The solution provides information about the risk factors. It also provides information on our security exposure.

It is a proven technology. It is one of the best products available in the market. Loggers generally pull the logs and send them to the main orchestration device. Loggers connect to the SIEM tools, and the solutions speak to each other. It is pretty good.

If we want to increase the capacity of the SIEM tool, the events per second can be increased. Loggers are the only way to fetch the logs. It depends on the customers’ requirements. ArcSight Logger sends the logs. The SIEM system is the main component.

Less false positives will lead to a better solution. If there are more false positives, the solutions provided by the SIEM tool will be diluted. The data retention capabilities depend upon the size of the hard disk. The bigger the hard disk, the more the data can be stored. The integration with other security solutions is good. It's a proven solution in the market.

We check a lot of logs in ArcSight Logger because we're running a massive database platform.

ArcSight Logger’s most valuable feature is visibility. It provides in-depth information on business activities once we log into the system.

The machine learning is a good feature. 

The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable.

The solution offers very good performance and is efficient.

The provider offered excellent training to help us successfully launch the project.

The interface is user-friendly.

The solution passed compliance thresholds and standard requirements which we hoped to satisfy at the time of launch. At our first audit, we presented the roadmap to our auditor and on the second audit, we presented plans to help us re-conduct our certification. They were able to verify the parameters and reporting. It was very successful.

The provisioning engine is a valuable feature of the solution.

The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution.

I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events. 

The functionalities of this particular server is absolutely phenomenal. The server has the ability to provide in-depth, real-time awareness of all actives on the network.

The platform also gives the administrators the ability to turn off some of the options displayed in case they don't need to see those specific sections.

The ability to query anything at any time using any specific field required, and the ability to automate the logger storage capabilities are great features.

ArcSight's robustness is its most valuable feature. The solution is specifically designed to manage and aggregate large amounts of log data, making it an ideal solution for Syslog servers with a large environment of network devices and servers (both VM and physical appliances).

ArcSight provides the basic information that we want.

It's a robust, mature product and you can do some complex operations and analytics.

For correlation and structuring data, it's very good.

It's a secure platform.

The ability to customize the solution in great detail is its most valuable feature. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive. 

As the name suggests, it's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data.

The search operations are very fast, and you can get reports very easily for a huge number of events. You can export the search operations.

It's very easy when you want to further forward the logs as well. For example, from the end device if I'm receiving logs in an outside logger and I want to forward those to some other product, which will do something for me, I can easily do it. That's one thing that I like about it.

It has excellent query syntax and response. Complex queries of large volumes of data generally take seconds if not minutes.

• Scalability of the smart connectors
• Ease of storing billions of events without special storage needs
• Great compression rates

Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query. Additionally, it is user friendly and the automatic graph creation feature is beneficial. 

• Log collecting
• Big Data analytics
• Security analytics

Several features are valuable to us, including --

• Log management in general
• Security options
• Integration with ArcSight SIEM as it uses the same connectors
• Simple GUI
• Powerful searching and reporting tools

In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating.

Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.

The most valuable feature is the search capability, which is simple to use. We can easily search for certain events.

Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.

The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console.

The searching is very good, where you can search for the larger part of the event.

• Real-time correlation
• Long-term log storage

The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.