What is your experience regarding pricing and costs for ArcSight?

To be upfront  I am a security vendor and we are the authors and developers of Snare our SIEM-agnostic Enterprise solution for log collection and log management.  We work with lots of Siem vendors and Snare deploys and integrates with all major SIEM platforms e.g. Arcsight, Qradar, Splunk, RSA. We have over 500 Banks and financial services companies using Snare Agents and Snare central where we have been able to contain and reduce their Siem ingestion charges by up to 60% where the Siem vendor charges for log data ingestion by EPS, GB or any metered basis - https://www.youtube.com/channel/UCr8sLTVcI7oivIjEQBfu7UA. Snare collaborates and compliments SIEM solutions. Snare Agents provide Granular Filtering @ Source, Truncation of Noise out of logs @ Source in a lightweight Agent. Snare Central provides dashboard analytics to monitor log traffic from windows, Linux, Unix, OSX, Syslog feeds etc.while also providing "Out of the Box Compliance Reporting, Alerts" and ability to reflect logs to multiple destinations simultaneously.  From our experience, Arcsight is a good SIEM, very feature-rich but does require a lot of resources and is generally very expensive one-time and ongoing ingestion of logs into Arcsight (unless you have Snare). Arcsight connectors provide an agentless collection process but this has many issues as it is not as secure as Agents and can invite log tampering, no encryption, unable to set group policy etc... I have lots of my customers using Snare Agents with logs going to Arcsight and can provide a reference point if required. My largest financial services customer has over 100,000 Snare agents filtering, reflecting logs to Arcsight. Please take a look at https://www.snaresolutions.com/siem-integration/

We didn’t use any of the products but I include you a link to Gartner comparison. https://www.gartner.com/review.

There are many good SIEM products on the market today. Our company evaluated several SIEM products, LogRhythm, Splunk, AlienVault, Fortinet, and EventTracker. They all are great products. We settled on EventTracker and purchase the licenses through a 3rd party. Because these companies have internal teams of trained security analysts. They take on the heavy lifting of reviewing alerts, threat analysis, etc. The required manpower is a critical piece when evaluating SIEMs.

amongst SIEM solutions marketed by editors, the leading products are Splunk, Qradar both solutions offer a complete NIST compliance. what is the most important to know is to what extent these solutions are able to communicate with other solutions and applications this is mainly what qualifies Qradar as the leader in the SIEM field, since on top of being an IBM product as a guarantee in itself, IBM Qradar has a great list of connectors to third party solutions and finds itself in the heart of a wide portfolio of security products ans solutions. the lask of technical resources is not a problem when adopting a Qradar solution, IBM proposes it in SaaS mode which can be advantageous to multiple customers and for those who are not yet adopting a cloud-based solution they ca still have their own in-premises implementation but managed remotely from Qradar Experts with very attractive monthly fees.