We use the product for log management purposes at the moment.
Senior Officer IT at Tech Data Limited
Provides a valuable visibility feature, but its setup process could be user-friendly
Pros and Cons
- "It provides in-depth information on business activities once we log into the system."
- "The platform is quite expensive. They should reduce its cost."
What is our primary use case?
What is most valuable?
ArcSight Logger’s most valuable feature is visibility. It provides in-depth information on business activities once we log into the system.
What needs improvement?
The platform is quite expensive. They should reduce its cost.
For how long have I used the solution?
We have been using ArcSight Logger for a year now.
Buyer's Guide
ArcSight Logger
November 2024
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is quite a stable platform. I rate its stability a seven out of ten.
What do I think about the scalability of the solution?
We have less than ten ArcSight Logger users in our organization. It provides a medium level of scalability.
How was the initial setup?
I rate the initial setup process a five out of ten. It takes a week to complete the deployment.
What about the implementation team?
We execute some of the implementation steps and take help from our vendor for a few.
What's my experience with pricing, setup cost, and licensing?
I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive.
What other advice do I have?
I recommend ArcSight Logger a seven out of ten. The product’s setup could be quite user-friendly. There could be a proper guide to understand the process.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vulnerability Assessor at Telenor Common Operation
Can handle a huge amount of logs and we are able to create use cases to fit our needs
Pros and Cons
- "The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
- "The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
What is our primary use case?
We have several uses for this solution like retention storage. We use Logger for some queries since we are in Talco industries. We use it for IT, MSISDN, and mobile phone. For the SM we have communication for the infrastructures including security. Plus, we use ESM for prevention and for a couple of cases we use it for fraud prevention and some for the VIP members check.
What is most valuable?
The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution.
What needs improvement?
The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved.
They should improve the speed of the indexing and queries being dumped. Technical support's response time could also be slightly improved. Although these two issues are not something bad, it's just the only things that I think have any possibility to improve, but they're not necessarily something that is bad.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
It is pretty much stable. From time to time we have cases of a connector crashing so the drama processing it is when it gets stuck but that is just an occasional case.
What do I think about the scalability of the solution?
It's pretty much scalable. You can just add remote connectors and you can add remote log types. One of the best parts of the product is FlexConnector. Implementing them is easy to configure.
We have twenty users using this solution that mostly compromise of information security guys and cybersecurity. There are IT infrastructure engineers like Windows Unix engineers and some Talco fraud prevention specialists.
We have two guys operating this solution in these three countries so we require two to three people to maintain the whole thing.
How are customer service and technical support?
Their technical support is also good. Whenever we request anything they are arprompt and the guys are well trained. Any customer could say that it could be faster but I understand that we are not alone in this world. They have plenty of other customers so I completely understand. I would rate their support a nine out of ten. There is always room for more of a prompt response but I'm talking about hours, not days.
How was the initial setup?
I was new to cybersecurity when I joined my company and they were implementing it at the time so the initial setup was a bit complex for me. When I got introduced to it for the first time and got thousands and thousands of pages of documentation it was a bit complex for me to fully understand how it works and how it functions. At this point, I don't think it's complex. It's pretty much straightforward and it's not complex for an experienced IT or security guy.
The full implementation took one year, but there was a huge number of connectors that we implemented across three countries including Hungary, Serbia, and Montenegro. There were a huge number of connectors and a huge number of connector servers. I believe that that's why it took a year, it might have been a bit less.
What other advice do I have?
I would rate it a nine out of ten. I wouldn't give any solution a perfect ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ArcSight Logger
November 2024
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.
Network Specialist with 1,001-5,000 employees
It gives administrators the ability to turn off some of the options displayed in case they don't need to see those specific sections.
What is most valuable?
The functionalities of this particular server is absolutely phenomenal. The server has the ability to provide in-depth, real-time awareness of all actives on the network.
The platform also gives the administrators the ability to turn off some of the options displayed in case they don't need to see those specific sections.
The ability to query anything at any time using any specific field required, and the ability to automate the logger storage capabilities are great features.
How has it helped my organization?
Before the logger was installed on our network, we were very limited as to what type of information we could get back from our previous logger because the old one didn't have as many functionalities.
With ArcSight Logger, our ability to have a more in-depth look into the network traffic and the ability to save the reports for a set amount of time was a huge improvement.
What needs improvement?
The only thing I did not particularly like about the product was its speed on the web interface. It took very long for it to populate and perform the queries.
For how long have I used the solution?
I used this product as a network administrator for two years.
What was my experience with deployment of the solution?
The installation of the server and its agents on the network devices went extremely smoothly. The only issue we had was finding the correct agents to install on our older UNIX-based servers for which we had to contact HP to get information on how to go about acquiring the correct agents.
What do I think about the stability of the solution?
We have had no issues with the stability.
What do I think about the scalability of the solution?
We had no issues scaling it for our needs.
How are customer service and technical support?
We never actually had to call customer support because of the technical forums available to all ArcSight users who could share information and help troubleshoot in case anything was wrong or unclear about how to set up and use the system.
Which solution did I use previously and why did I switch?
We were using a different product for our monitoring and logging services. The reason why we chose to switch over was the in-depth analysis capabilities provided by HP ArcSight which were not previously available to us.
How was the initial setup?
Initially, we had some trouble finding the right agents to install on our servers since we were using some proprietary software on the network, but after we got past that step, everything else was pretty straightforward.
What about the implementation team?
We had one agent come out to our office to assist us with the implementation.
What other advice do I have?
Start using the available resources by registering your product immediately after deploying the unit and contributing to the ArcSight community.
Also, once you decide to go with ArcSight, make sure you go with the complete solution recommended by HP based on the size of your network because that could potentially cause the ArcSight server to perform extremely slow.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior ArcSight and IBM resileint (SOAR) administrator at a comms service provider with 1,001-5,000 employees
A very difficult-to-use solution, especially due to its slow functioning
Pros and Cons
- "The technical support team is good...It is a scalable solution."
- "It is really difficult to work in ArcSight Logger, as it is very slow."
What is our primary use case?
The solution is used for searching and test reports.
What is most valuable?
The provisioning engine is a valuable feature of the solution.
What needs improvement?
It is really difficult to work in ArcSight Logger, as it is very slow. I have worked three times on these logs due to their slow functioning.
If it changes completely, I think there will be two issues. Firstly, if they are using big data, then it will be very costly, and it will be enhanced with service protocol. Secondly, I see a lot of customers in Saudi Arabia coming overseas to vendors to get the ArcSight Logger version which uses big data for searching.
For how long have I used the solution?
I have been using ArcSight Logger for nine years.
What do I think about the scalability of the solution?
It is a scalable solution. You can create tools and add more than one program to one board. A total of fifteen users are using ArcSight Logger at the moment.
How are customer service and support?
The technical support team is good.
How was the initial setup?
The initial setup is straightforward. The maintenance is good. We deployed the solution on-premises, as there is some restriction on the cloud, and customers prefer it on on-premises as it is cheaper.
What other advice do I have?
If you are willing to work with ArcSight Logger, you must be aware of the security reasons as an institution. The security advantages should be known to understand the functionalities, and you also have to be familiar with VNX strategies.
I rate the overall solution a three out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Team Lead at Atlas Security
Extremely stable and scalable and can manage large amounts of log data
Pros and Cons
- "ArcSight's robustness is its most valuable feature."
- "Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use."
What is our primary use case?
Most of our clients need security devices that can monitor events such as authentication failures, incorrect logins, link, module, device, and switch failures, security events and alarms, vulnerability events, and threat logs. We are currently using ArcSight Logger and many other Syslog devices to monitor these security events and logs.
What is most valuable?
ArcSight's robustness is its most valuable feature. The solution is specifically designed to manage and aggregate large amounts of log data, making it an ideal solution for Syslog servers with a large environment of network devices and servers (both VM and physical appliances).
What needs improvement?
Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use. Unless you have experience with the dashboard, it is not something you can easily figure out. For optimal use, it is recommended to seek out training before attempting to use the dashboard. The dashboard has room for improvement, by making it more user-friendly with fewer commands. Maintenance and troubleshooting can be complicated and complex.
For how long have I used the solution?
I have been using the solution for five years.
What do I think about the stability of the solution?
The solution is extremely stable.
What do I think about the scalability of the solution?
The solution is highly scalable. When we need to expand our license or add more sources, it's simple to do.
How are customer service and support?
We had a call with technical support today to discuss the issue of their dashboard not being user-friendly. Following the call, we are setting up a demo practice to help them generate their reports in a more accessible way. They have been very cooperative and accommodating throughout the process.
How would you rate customer service and support?
Positive
How was the initial setup?
Setting up the initial configuration can be quite time-consuming, as there are roughly three components to address: the ESM, the Loggers, and the Management Center or Portal. For HPE, we may need to deploy two Logger, one Management Center, and two ESMs, which can take weeks to complete. Setting up the use cases is not a straightforward process and will require two weeks to complete. There are many variables that must be adjusted and fine-tuned for optimal results.
What's my experience with pricing, setup cost, and licensing?
ArcSight is an expensive solution and is difficult to setup.
What other advice do I have?
I give the solution an eight out of ten.
Only a few people have access to ArcSight Logger due to the technical know-how required to use it. Not everyone is able to use the virtual as it involves sensitive information, so access is restricted to those with a technical background.
ArcSight is not recommended for small environments. ArcSight is designed for large environments and requires specialized training. Furthermore, the community of users is not as vast as other vendors, such as Cisco, and VMware. There are better options available than ArcSight, which may better suit an organization's environment.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Information Security Analyst – GRC at a transportation company with 1,001-5,000 employees
Expensive with poor support, but it gives us the basic information we want
Pros and Cons
- "ArcSight provides the basic information that we want."
- "The integration with other systems could be improved."
What is our primary use case?
We have just upgraded to Splunk, so we're currently in the process of converting everything over from ArcSight to Splunk.
What is most valuable?
ArcSight provides the basic information that we want.
What needs improvement?
The support structure is not very good.
They are not 100% up to date with the current technology.
ArcSight does not provide the advanced details that we require.
AI and analytics are one of the major things that are needed for better analysis.
The integration with other systems could be improved.
The interface could be improved with a better GUI.
For how long have I used the solution?
The company has been using ArcSight Logger for between six and seven years. I joined the company six months ago, which was my first experience with it.
What do I think about the stability of the solution?
The stability is alright.
What do I think about the scalability of the solution?
Scaling this product is painful.
Staff-wise, we're not very big but scale-wise, we're right across the whole world. We operate in EMEA, Mexico, and APAC.
How are customer service and technical support?
We are not satisfied with the support.
Which solution did I use previously and why did I switch?
We are now using Splunk and are moving away from ArcSight.
What's my experience with pricing, setup cost, and licensing?
The pricing is quite harsh.
What other advice do I have?
I would rate this solution a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Founder & CEO at a security firm with 10,001+ employees
A robust solution than can handle complex operations and analytics, but the reporting capabilities are limited
Pros and Cons
- "It's a robust, mature product and you can do some really complex operations and analytics."
- "You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
What is our primary use case?
ArcSight logger was used for storing your logs, long-term, in a structured way. You can search in it, you can structure your data in it, and you can generate simple reports.
What is most valuable?
It's a robust, mature product and you can do some complex operations and analytics.
For correlation and structuring data, it's very good.
It's a secure platform.
What needs improvement?
ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use.
You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk.
You can do reporting but it's not up to date in terms of interactive reports that are presented well.
I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms.
If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now.
In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited.
With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company.
They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.
For how long have I used the solution?
I am an expert with ArcSight, in all of their products. I have been working with them for 15 years.
What do I think about the stability of the solution?
It's a stable product.
How are customer service and technical support?
I don't call support as I have 15 years of experience. I have more experience than support, but it used to be good.
What other advice do I have?
We are involved with technology that allows us to solve problems for clients that they cannot solve themselves. These are often complex environments.
This solution has still been in use over the past year. We have a client who has the full ArcSight Suite. We are working on a solution to phase out Logger in the coming year and replace it with Elastic or Splunk. We can replace ArcSight entirely by Splunk and use Elastic for fast search. We think that there is more progress in that platform.
I would rate this solution a six out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
An extremely customizable and scalable enterprise-level solution with great stability
Pros and Cons
- "The ability to customize the solution in great detail is its most valuable features. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive."
- "The solution should make it possible to integrate network analysis features."
What is our primary use case?
We primarily use the solution for monitoring all of our perimeter - from critical assets to less critical ones. It covers IT assets, networks, databases, servers, endpoints, etc.
What is most valuable?
The ability to customize the solution in great detail is its most valuable feature. We can customize the use cases and also have the ability to do scripting. We can personalize our dashboard as well. The scalability the solution offers is quite impressive.
What needs improvement?
They should enhance and improve everything related to the graphical user interface. It needs to be more fluid and easy to use. Many think that ArcSight is complex and difficult. This is not something that my team feels but that's because we have acquired experience and expertise over time.
The solution should make it possible to integrate network analysis features.
For how long have I used the solution?
I've been using the solution for four years.
What do I think about the stability of the solution?
The stability of the solution is good. There are very few bugs.
What do I think about the scalability of the solution?
The scalability of the solution is very, very good.
How are customer service and technical support?
Technical support is very responsive.
Which solution did I use previously and why did I switch?
We didn't previously use a different solution.
How was the initial setup?
The initial setup was straightforward. Deployment varies according to the scope of your technical parameters. Maintenance is a daily activity. I have a team of two people that are focused on the administration of the outside platform.
What about the implementation team?
We implemented the solution through an integrator.
Which other solutions did I evaluate?
We evaluated QRadar before we implemented this solution.
What other advice do I have?
We are using the on-premises deployment model.
There are people who say "Oh, ArcSight is losing its position and it's complex or it's not a good solution." I do not agree. I know that the biggest companies in the world are still working with ArcSight. It's the most comprehensive solution. It contains many features that are useful for enterprise-level organizations.
If a company has a team that wants to go deeper and get the most features out of developing a real SOC, they should look for a very robust, scalable, multi-tenant solution. The solution should also be able to manage data analytics and to offer User Behavior Analytics. Arcsight offers this.
This particular solution is perfect for big companies. Smaller companies should look for integrated solutions that do not necessarily scale.
I would rate the solution nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free ArcSight Logger Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Log ManagementPopular Comparisons
Splunk Enterprise Security
Dynatrace
IBM Security QRadar
Elastic Security
Graylog
LogRhythm SIEM
Grafana Loki
Fortinet FortiAnalyzer
syslog-ng
SolarWinds Kiwi Syslog Server
VMware Aria Operations for Logs
Check Point Security Management
LogLogic
Buyer's Guide
Download our free ArcSight Logger Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?