ArcSight Valuable Features

Product Specialist Security Solutions at a tech services company with 201-500 employees
One of the most valuable features is the Active List/Session List capability. Multiple use cases were only possible to be created due to this feature list. The feature list allows us to input data dynamically to list it as a rule action. For example: If you need to take a Source IP from an IPS event and put it in an ActiveList suspicious IP, you can create another rule for AntiVirus events where it only matches IPs within that list. View full review »
Dynamics Nav Expert at a tech services company with 51-200 employees
The valuable features are: * Integration and log collection with different devices. * Collecting logs from many different sources. If you have your own app, you can do logging for it. In addition, you can customize log parsing. * Correlations of logs from different device types. * Built-in content such as reports, dashboard, compliance, and standard packages. * Option to correlate logs with business data. * Option to adjust the product to different roles: operations, decision makers, and administrators. * You can adjust the web console interface to match the specific role. * Integration with other products, such as databases and IPSs. * Additional features are available with simple extensions. The solution enables you to monitor logs and to analyze data, but you can also use additional add-ins such as reputation services that can integrate ArcSight ESM with tipping point IPS. * Correlations of logs from different device types. * Ready-made content that can be used immediately. * Customized business tables can be correlated. For example, the employee sick leave register can be correlated with Windows login logs. View full review »
Manager at a financial services firm with 1,001-5,000 employees
* Event correlation across multiple device categories: It allows us to have a full picture of what is happening in the environment. * Flexible event collection: Besides hundreds of standard devices, you can send custom CEF Syslog prepared with your own scripts. * Customization of alerts: Velocity macros allows you to send very clear and user-friendly alerts. View full review »
Karlo Luiten Crisc Cissp
Security Consultant at a tech services company with 5,001-10,000 employees
* Large scale installations work well. * The new user interface is nice. * The real-time analysis adds value. * The default packages on the new HPE Marketplace are useful and give nice default dashboards and reports for most of the well-known products. View full review »
david hourani
Lead Splunk Architect at a financial services firm with 10,001+ employees
Correlation and data normalization via CEF: The speed of ArcSight's correlation engine, together with data enrichment, makes it a great tool for exploring vast amounts of data. Other SIEM tools have a hard time giving the same results at the same speed. Also, thanks to CEF log formatting, combining events from different sources takes minimal effort. Whereas, setting up that normalisation on other SIEM competitors could take countless hours. View full review »
Jordan French
Business Development Manager- Threat Management Services at a tech services company with 5,001-10,000 employees
* Smart Connectors and Flex Wizard * Multi-tenant access * Customization for dashboards and reporting * Improvements made to the ADP platform View full review »
Shane Lawrence
Network Security Administrator at a government with 1,001-5,000 employees
The ESM's interface is really comprehensive. While the ArcSight console is really heavy, and I tend to dislike Java-based Windows GUIs, it's feature-rich and provides a seamless way to move between analyzing events and creating content. View full review »
Alexander Kuzmin
Security Expert at a tech services company with 501-1,000 employees
* High flexibility: There are many custom sources of information that we wouldn't be able to integrate with another SIEM solution, thus compromising our security. * High performance: The amount of data fed to the solution is huge (100s of millions of events per day). * Capacity for multi-tier hierarchical deployment: We are able to integrate and standardize security incident detection and response over many locations. View full review »
Ssaurabh Kesari
Ex Senior Security Analyst and Onsite consultant at a tech services company with 1,001-5,000 employees
Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log. View full review »
Hatem Metwally
Senior Security Consultant, CISSP, HPE ArcSight Specialist at a retailer with 5,001-10,000 employees
* SmartConnector: Normalization parses raw logs and converts them into CEF (common event format). This is the core of the product. * Filtration, Aggregation: Both features provide a good way to save EPS (events per second). * Logger: Long log retention, fast search, and reporting. * ESM/Express: Correlation via standard rules and data monitors, active list, session list, active channels, reports, trends, queries, dashboards (query viewers and data monitors), and lightweight rules. View full review »
System Support Engineer at a tech services company with 501-1,000 employees
It’s a highly customizable solution. Rules can be customized to a great extent. Session lists, active lists, and global and local variables are pretty unique to the solution. View full review »
Sorin Brici
Security Manager at a tech services company with 10,001+ employees
The web logger allows me to view and inquire about various events in real time. It is the most useful feature for me for the following reasons: * Allows me to look at the traffic in real time * Allows me to add filters that remove the traffic that is not interesting * Allows me to narrow down my research to only important traffic. * Helps me in my troubleshooting work. I need to know a bit of SQL query syntax, but that is straightforward. * Allows me to create reports, evaluate my findings, and send information to my customers. View full review »
Associate Manager at a tech services company with 10,001+ employees
Creating dashboards and real-time channels for real-time monitoring: This feature gives real-time alerts for the monitoring team to act upon. In certain cases, we can also create real-time email alerts for relevant teams for faster actions and resolutions. View full review »
Security Expert at a tech services company
Correlation capabilities: This product provides an advanced level of correlations, which is highly valued. View full review »
Karthik Velli
Delivery Consultant - Security Solutions with 1,001-5,000 employees
Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail. View full review »
Ly Binh Lap
Network Security Engineer, Security Monitoring Center at a tech services company
The ArcSight solution supports your security team with many SIEM features: * Monitoring * Analysis * Alerts * Incident response In my opinion, ArcSight is an open solution. It is easy to: * Customize components * Use FlexConnector to collect logs from your own application * Edit rules and the dashboard * Create work flows * Enrich information for events View full review »
Sales Engineer at a tech services company with 1,001-5,000 employees
It is easy to use when we created some dashboards for analytics. ArcSight allows you to create a dashboard and provides an on-the-fly filter. View full review »
Teguh Budyantara
IT Manager with 11-50 employees
ArcSight ESM: The module has user-defined rules capabilities. This feature lets us define almost any threat. View full review »

Sign Up with Email