How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
Thank you!
We use ArcSight to collect logs from our customers and allocate services.
We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.
We are primarily using the solution for security alerts and correlation of security events and logs.
We use this solution for the authentication of software.
We implement this solution for our clients. It is primarily used for compliance, but also for analytics and SOC implementation. All of the deployments that we have implemented are on-premises.
Our primary use for this product is to cover on DCI (Data Center Interconnect) requirement and design excerpts. It is used to connect all the links from different systems and environments. We also use it to do accommodations between the systems and environments and have multiple use cases between the systems.
We use it as a SIEM. We're using the enterprise edition.
Our primary use case for this solution is as a SIEM.
I have used ArcSight Analytics to assess environments with more than a 100 network devices and 12 different firewalls. I have used it to evaluate 120 servers, which include Sybase, AIX, SAP, Windows, other Linux-based servers. It has been used with Db2 and Oracle databases.
Hi community members,
I'm a security engineer at a Tech Services company and I'm currently exploring SOC solutions, such as Rapid7 InsightIDR, Splunk, IBM QRadar and ArcSight Analytics.
Based on your experience, which SOC tool/solution would you recommend and why?