2018-08-28T11:47:00Z

What needs improvement with ArcSight Analytics?


Please share with the community what you think needs improvement with ArcSight Analytics.

What are its weaknesses? What would you like to see changed in a future version?

Guest
1010 Answers

author avatar
Real User

ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness. The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.

2020-03-09T08:07:00Z
author avatar
Top 5LeaderboardReal User

ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced. ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources. The API needs to be improved.

2020-02-09T08:17:07Z
author avatar
Real User

The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed. The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.

2019-09-22T06:41:00Z
author avatar
Top 10Real User

The GUI and dashboards are very basic and need to be improved. The product does not have continuous updates. I would like to see easy integration with the Intelligence Suite. I would like to see integration with automation products, such as Phantom Automation.

2019-08-12T05:55:00Z
author avatar
Top 20Real User

The interactive dashboard is more complicated comparing to his concurrent Qradar and you need to have training in order to do complexe configuration, so I think that it could be made easier to use. It's very powerful, stable, but not very user-friendly. I would like to see the documentation improved because it is not enough accessible, flexible or pertinent. It is not very rich.

2019-08-11T06:26:00Z
author avatar
Top 20Real User

The pricing of this solution should be improved. The UX for the SOC analyst does not match that of the competitors, and therefore needs improvement. There is a GUI, but it is not complete and lacks functionality that needs to be performed using the console. The most important thing to work toward is having a user-oriented interface. In the next release of this solution I would like to see user data analytics, and some machine learning capabilities.

2019-08-08T07:02:00Z
author avatar
Reseller

The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system. Network and network paths could be supported better in integration with other network traffic catchers. It would be great then.

2019-08-06T07:17:00Z
author avatar
Real User

I would like to see some advanced analytics.

2019-03-11T07:21:00Z
author avatar
Real User

I would like to see orchestration.

2019-03-11T07:21:00Z
author avatar
Consultant

They should improve on the following: * Timely resolution of issues and proper support once a ticket has been generated. * Systems appearing on the network which are not part of the domain controller. These should be monitored. * Inactive connections from servers, which are upgraded or downgraded within a VM, should be automatically revoked. * Logger monitoring should be separated from ESM monitoring. * Ability to integrate with cloud-based applications and monitor cloud-based events. * Ability to log and notify tailored rules via SMS/email. * Provide more ArcSight training and workshops.

2018-08-28T11:47:00Z
Find out what your peers are saying about Micro Focus, Securonix Solutions, Microsoft and others in User Behavior Analytics - UEBA. Updated: October 2020.
442,986 professionals have used our research since 2012.