We have a subscription service to gather global intelligence from the cloud. Within that, we get various feeds. We can get notifications about various types of global attacks that are happening. We can also get updates for our correlation engines from these subscriptions. We are using its latest version.
We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way.
The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening.
There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better.
I have been using this solution for over seven years.
It has been stable for us.
We have 34 clients. In terms of devices, there are over 120 devices.
We will increase its usage when we get clients who are seeking such services. Currently, we don't have many clients who are seeking such threat intelligence or threat hunting services. At present, we are also learning about Splunk. In the future, we might migrate our setup to Splunk.
We have contacted them, and their response is a bit slow. Multiple communication exchanges are required for getting the desired output, but we do get a response. We are satisfied with them.
Its initial setup is easy. There are no issues with that.
Its price is average and not very high. Splunk might be a bit cheaper than this. Its licensing is on a monthly basis.
We had evaluated SolarWinds and QRadar. We have different use cases for which we found ArcSight to be better.
I would rate ArcSight Interset/Intelligence an eight out of ten.
