Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.
IT Security Operations Manager at a recruiting/HR firm with 1,001-5,000 employees
Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.
What is most valuable?
What needs improvement?
We have issues with connecting standard HP network devices as they appear to not be supported by HP ArcSight. One company/product is not aligned and apparently it is expected that all the network data is in CEF format, which is impossible for the HP network sources to deliver. Instead, HP ArcSight should be able to handle any file format.
For how long have I used the solution?
We are still currently implementing it.
What was my experience with deployment of the solution?
There were no issues deploying it.
Buyer's Guide
ArcSight Logger
December 2024
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,168 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have had no stability issues.
What do I think about the scalability of the solution?
There have been no issues scaling it.
How are customer service and support?
I'd rate technical support a 7/10.
Which solution did I use previously and why did I switch?
There was no previous solution in place.
How was the initial setup?
It's complex for several reasons -
- Targeting and logic of systems
- Bandwidth dependencies
- Data privacy
- Location
- FW settings
- File formats
What about the implementation team?
We're using a vendor team.
What was our ROI?
It is very expensive for what it delivers. Licensing is set at 80 servers, just enough to catch the most important ones.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're a third-party vendor.
Senior Security Analyst at a government with 201-500 employees
Good search capability that is simple to use
Pros and Cons
- "The most valuable feature is the search capability, which is simple to use."
- "We have had problems with archiving."
What is our primary use case?
We use this solution for archiving log feeds.
What is most valuable?
The most valuable feature is the search capability, which is simple to use. We can easily search for certain events.
What needs improvement?
We have had problems with archiving.
The license for ArcSight Logger has given us problems.
I would like to see better integration with ArcSight ESM.
It would be helpful if this solution had some of the features from the ArcSight Command Center.
For how long have I used the solution?
I have been using ArcSight Logger for three years.
What do I think about the stability of the solution?
This solution is stable. The availability depends on the nodes.
What do I think about the scalability of the solution?
ArcSight Logger is scalable.
We have approximately 30 users over a 24-hour period for the whole network.
What other advice do I have?
I am the technical support person for all of our on-site components.
My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
ArcSight Logger
December 2024
Learn what your peers think about ArcSight Logger. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,168 professionals have used our research since 2012.
Team Lead at a tech services company with 51-200 employees
Strong scalability options, Flexible log collection and has an easy setup
Pros and Cons
- "In terms of ArcSight Logger's most valuable feature, it is their scalability. ArcSight's real advantage is its scalability because they have two layers, including the logger layer."
- "I would rate the technical support only 5 out of 10. The technical support is not satisfactory."
What is our primary use case?
We focus mainly on the enterprise market where the customers have the requirement for log management and compliance. And most of the time we propose ESM along with the logger for SIEM requirements.
We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them.
What is most valuable?
Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.
What needs improvement?
A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction.
Arcsight should focus on inbuilt features like SOAR and UBEA features.
For how long have I used the solution?
I have been working with ArcSight Logger for about two years.
What do I think about the stability of the solution?
The platform is very stable. We haven't experienced any unexpected failures at any circumstances.
What do I think about the scalability of the solution?
As I mentioned, their scalability is one of their most valuable features.
How are customer service and technical support?
I would rate the technical support only 5 out of 10. The technical support is not satisfactory. I think there is a lack of expertise when it comes to support . This appears to after merging with Micro Focus.
How was the initial setup?
Log collection may seems tricky but if you have fundamental understanding about the product it's straight forward.
What about the implementation team?
We implement arcsight solution for the customers. We posses skill set for the implementation.
What was our ROI?
We focus mainly on the enterprise market where the customers have the requirement for log management and SIEM. We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them. We see that those customers has compliance, security in depth and log management as their main ROI drivers.
What's my experience with pricing, setup cost, and licensing?
We have an annual subscription license. I'd say the pricing is okay.
What other advice do I have?
I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.
On a scale of one to ten, I would rate it an eight.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
SOC Analyst at a tech services company with 11-50 employees
Good searching with detailed display of firewall and Windows events
Pros and Cons
- "The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
- "I would like to see better scheduling in the next release of this solution."
What is our primary use case?
We are a service provider and this solution is deployed on-premises for some of our customers. It is primarily used for firewall and Windows events.
What is most valuable?
The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console.
The searching is very good, where you can search for the larger part of the event.
What needs improvement?
I would like to see better scheduling in the next release of this solution.
It would improve the solution if some of the features available in the console were implemented within the search. More things can be done in the console, while the logger is restricted to just a few of them.
For how long have I used the solution?
We have been using this solution for about one year.
What do I think about the stability of the solution?
The stability of this solution is fine, so far.
What do I think about the scalability of the solution?
When you export a large number of events then it gets slower.
We have about fifty users for this solution. We do not yet have plans to increase usage.
How are customer service and technical support?
Technical support for this solution has definitely been helpful.
Which solution did I use previously and why did I switch?
We evaluated Splunk and IBM QRadar before choosing this solution.
How was the initial setup?
The first time you set up this solution it is a little bit complex. But when you try it again and you know where the errors are, it is much more comfortable.
We have four administrators who maintain this solution.
What about the implementation team?
We deployed this solution ourselves.
Which other solutions did I evaluate?
We did not use another solution prior to this one, although we have upgraded versions.
What other advice do I have?
This is a solution that is straightforward and easy to use. It is user-friendly and not complex.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Works at a government with 201-500 employees
Offers good monitoring and is stable
Pros and Cons
- "We haven't had any crashes or bugs. It is stable."
- "In the next release, I want to see more intelligence."
What is our primary use case?
We use the on-premise deployment model. Our primary use case is for monitoring.
What needs improvement?
In the next release, I want to see more intelligence.
For how long have I used the solution?
I have been using Arcsight Logger for three years.
What do I think about the stability of the solution?
We haven't had any crashes or bugs. It is stable.
How are customer service and technical support?
Their technical support is good.
How was the initial setup?
We have a support group that helps with this. The setup isn't easy. The deployment took a month.
What other advice do I have?
I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Solutions Delivery Engineer at a tech services company with 1,001-5,000 employees
It provides us with real-time correlation and longer-term log storage.
What is most valuable?
- Real-time correlation
- Long-term log storage
How has it helped my organization?
It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.
What needs improvement?
I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.
For how long have I used the solution?
I've been using it for four years.
What was my experience with deployment of the solution?
There have been no issues deploying it.
What do I think about the stability of the solution?
It's highly stable and we haven't had any issues with instability.
What do I think about the scalability of the solution?
The solution is designed to be easily scalable depending on different organizations and their existing expansions.
How are customer service and technical support?
The level of technical support is intermediate. Although they're helpful and polite, they don't help with emergency situations. However, the global ArcSight community is sufficient for the resolution of most critical errors.
Which solution did I use previously and why did I switch?
It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.
How was the initial setup?
The initial setup was a bit complicated to follow since there are many different components present within it. However, the complexity once learned adds a level of flexibility that you can play with.
What about the implementation team?
We did it through a vendor team. Proper planning in place ensures smooth execution.
What other advice do I have?
Plan, implement, explore and protect.
Disclosure: My company has a business relationship with this vendor other than being a customer: We’re a partner company.
SIEM Administrator at a tech services company with 1,001-5,000 employees
The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.
What is most valuable?
The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.
How has it helped my organization?
For example, it has helped us and the organization with a maturity level in the SIEM market to reach greater heights and compete with other organizations. We have an edge in the market with this product.
What needs improvement?
ArcSight Logger needs to improve in the area of threat analytics as security is vitally important to us. It also needs to provide some "upper-hand" features on some functionalities, as they're somewhat no so easy to use.
For how long have I used the solution?
I've used it for four-and-a-half years myself, and it's been around 12 years of use by the organization.
What was my experience with deployment of the solution?
We had no issues with the deployment.
What do I think about the stability of the solution?
HP needs to work on the stability as it is mostly dependent on Java and there are console-related issues.
What do I think about the scalability of the solution?
We have had no issues scaling it for our needs.
How are customer service and technical support?
I would rate technical support as good but not the best when compared to a few years prior. The level of support seems to have decreased lately.
Which solution did I use previously and why did I switch?
Our first SIEM product is this. We chose it because it's a major player in the SIEM technology market and it's mature, even as it's in the earlier stages.
How was the initial setup?
I would say the initial versions of ArcSight components were pretty complex. For example, consider ESM, for which we had to install the manager and database separately and there were major issues with it on the archiving, and also the database management was pretty tough. But over a period of time, they improved drastically when the CORR-E came into the market.
What about the implementation team?
We have our own in-house SIEM administration and implementation team which handles all the activities for multiple customers.
What's my experience with pricing, setup cost, and licensing?
For licensing, I would say ArcSight beats all the vendors in the market in complexity.
What other advice do I have?
I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave in fixing it.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.
Buyer's Guide
Download our free ArcSight Logger Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Log ManagementPopular Comparisons
Splunk Enterprise Security
Dynatrace
IBM Security QRadar
Elastic Security
Graylog
LogRhythm SIEM
Grafana Loki
Fortinet FortiAnalyzer
syslog-ng
SolarWinds Kiwi Syslog Server
VMware Aria Operations for Logs
Check Point Security Management
LogLogic
Buyer's Guide
Download our free ArcSight Logger Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?