This decision is made by higher management as they don't want to have multiple solutions for one solution. ArcSight Logger themselves don't provide good support, but companies such as ours provide comprehensive support. Splunk is gaining popularity because ArcSight Logger doesn't have certain advanced features.
Analista de TI - suporte a redes e segurança at Tribunal de Contas da União
Real User
Top 5
Apr 11, 2024
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I think ArcSight has been sold two or three times, and the quality has decreased. I wouldn't recommend ArcSight.
There are multiple sources, like Windows and Unix, and we need connectors to get the logs. The solution must provide readymade connectors for different applications. Otherwise, we have to build connectors ourselves.
Senior ArcSight and IBM resileint (SOAR) administrator at a comms service provider with 1,001-5,000 employees
Real User
May 18, 2023
It is really difficult to work in ArcSight Logger, as it is very slow. I have worked three times on these logs due to their slow functioning. If it changes completely, I think there will be two issues. Firstly, if they are using big data, then it will be very costly, and it will be enhanced with service protocol. Secondly, I see a lot of customers in Saudi Arabia coming overseas to vendors to get the ArcSight Logger version which uses big data for searching.
Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use. Unless you have experience with the dashboard, it is not something you can easily figure out. For optimal use, it is recommended to seek out training before attempting to use the dashboard. The dashboard has room for improvement, by making it more user-friendly with fewer commands. Maintenance and troubleshooting can be complicated and complex.
Security Professional at a tech services company with 501-1,000 employees
Real User
Jul 16, 2021
It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult. There is a storage problem, and some improvement can be made at the search mechanism. If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit. Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team. Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues. ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes. The UI can be improved as well.
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Mar 12, 2021
The solution could be improved in maintenance settings. Some of the additional features I would like to see in the next release is an automated dashboard of the logs that has information that is more detailed.
Senior Information Security Analyst – GRC at a transportation company with 1,001-5,000 employees
Real User
Feb 18, 2021
The support structure is not very good. They are not 100% up to date with the current technology. ArcSight does not provide the advanced details that we require. AI and analytics are one of the major things that are needed for better analysis. The integration with other systems could be improved. The interface could be improved with a better GUI.
Founder & CEO at a security firm with 10,001+ employees
Real User
Feb 17, 2020
ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use. You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk. You can do reporting but it's not up to date in terms of interactive reports that are presented well. I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms. If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now. In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited. With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company. They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.
Team Lead at a tech services company with 51-200 employees
Reseller
Feb 16, 2020
A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction. Arcsight should focus on inbuilt features like SOAR and UBEA features.
Senior Security Analyst at a government with 201-500 employees
Real User
Feb 9, 2020
We have had problems with archiving. The license for ArcSight Logger has given us problems. I would like to see better integration with ArcSight ESM. It would be helpful if this solution had some of the features from the ArcSight Command Center.
Information Security Senior Expert at Wafaassurance
Real User
Jan 27, 2020
The console in older versions is not user-friendly. At one point, we experienced an RMA. However, they sent an expert to do an SDN check. Someone came to the company to verify the hardware and try to access the log just to verify what the root cause of the incident was. The hardware was replaced without incident for us. The solution could benefit from adding in machine learning.
CISO at a financial services firm with 1,001-5,000 employees
Real User
Sep 16, 2019
They should enhance and improve everything related to the graphical user interface. It needs to be more fluid and easy to use. Many think that ArcSight is complex and difficult. This is not something that my team feels but that's because we have acquired experience and expertise over time. The solution should make it possible to integrate network analysis features.
SOC Analyst at a tech services company with 11-50 employees
Real User
Aug 18, 2019
I would like to see better scheduling in the next release of this solution. It would improve the solution if some of the features available in the console were implemented within the search. More things can be done in the console, while the logger is restricted to just a few of them.
Technical Consultant at a tech services company with 11-50 employees
Consultant
Aug 11, 2019
I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this. A lot of people that compare this solution with QRadar or McAfee say that the other products in the market are more easier to use than ArcSight. After customers do the training to see how they can use it, they change their minds a little bit, but it still seems that Micro Focus should take some time to reduce the complexity in using Arcsight. ArcSight should give each customer more visibility or a more useful presentation on the web product. There are a lot of customers that want to use the product in the web, especially to use the dashboard, but the dashboard is not so beautiful.
Vulnerability Assessor at Telenor Common Operation
Real User
Feb 20, 2019
The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved. They should improve the speed of the indexing and queries being dumped. Technical support's response time could also be slightly improved. Although these two issues are not something bad, it's just the only things that I think have any possibility to improve, but they're not necessarily something that is bad.
HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.
This decision is made by higher management as they don't want to have multiple solutions for one solution. ArcSight Logger themselves don't provide good support, but companies such as ours provide comprehensive support. Splunk is gaining popularity because ArcSight Logger doesn't have certain advanced features.
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I think ArcSight has been sold two or three times, and the quality has decreased. I wouldn't recommend ArcSight.
The next release should have AI capabilities.
It would be better if the product is cheaper.
There are multiple sources, like Windows and Unix, and we need connectors to get the logs. The solution must provide readymade connectors for different applications. Otherwise, we have to build connectors ourselves.
The platform is quite expensive. They should reduce its cost.
The product's connectors should work better and the user manuals need an update.
It is really difficult to work in ArcSight Logger, as it is very slow. I have worked three times on these logs due to their slow functioning. If it changes completely, I think there will be two issues. Firstly, if they are using big data, then it will be very costly, and it will be enhanced with service protocol. Secondly, I see a lot of customers in Saudi Arabia coming overseas to vendors to get the ArcSight Logger version which uses big data for searching.
Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use. Unless you have experience with the dashboard, it is not something you can easily figure out. For optimal use, it is recommended to seek out training before attempting to use the dashboard. The dashboard has room for improvement, by making it more user-friendly with fewer commands. Maintenance and troubleshooting can be complicated and complex.
The graphics and dashboard could be improved.
I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency.
It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult. There is a storage problem, and some improvement can be made at the search mechanism. If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit. Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team. Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues. ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes. The UI can be improved as well.
The solution could be improved in maintenance settings. Some of the additional features I would like to see in the next release is an automated dashboard of the logs that has information that is more detailed.
The support structure is not very good. They are not 100% up to date with the current technology. ArcSight does not provide the advanced details that we require. AI and analytics are one of the major things that are needed for better analysis. The integration with other systems could be improved. The interface could be improved with a better GUI.
ArcSight Logger is an outdated product. It hasn't been changed in the last ten years. I think that it's a product that will disappear and there are better platforms that you can use. You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose. I would prefer to go with Elastic or Splunk. You can do reporting but it's not up to date in terms of interactive reports that are presented well. I was looking for a SIEM solution. ArcSight has ArcSight VSM, which is a pretty good product, but what I see on the market now is that is it being caught up by newer, more intuitive applications like Splunk. I wanted to have some deep technical insight in comparison of the two platforms. If you have a product that hasn't evolved in 10 to 12 years then you have to start looking at other products. Many solutions were implemented and were useful at the time, but are outdated now. In terms of features such as anomaly detection, or machine learning, or building apps on top of it, it's either not there or it's very limited. With technical support, in the past when it was ArcSight, it was very good. However, when it moved to HP, then Micro Focus, the quality deteriorated. You could see that the knowledge was disappearing in the company. They would benefit from having real clustering with some kind of high availability setup, but it's not clustering as it is in Elastic, where you put in a node and cluster and it all works together. It needs improvement and it should be much better. Also, the user interface is outdated, the search could be faster, and the integration with big data solutions isn't great for input and output.
A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction. Arcsight should focus on inbuilt features like SOAR and UBEA features.
We have had problems with archiving. The license for ArcSight Logger has given us problems. I would like to see better integration with ArcSight ESM. It would be helpful if this solution had some of the features from the ArcSight Command Center.
The console in older versions is not user-friendly. At one point, we experienced an RMA. However, they sent an expert to do an SDN check. Someone came to the company to verify the hardware and try to access the log just to verify what the root cause of the incident was. The hardware was replaced without incident for us. The solution could benefit from adding in machine learning.
In the next release, I want to see more intelligence.
They should enhance and improve everything related to the graphical user interface. It needs to be more fluid and easy to use. Many think that ArcSight is complex and difficult. This is not something that my team feels but that's because we have acquired experience and expertise over time. The solution should make it possible to integrate network analysis features.
I would like to see better scheduling in the next release of this solution. It would improve the solution if some of the features available in the console were implemented within the search. More things can be done in the console, while the logger is restricted to just a few of them.
I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this. A lot of people that compare this solution with QRadar or McAfee say that the other products in the market are more easier to use than ArcSight. After customers do the training to see how they can use it, they change their minds a little bit, but it still seems that Micro Focus should take some time to reduce the complexity in using Arcsight. ArcSight should give each customer more visibility or a more useful presentation on the web product. There are a lot of customers that want to use the product in the web, especially to use the dashboard, but the dashboard is not so beautiful.
The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved. They should improve the speed of the indexing and queries being dumped. Technical support's response time could also be slightly improved. Although these two issues are not something bad, it's just the only things that I think have any possibility to improve, but they're not necessarily something that is bad.