People who want to use the tool must understand the range of products they will connect with ArcSight, their use cases, and what they are looking for. The configuration is done according to our requirements. Otherwise, the solution will be flooded with false alarms, and we will miss the important alerts. Overall, I rate the product an eight out of ten.

I will recommend the tool to others. It is a robust and scalable solution, but it is expensive. If the customers are willing to pay for the security, the robustness, and the scalability, ArcSight is one of the best products. Overall, I rate the product a ten out of ten.

I rate ArcSight Logger eight out of 10.

Integrating ArcSight with security tools in our environment is relatively straightforward for on-premises tools. However, integration is more challenging for cloud-based tools. We often need to develop a custom process, even for some on-premises tools.

The response time on IDQ (Informatica Data Quality) routines has improved significantly from the previous version. However, the SOAR platform is not particularly user-friendly for developing and deploying playbooks, including out-of-the-box playbooks and support for SolarWinds.

I rate it a seven out of ten.

I recommend ArcSight Logger a seven out of ten. The product’s setup could be quite user-friendly. There could be a proper guide to understand the process.

Overall, I rate the product a 6 out of 10. 

I rate this solution an eight out of ten. The solution is good, but the dashboard can be improved.

Arcsight was a technology we used for CM security information event management. We deployed it when I was an Information Security Senior Engineer in a company that provided electricity and water for Casablanca and neighboring cities. Arcsight was a requirement for the ISO27001 standard. It was a requirement because the company was certified. For the first audit, we presented the roadmap that contained the deployment of that kind of solution. After that, we launched an offering to different information system providers. We choose Arcsight as the CM solution.

A requirement of our local regulator, due to the fact that we manipulate sensitive data, was that all data needed to be on-premises which is why we use that deployment model and not a cloud or a hybrid deployment.

ArcSight is a good solution. I'd recommend it. However, I'd advise other companies to acquire a solution that responds to their needs.

I'd rate the solution nine out of ten.

If you are willing to work with ArcSight Logger, you must be aware of the security reasons as an institution. The security advantages should be known to understand the functionalities, and you also have to be familiar with VNX strategies.

I rate the overall solution a three out of ten.

I would rate it a nine out of ten. I wouldn't give any solution a perfect ten. 

I would rate the tool a seven out of ten. 

Start using the available resources by registering your product immediately after deploying the unit and contributing to the ArcSight community.

Also, once you decide to go with ArcSight, make sure you go with the complete solution recommended by HP based on the size of your network because that could potentially cause the ArcSight server to perform extremely slow.

I give the solution an eight out of ten.

Only a few people have access to ArcSight Logger due to the technical know-how required to use it. Not everyone is able to use the virtual as it involves sensitive information, so access is restricted to those with a technical background.

ArcSight is not recommended for small environments. ArcSight is designed for large environments and requires specialized training. Furthermore, the community of users is not as vast as other vendors, such as Cisco, and VMware. There are better options available than ArcSight, which may better suit an organization's environment.

I would rate this solution a five out of ten.

We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments.

This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform.

I would rate this solution a six out of ten.

We are using the on-premises deployment model.

There are people who say "Oh, ArcSight is losing its position and it's complex or it's not a good solution." I do not agree. I know that the biggest companies in the world are still working with ArcSight. It's the most comprehensive solution. It contains many features that are useful for enterprise-level organizations. 

If a company has a team that wants to go deeper and get the most features out of developing a real SOC, they should look for a very robust, scalable,  multi-tenant solution. The solution should also be able to manage data analytics and to offer User Behavior Analytics. Arcsight offers this. 

This particular solution is perfect for big companies. Smaller companies should look for integrated solutions that do not necessarily scale.

I would rate the solution nine out of ten.

I would recommend ArcSight Logger and rate it at seven on a scale from one to ten.

ArcSight has a Google-like query syntax with boolean-style operands. That said, there is also a GUI to craft queries. I'd recommend learning the GUI as this is the same GUI used in HP's ESM product, the engine that can correlate disparate log events and turn incident response from reactive to proactive alerting. Getting a head start on learning that syntax would help ease into the highly-recommended ESM or ESM Express products.

It works fast and you can collect just about everything. The only drawback is that without ESM, you are limited. The most important thing is the scalability of the product and its ease of use. Companies like us need some specific connectors, and smart connectors give us a very scalable solution. Also, even though we have billions of events, it is really fast in finding the logs we need. That makes this solution amazing.

I would recommend it to others because the performance of the solution is overall great. One of the significant features are its high search capacity and if you know the query language you will be more comfortable.

I rate ArcSight Logger a nine out of ten.

Overall, it is a good system for what we use it for, but some licensing parts are really annoying.

As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.

I would rate this solution as ten out of ten.

Whenever I talk about the product I tell the user to start easy, not to take the whole package and to try to use it quickly. Start with the basics, then you can ramp up fluidly. Sometimes the client or customer wants to take it urgently so at that moment it will be more difficult to use. I prefer to take the product step by step.

I am the technical support person for all of our on-site components.

My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard.

I would rate this solution an eight out of ten.

I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.

On a scale of one to ten, I would rate it an eight.

This is a solution that is straightforward and easy to use. It is user-friendly and not complex.

I would rate this solution an eight out of ten.

I would rate it an eight out of ten. 

Plan, implement, explore and protect.

I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave in fixing it.