ArcSight Logger Reviews

Name: ArcSight Logger
Brand: OpenText
Rating: 4 (31 reviews)

3.9 out of 5

31 reviews
80% willing to recommend

692 followers

What is ArcSight Logger?

HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

Get the ArcSight Logger Buyer's Guide and find out what your peers are saying about ArcSight Logger, Wazuh, Splunk Enterprise Security and more!

ArcSight Logger is the #29 ranked solution in Log Management Software. PeerSpot users give ArcSight Logger an average rating of 7.8 out of 10. ArcSight Logger is most commonly compared to Wazuh: ArcSight Logger vs Wazuh. ArcSight Logger is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 20% of all views.

Helped 814,649 peers since 2012

Featured reviews

Nagendra Nekkala.

Senior Manager ICT & at Bangalore International Airport Limited

The product helps me see all the event logs in one place. When I look into the application, I can see different levels of alerts and make the required decision The solution provides information about the risk factors. It also provides information on our security exposure. There are multiple…

Read full review

Geraldo Freitas

Analista de TI - suporte a redes e segurança at Tribunal de Contas da União

Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.

Read full review

Subhadip Pakrashi

CEO at Kapstone Technological Services LLP

It is a proven technology. It is one of the best products available in the market. Loggers generally pull the logs and send them to the main orchestration device. Loggers connect to the SIEM tools, and the solutions speak to each other. It is pretty good. If we want to increase the capacity of the SIEM tool, the events per second can be increased. Loggers are the only way to fetch the logs. It depends on the customers’ requirements. ArcSight Logger sends the logs. The SIEM system is the main component. Less false positives will lead to a better solution. If there are more false positives, the solutions provided by the SIEM tool will be diluted. The data retention capabilities depend upon the size of the hard disk. The bigger the hard disk, the more the data can be stored. The integration with other security solutions is good. It's a proven solution in the market.

Read full review

ArcSight Logger mindshare

As of November 2024, the mindshare of ArcSight Logger in the Log Management category stands at 0.9%, down from 1.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

Key learnings from peers

Last updated Oct 9, 2024

Valuable Features

ArcSight Logger is an impressive tool for collecting and analyzing large amounts of log data. The UEBA feature has reduced event response time, while the provisioning engine is highly valued. The solution is specifically designed to manage large environments of network devices and servers. The log digestion features from threat intelligence platforms are valuable, and it is capable of handling massive database platforms. Users appreciate the speed of search operations and ease of exporting and forwarding logs to other products.

"We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"The machine learning is a good feature."

Room for Improvement

Areas for improvement in ArcSight Logger include better functioning connectors and updated user manuals. Some find the product slow, making it difficult to work with, and the dashboard is not intuitive or efficient, requiring training to use effectively. There have also been issues with storage capacity, and the search mechanism is complicated for new users. There are also performance issues noted by some when ingesting and forwarding data.

"ArcSight has been sold two or three times, and the quality has decreased."
"We find that the search and access functionality is quite slow."
"The next release should have AI capabilities."

ROI

ArcSight Logger is user-friendly, reducing operational time for technical teams to focus on other tasks. It helps identify fraud and outage causes. While expensive, with a licensing limit of 80 servers, it serves enterprise customers needing compliance and security. Outcomes depend on user case utilization. Positive returns have been reported over 12 months.

Pricing

ArcSight Logger is seen to be an expensive and difficult enterprise product to set up. Licensing costs are charged yearly and are standard.

"We have a lifetime license, so we don't pay a monthly fee."
"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."

Popular Use Cases

ArcSight Logger is primarily utilized for monitoring perimeters, storing logs, incident response, and investigations. Organizations in the telecom, enterprise, and service provider sectors deploy it on-premises for log management, compliance, and security event logs. Users value its capabilities for structured log storage, analysis, security monitoring, and integrating with firewalls and syslog servers. It assists in detecting malicious activities, managing authentication failures, and supporting VIP member checks and Windows event management.

Service and Support

Users report positive experiences with ArcSight Logger's customer service and technical support. The support is considered good, with some users praising their cooperation and accommodation during the problem-solving process.

There have been complaints about the availability of level-3 engineers in certain time zones, leading to delays in receiving support.

Deployment

Some found the initial setup straightforward and easy, while others found it to be time-consuming and complex. There are multiple components to address, and setting up the use cases can also take a significant amount of time.

Scalability

The scalability of ArcSight Logger is highly praised by its users, with many rating it a 10 out of 10. The solution is easy to expand and add more sources to, with some users having up to 6,000 machines sending logs.

Proper identification of areas that require more resources is important for successful scaling, as the architecture of ArcSight Logger can become complex for larger organizations.