One of the most valuable features of ArcSight Intelligence is its ease of use. This is not just one functionality; multiple aspects contribute to it. For instance, it's easy to write rules, and as you do so, the rules get populated automatically, making it simple to understand the commands.
The product could be improved in several areas; it currently requires significant enhancement. Compared to QRadar and Splunk, ArcSight Intelligence falls behind, placing it as the third choice among these software options.
We have been using ArcSight Intelligence for two and a half years.
We haven't found the product fully scalable. The scalability depends on the support resources provided by the partner.
The technical support team is capable of resolving issues. However, sometimes, their feedback is not sufficient to solve the problem.
I prefer Splunk because it offers more functionality and intelligence than ArcSight Intelligence.
Deployment took about a month to complete, but the final fine-tuning took longer, spanning several months. Each server and network device had different requirements, which prolonged the process. It eventually got settled in three months, approximately 90 days.
They offer perpetual licenses for the product.
We integrated this tool with our security infrastructure. We installed it on a Linux server, where we have a Logger and ESM installed. With the Linux server as the hub, we manage all the configurations and rules, including those for email triggers. The logs are routed through a connector to the Logger, allowing us to monitor our infrastructure effectively.
The platform helps us improve threat detection capabilities. I recommend it to others and rate it a seven out of ten.