events, logins, and security logs. We compile all the information so we can file and stop it from happening or provide an alert. 

I use ArcSight Enterprise Security Manager to make some letters, queries, administration of the smart collectors, and logger for deporting.

We are using ArcSight ESM in our company for security information and event management.

Our primary use case is to prioritize internationally used references.

We use Micro Focus ArcSight SIEM version 6.3, 6.4, and 6.5 in multiple sites and customer ranges. The SIEM log monitoring tool is very efficient at providing us the details for any file system changes, logins, OSPF, and BGP as well as other router and server changes.

Our primary use case if for analyzing cybersecurity. 

We use ArcSight Enterprise Security Manager (ESM) as an SIEM system.

We use this solution in our customers company and we deploy the solution on cloud and on-premises.

We use ArcSight primarily to provide logs for the incident response team and cyber security analysts to evaluate everything happening in the network. 

We have a customer who is using this solution for information security monitoring.

We primarily provide this solution to clients.

We have a large footprint of 25 plus subsidiaries reporting into a consolidated security reporting and action team using ArcSight ESM.

We use it to monitor several web traffic sources and to look for compromised indicators within that traffic. The traffic comes from several applications that we've exposed on the internet.

We primarily use the solution for its technology including its independent logs, and those types of things. The technology we leverage is for third parties.

Our primary use case is SIEM. It is a data lake for logs from all of our servers and devices (routers, switches, firewalls, wireless controllers, etc.).

We are resellers. We deal with many vendors to provide and implement solutions for our clients. We primarily use this product for logging data.

We use this solution for clients that want database consulting. They have a lot of general user's data in that demise so they want to have a robust SIEM solution that they trust. They have real-time alerts and monitoring for their data server.

We deal mainly with enterprise companies - I'm the senior manager and we are partners with ArcSight. 

We use ArcSight Enterprise Security Manager for any type of cyber security attack.

It is in the cloud and on the customer's infrastructure. I am only deploying one agent and the agent is deploying all the information from the customers and then sending it to the cloud.

I am an integrator, but we sell our services. I'm not selling the software directly to customers. I'm selling my service with this product.

We are using ArcSight Enterprise Security Manager (ESM) for data analytics. We monitor the reports on security event information.

We primarily use the solution for consolidating the logs from all the applications and databases and different centers.

Flexibility, high ingestion rate, and complexity of use cases.

It's the security analyst for incident response, forensic investigations, and security monitoring.

We help our customers to implement the solution to detect known threats by state of the art variety of use cased offerings.

Our primary use case is for security purposes. We are customers of ArcSight and I'm an information security analyst.