We use ArcSight Intelligence for some user behavioral analytics. The solution is used to integrate the logs properly with different Unix-based and Microsoft-based connectors. The solution gives us alerts on a single console to give us clear visibility of the total network and filter the unnecessary false positives.
All network devices send their logs to the ArcSight logger as Syslog. Logs may include power failure, link failure, multiple failed login attempts, successful user login failure, and more. Security logs are stored in ArcSight's database for up to 90 days (this can be varied depending on the environment). Examples of security logs include authentication and authorization failures, incorrect logins, and wrong passwords; non-security logs such as link and device failure, module failure, STP logs, and unicast/multicast storm problems. These are some of the primary uses of the ArcSight Logger.
Principal Security Advisor at Symbiotic Consulting Group
Real User
2021-05-11T14:14:10Z
May 11, 2021
We have a subscription service to gather global intelligence from the cloud. Within that, we get various feeds. We can get notifications about various types of global attacks that are happening. We can also get updates for our correlation engines from these subscriptions. We are using its latest version.
Find out what your peers are saying about OpenText, Microsoft, Exabeam and others in Security Information and Event Management (SIEM). Updated: October 2024.
We use the platform for monitoring purposes.
We use ArcSight Intelligence for some user behavioral analytics. The solution is used to integrate the logs properly with different Unix-based and Microsoft-based connectors. The solution gives us alerts on a single console to give us clear visibility of the total network and filter the unnecessary false positives.
All network devices send their logs to the ArcSight logger as Syslog. Logs may include power failure, link failure, multiple failed login attempts, successful user login failure, and more. Security logs are stored in ArcSight's database for up to 90 days (this can be varied depending on the environment). Examples of security logs include authentication and authorization failures, incorrect logins, and wrong passwords; non-security logs such as link and device failure, module failure, STP logs, and unicast/multicast storm problems. These are some of the primary uses of the ArcSight Logger.
We have a subscription service to gather global intelligence from the cloud. Within that, we get various feeds. We can get notifications about various types of global attacks that are happening. We can also get updates for our correlation engines from these subscriptions. We are using its latest version.