ArcSight Logger Archived Reviews (More than two years old)

Filter by:
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Vendor
Network Specialist with 1,001-5,000 employees
Apr 24 2016

What is most valuable?

The functionalities of this particular server is absolutely phenomenal. The server has the ability to provide in-depth, real-time awareness of all actives on the network. The platform also gives the administrators the ability to turn off… more »

How has it helped my organization?

Before the logger was installed on our network, we were very limited as to what type of information we could get back from our previous logger because the old one didn't have as many functionalities. With ArcSight Logger, our ability to… more »

What needs improvement?

The only thing I did not particularly like about the product was its speed on the web interface. It took very long for it to populate and perform the queries.

Which solution did I use previously and why did I switch?

We were using a different product for our monitoring and logging services. The reason why we chose to switch over was the in-depth analysis capabilities provided by HP ArcSight which were not previously available to us.

What other advice do I have?

Start using the available resources by registering your product immediately after deploying the unit and contributing to the ArcSight community. Also, once you decide to go with ArcSight, make sure you go with the complete solution… more »
Vendor
IT Security, Associate Consultant - On-location at a tech company with 501-1,000 employees
Apr 24 2016

What is most valuable?

Several features are valuable to us, including -- * Log management in general * Security options * Integration with ArcSight SIEM as it uses the same connectors * Simple GUI * Powerful searching and reporting tools

How has it helped my organization?

Although I unfortunately can't comment on specific usage within my company, we have seen improvements from the use of ArcSight Logger and the many features that are valuable to us.

What needs improvement?

SmartConnector vendor support will always be a battle, but most major vendors and products seem to be supported. Clicking on a log source on the main page should not pull all stored logs as this is too slow and way excessive. It should default to a recent and smaller sample.

Which other solutions did I evaluate?

Splunk is definitely a direct competitor and equally powerful. Logger seems to have a better interface in my opinion. Also, if your company is already using ArcSight, it makes sense to go with Logger as it utilizes the same SmartConnectors for log parsing/forwarding. I think where Logger shines is… more »
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
438,944 professionals have used our research since 2012.
Vendor
IT Security Operations Manager at a recruiting/HR firm with 1,001-5,000 employees
Apr 24 2016

What do you think of ArcSight Logger?

What is most valuable?

Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.

What needs improvement?

We have issues with connecting standard HP network devices as they appear to not be supported by HP ArcSight. One company/product is not aligned and apparently it is expected that all the network data is in CEF format, which is impossible for the HP network sources to deliver. Instead, HP ArcSight should be able to handle any file format.

For how long have I used the solution?

We are still currently implementing it.

What was my experience with deployment of the solution?

There were no issues deploying it.

What do I think about the stability of the solution?

We have had no stability issues.

What do I think about the

Consultant
Security Solutions Delivery Engineer at a tech services company with 1,001-5,000 employees
Apr 24 2016

What is most valuable?

* Real-time correlation * Long-term log storage

How has it helped my organization?

It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.

What needs improvement?

I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.

Which solution did I use previously and why did I switch?

It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.

What other advice do I have?

Plan, implement, explore and protect.
Consultant
SIEM Administrator at a tech services company with 1,001-5,000 employees
Apr 18 2016

What is most valuable?

The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.

How has it helped my organization?

For example, it has helped us and the organization with a maturity level in the SIEM market to reach greater heights and compete with other organizations. We have an edge in the market with this… more »

What needs improvement?

ArcSight Logger needs to improve in the area of threat analytics as security is vitally important to us. It also needs to provide some "upper-hand" features on some functionalities, as they're… more »

What's my experience with pricing, setup cost, and licensing?

For licensing, I would say ArcSight beats all the vendors in the market in complexity.

Which solution did I use previously and why did I switch?

Our first SIEM product is this. We chose it because it's a major player in the SIEM technology market and it's mature, even as it's in the earlier stages.

What other advice do I have?

I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave… more »
Vendor
Senior Security and Compliance Engineer at a retailer with 501-1,000 employees
Mar 31 2016

What is most valuable?

It has excellent query syntax and response. Complex queries of large volumes of data generally take seconds if not minutes.

How has it helped my organization?

ArcSight has improved incident response from days to minutes. It also offered ancillary non-security troubleshooting features, which were surprise benefits to teams such… more »

What needs improvement?

I'd like to see more pre-built smart connector supported applications, although the list today is voluminous.

What's my experience with pricing, setup cost, and licensing?

Security makes it difficult to quantify ROI, but I can say that we were able to complete incident response in minutes where the same had taken hours or days.

Which solution did I use previously and why did I switch?

I previously used a significant RSA Envision installation that had extremely poor performance with complex queries. It was routine to wait an hour or more for a more… more »

What other advice do I have?

ArcSight has a Google-like query syntax with boolean-style operands. That said, there is also a GUI to craft queries. I'd recommend learning the GUI as this is the same… more »

Which other solutions did I evaluate?

In terms of pricing, size appropriately, and realistically up front. That said, the product architecture is scalable as needs grow.
Vendor
QA Consultant / Security Testing Professional at a tech company with 501-1,000 employees
Mar 31 2016

What is most valuable?

* Log collecting * Big Data analytics * Security analytics

How has it helped my organization?

This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting… more »

What needs improvement?

With the connectors, there were some legacy devices that had some problems since support was dropped for those.

What's my experience with pricing, setup cost, and licensing?

We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of… more »

Which solution did I use previously and why did I switch?

We used an older version that was going to be replaced.

What other advice do I have?

Overall, it is a good system for what we use it for, but some licensing parts are really annoying. As always, a pre-calculation and pre-planning will help a lot, and… more »

Which other solutions did I evaluate?

We did an evaluation of major vendors and HP was fastest for us to get in and use.
Vendor
Security Architecture Senior Specialist at a comms service provider with 1,001-5,000 employees
Mar 21 2016

What is most valuable?

* Scalability of the smart connectors * Ease of storing billions of events without special storage needs * Great compression rates

How has it helped my organization?

First of all, the collection of a mass of events is a challenge for enterprise companies. You need a great deal of storage and how you collect them is an issue. The smart connectors and great compression rates of ArcSight helped us a lot… more »

What needs improvement?

I would say that the consolidation should be done only by using ArcSight. We need to use the ESM module to create complex rules and reports as we can only do limited reports with ArcSight.

Which solution did I use previously and why did I switch?

This was the first solution we've used, and I believe it will be the last solution we need.

What other advice do I have?

It works fast and you can collect just about everything. The only drawback is that without ESM, you are limited. The most important thing is the scalability of the product and its ease of use. Companies like us need some specific… more »

What is ArcSight Logger?

HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.
Also known as
Micro Focus Arcsight Logger, HPE Arcsight Logger
ArcSight Logger customers
China Merchants Bank, Bank AlJazira, Banca Intesa
BUYER'S GUIDE
Download our free ArcSight Logger Report and get advice and tips from experienced pros sharing their opinions.