ArcSight Logger Reviews

Data correlation, which unfortunately only comes with an ESM module, is the most valuable feature for us.

We have issues with connecting standard HP network devices as they appear to not be supported by HP ArcSight. One company/product is not aligned and apparently it is expected that all the network data is in CEF format, which is impossible for the HP network sources to deliver. Instead, HP ArcSight should be able to handle any file format.

We are still currently implementing it.

There were no issues deploying it.

We have had no stability issues.

There have been no issues scaling it.

I'd rate technical support a 7/10.

There was no previous solution in place.

It's complex for several reasons -

• Targeting and logic of systems
• Bandwidth dependencies
• Data privacy
• Location
• FW settings
• File formats

We're using a vendor team.

It is very expensive for what it delivers. Licensing is set at 80 servers, just enough to catch the most important ones.

We use this solution for archiving log feeds.

The most valuable feature is the search capability, which is simple to use. We can easily search for certain events.

We have had problems with archiving.

The license for ArcSight Logger has given us problems.

I would like to see better integration with ArcSight ESM.

It would be helpful if this solution had some of the features from the ArcSight Command Center.

I have been using ArcSight Logger for three years.

This solution is stable. The availability depends on the nodes.

ArcSight Logger is scalable.

We have approximately 30 users over a 24-hour period for the whole network.

I am the technical support person for all of our on-site components.

My advice for anybody who is implementing this solution is to use ArcSight ESM to correlate the logs and display them on the dashboard.

I would rate this solution an eight out of ten.

We focus mainly on the enterprise market where the customers have the requirement for log management and compliance. And most of the time we propose ESM along with the logger for SIEM requirements.

We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them.

Various log collecting methods helps customers to route logs from almost every application or device.In terms of ArcSight Logger's most valuable feature, it is their scalability and flexible log collecting options. ArcSight's real advantage is its scalability because they have two layers, Logger layer and correlation layer. So customers may benefit from this when it comes to licensing and designing. For example, let's say the customer wants to only have a logger requirement, they have the flexibility to only use the logger layer, instead of suggesting all the other layers. I don't see this kind of flexibility in other vendors.

A concern is that after their merger with Micro Focus I have some doubts. I don't see much development of the road map on ArcSight itself. The reason why I'm saying this is because we had a situation here in Sri Lanka which concerned us, where Arcsight suddenly decided to discontinue IBM as installation platform for the connectors. So in case of the road map and the technical improvements, I see the direction has changed somehow and now the customers and the distributors who are trying to implement it don't have as much visibility about the direction.

Arcsight should focus on inbuilt features like SOAR and UBEA features.

I have been working with ArcSight Logger for about two years.

The platform is very stable. We haven't experienced any unexpected failures at any circumstances.

As I mentioned, their scalability is one of their most valuable features.

I would rate the technical support only 5 out of 10. The technical support is not satisfactory. I think there is a lack of expertise when it comes to support . This appears to after merging with Micro Focus.

Log collection may seems tricky but if you have fundamental understanding about the product it's straight forward.

We implement arcsight solution for the customers. We posses skill set for the implementation.

We focus mainly on the enterprise market where the customers have the requirement for log management and SIEM. We have multiple Logger customers here in Sri Lanka where we've implemented and maintained solutions for them. We see that those customers has compliance, security in depth and log management as their main ROI drivers.

We have an annual subscription license. I'd say the pricing is okay.

I would advise anyone looking to implement this solution to have a good understanding of your infrastructure and to verify your architecture. You should be able to get an idea of their road map for the next five years to just verify what sort of effect it will be making on your system.

On a scale of one to ten, I would rate it an eight.

We are a service provider and this solution is deployed on-premises for some of our customers. It is primarily used for firewall and Windows events. 

The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console.

The searching is very good, where you can search for the larger part of the event.

I would like to see better scheduling in the next release of this solution.

It would improve the solution if some of the features available in the console were implemented within the search. More things can be done in the console, while the logger is restricted to just a few of them.

The stability of this solution is fine, so far.

When you export a large number of events then it gets slower.

We have about fifty users for this solution. We do not yet have plans to increase usage.

Technical support for this solution has definitely been helpful.

We evaluated Splunk and IBM QRadar before choosing this solution.

The first time you set up this solution it is a little bit complex. But when you try it again and you know where the errors are, it is much more comfortable.

We have four administrators who maintain this solution.

We deployed this solution ourselves.

We did not use another solution prior to this one, although we have upgraded versions.

This is a solution that is straightforward and easy to use. It is user-friendly and not complex.

I would rate this solution an eight out of ten.

We use the on-premise deployment model. Our primary use case is for monitoring. 

In the next release, I want to see more intelligence. 

We haven't had any crashes or bugs. It is stable.

Their technical support is good. 

We have a support group that helps with this. The setup isn't easy. The deployment took a month. 

I would rate it an eight out of ten. 

• Real-time correlation
• Long-term log storage

It benefits the organization by identifying the threats ranging from the most basic ones to many advanced ones. Any of these threats could have a negative impact on business, so it's important that ArcSight Logger can identify all of them.

I wouldn’t mind adding a few features such as grouping of events based on the “name”, “source address”, etc. in real-time rather than requiring the running of reports every time. A few competitors allow this functionality already.

I've been using it for four years.

There have been no issues deploying it.

It's highly stable and we haven't had any issues with instability.

The solution is designed to be easily scalable depending on different organizations and their existing expansions.

The level of technical support is intermediate. Although they're helpful and polite, they don't help with emergency situations. However, the global ArcSight community is sufficient for the resolution of most critical errors.

It provides the level of flexibility and options specially to define custom use-case scenarios like no other SIEM tool, though I have experience with only one other.

The initial setup was a bit complicated to follow since there are many different components present within it. However, the complexity once learned adds a level of flexibility that you can play with.

We did it through a vendor team. Proper planning in place ensures smooth execution.

Plan, implement, explore and protect.

The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.

For example, it has helped us and the organization with a maturity level in the SIEM market to reach greater heights and compete with other organizations. We have an edge in the market with this product.

ArcSight Logger needs to improve in the area of threat analytics as security is vitally important to us. It also needs to provide some "upper-hand" features on some functionalities, as they're somewhat no so easy to use.

I've used it for four-and-a-half years myself, and it's been around 12 years of use by the organization.

We had no issues with the deployment.

HP needs to work on the stability as it is mostly dependent on Java and there are console-related issues.

We have had no issues scaling it for our needs.

I would rate technical support as good but not the best when compared to a few years prior. The level of support seems to have decreased lately.

Our first SIEM product is this. We chose it because it's a major player in the SIEM technology market and it's mature, even as it's in the earlier stages.

I would say the initial versions of ArcSight components were pretty complex. For example, consider ESM, for which we had to install the manager and database separately and there were major issues with it on the archiving, and also the database management was pretty tough. But over a period of time, they improved drastically when the CORR-E came into the market.

We have our own in-house SIEM administration and implementation team which handles all the activities for multiple customers.

For licensing, I would say ArcSight beats all the vendors in the market in complexity.

I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave in fixing it.