ArcSight Analytics provides robust capabilities for automatic log parsing, sorting, and monitoring. It enhances data integration, alerts, and scalability, offering deep insights into log correlation and threat analysis.
| Product | Mindshare (%) |
|---|---|
| ArcSight Analytics | 1.8% |
| Exabeam | 8.8% |
| IBM Security QRadar | 7.4% |
| Other | 82.0% |
| Type | Title | Date | |
|---|---|---|---|
| Category | User Entity Behavior Analytics (UEBA) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | ArcSight Analytics vs Exabeam | Jun 23, 2026 | Download |
| Comparison | ArcSight Analytics vs One Identity Safeguard | Jun 23, 2026 | Download |
| Comparison | ArcSight Analytics vs IBM Security QRadar | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| IBM Security QRadar | 4.0 | 7.4% | 91% | 218 interviewsAdd to research |
| Varonis Platform | 4.2 | 4.4% | 95% | 20 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 4 |
| Midsize Enterprise | 3 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 34 |
| Midsize Enterprise | 13 |
| Large Enterprise | 22 |
ArcSight Analytics serves as a comprehensive platform for Security Information and Event Management, supporting functions such as security event correlation, threat monitoring, compliance, and log management. Users can take advantage of its ability to consolidate data on intuitive dashboards and utilize its numerous connectors and prebuilt roles. It facilitates detailed behavioral analytics and anomaly detection along with extensive user connection information. While it is recognized for its stability and scalability, areas like the integration with third-party apps, advanced analytics, and the application of machine learning could benefit from further development. Enhancing dashboards, providing better customer support, and refining the pricing structure are also necessary to meet expectations.
What are the key features of ArcSight Analytics?ArcSight Analytics is extensively applied in industries with substantial IT structures, aiding in the evaluation of large-scale networks and devices. Its capabilities are particularly valuable in authentication monitoring and network analysis, addressing Data Center Interconnect requirements and enhancing security protocols across different sectors.
ArcSight Analytics was previously known as ArcSight User Behavior Analytics, ArcSight UBA.
| Author info | Rating | Review Summary |
|---|---|---|
| Consultant at a tech vendor with 10,001+ employees | 3.0 | I use this solution for logging and analysis. While it's stable and easy to implement, its difficult usability and significantly declining support after acquisition lower my rating to six out of ten. |
| CEO at Kapstone Technological Services LLP | 4.5 | ArcSight Analytics provides deep network insight and threat analysis, offering valuable reports for understanding vulnerabilities and potential attacks. It is scalable and easily deployable, effectively helping to assess the likelihood of threats based on CVS scores. |
| Delivery Head at a consultancy with 10,001+ employees | 3.5 | I find ArcSight Analytics stable with good connectors and community support, though it relies on FlexConnectors. It's expensive, needs better compatible connectors and user behavior analytics. My salesperson offers great support. |
| Cyber Security Team Leader at a tech services company with 501-1,000 employees | 3.0 | I find ArcSight's correlation engine good and it's scalable. However, its features are stale, queries are very slow, and stability is average. I'd recommend using another solution for queries. |
| Principle Architect at Tech Mahindra | 4.0 | I value ArcSight for its behavioral analytics and anomaly detection, noting good stability and scalability. However, its complex nature, requiring skilled users, and poor visualization are areas for improvement, although support is decent. |
| Cyber Security Consultant at raf | 3.0 | I use ArcSight for network monitoring, valuing its log monitoring. However, it's not user-friendly, lacks good third-party integration, and I wouldn't recommend it, preferring Splunk or QRadar. |
| Director at Techpace | 3.5 | I find its log correlation excellent for security events. However, reporting, dashboards, and the ecosystem need improvement. Customer service is lacking. It's expensive and moderately complex to set up, best for complex use cases. |
| Senior Systems Engineer at a tech services company with 501-1,000 employees | 4.0 | No summary available |
| Analyst at Orange | 4.0 | I use this solution for log management and investigation, identifying user connections. It's stable and easy to set up, but the dashboard is complicated, documentation is poor, and local support needs improvement, even though I'd rate it 8/10. |
| Cyber Security Team Leader at a tech services company with 501-1,000 employees | 3.5 | I find this solution stable, scalable, and easy for use cases and queries. However, the GUI is basic, updates are lacking, and I'd like more integration with automation and Intelligence Suite. I recommend it. |
We primarily use the solution for logging sources. It's for analysis.
I like their filtering and their reporting tools.
I like their integration with many other different tool sets, which is similar to other products as well.
The solution is easy to implement.
I've found the product to be quite stable.
It's scalable.
The usability could be better. I'm used to it now since I've worked with it for so many years. However, it can be a difficult tool to use.
Their support team could be better. They've gone downhill since their product has been acquired.
I've used the solution for the last ten years.
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
It can scale as needed. It's not a problem.
There are different teams using it. We have CSOC, which is internal, which is onshore, then we have a security operations center that is offshore, which would be in India. The onshore team might be a group of three, and the offshore might be a group of five. Likely, we have eight to ten people in total using the product directly.
They used to have good technical support. However, the company got acquired, and the support only got worse.
I've found that they are not as knowledgeable as they used to be. It seems like a lot of people who were with the company, who were embedded in the company, who were very knowledgeable about ArcSight, the tool, have left. Now, there are only people who are not as well-rounded in their knowledge of the tool.
I'm also familiar with QRadar and Splunk. Most SIEM tools to me have similar qualities. For example, QRadar compared to ArcSight is probably a little more user-friendly. Splunk is a more robust version of ArcSight's Logger Platform. All of them have different qualities for different components.
It's easy to implement the tool. It's not complex at all.
We have a third party that helps maintain the product. They would do any admin istration and upgrades for us.
You do need to purchase a license to use the solution. However, the size of the company would dictate the cost.
We're customers and end users.
I'd rate the solution six out of ten. I'd likely rate it eight out of ten if the support team were reliable.
ArcSight Analytics is used to get a deep insight about the network.
ArcSight Analytics is used to get a deeper insight and threat analysis about the network. The solution's threat analysis gives a good view of the network. We can then compare those vulnerabilities and CVS scores worldwide and get a good understanding of how likely the network is to be hit. The kind of report ArcSight Analytics gives is really good.
ArcSight Analytics is a very scalable solution that is easy to deploy.
ArcSight Analytics is a stable solution.
ArcSight Analytics is a scalable solution.
It took us two to four months to deploy ArcSight Analytics.
My customers pay a yearly licensing fee for ArcSight Analytics.
I have deployed ArcSight Analytics for three customers. ArcSight Analytics is a good solution, but you need to have the capability to handle it well and integrate it into the customer network. Network integration is very crucial, and you need to have the knowledge to get it done. The solution's integration with other security tools was very good and smooth.
I would recommend ArcSight Analytics to other users.
Overall, I rate the solution a nine out of ten.
I use ArcSight Analytics to make use cases, create rules in our SIEM, and provide services.
The most valuable features are that you get lots of connectors, which make it easy to log in to my ASM, and lots of prebuilt roles from the company. The community base also has a lot of information to configure and adapt the product.
Currently, there are no compatible connectors for this solution, which means we have to depend on FlexConnectors. If ArcSight could launch smart, compatible connectors, it would improve trust in the product. In the next release, ArcSight should include user end-behavior analytics.
I've been working with this solution for three months.
This is a stable solution.
I've had no problems with scalability.
ArcSight's technical support is ok, but our salesperson provides personal support for touch problems, and he always has lots of solutions and resolves our problems easily.
Positive
This solution is expensive.
I'd give ArcSight Analytics a rating of seven out of ten.
We use ArcSight to collect logs from our customers and allocate services.
The correlation engine is good.
ArcSight's features are starting to get stale. They haven't added any new features in quite a long time. They could add an easier way for a person to customize log sources. It needs more user analytics and aggregation user queries. And it's slow. When you query over ArcSight, it is very slow.
I've been using ArcSight analytics for more than five years.
In terms of stability, ArcSight is not very good. I would say it's about average. We've had some issues but overall it's about average. This is the main issues are with reporting. Sometimes on the service end, we stop receiving logs.
ArcSight is a scalable solution.
Tech support is average. Not bad. Not good.
We haven't had any complications with the setup, and it is low maintenance.
I would rate ArcSight six out of 10. If you are going to use ArcSight, I would recommend using it alongside another solution. ArcSight is good for correlation, but you should have another solution to handle the queries. For queries, you need a faster solution and ArcSight will not provide you with that.
The features I have found most valuable are its capabilities for behavioral analytics and anomaly detection.
ArcSight's features that can be improved include anything related to its visualization capabilities and user-friendliness.
The product is complex. The algorithm is not so complex to implement, but when you want to get anything else out of it, it is complex, actually. ArcSight is difficult to implement, you need to know what you are doing. The algorithm is easy to implement but difficult to get exactly what you want. It depends on the nature of the organization and the skill of the people who are using the tool. If there are good, skilled people using it, ArcSight is the best. If there are medium-skilled people using it, then it is less good. ArcSight needs real skills to get the information out of it.
I have been using ArcSight Analytics for two years.
The stability is very good, too. Relative to LogRythm, I cannot comment much because I don't have rich experience working with LogRhythm except doing some POC’s. So it would be not great on my part to comment. But my research showed that stability-wise both are the same, LogRhythm maybe a little bit less stable. ArcSight is about a nine and LogRhythm about an eight.
The scalability is very good.
I have contacted support and would rate them about 7.5. That's because response time and resolution are good. They are fine.
The initial setup is not complex, but it does require skill. If somebody says that they can set it up in the span of weeks, I don't believe that it will not work out. If they say they can implement within and go live in one week, to what extent?
I don't want to just look at the console, we need to start giving actual values and giving actual alerts where I can start taking some actions and start showing some proper implementation in the security portion from using this tool.
The advice I would give to people who want to use ArcSight is to have patience and use the complete innovations of the tool, don't go by the superficial features. Do a total analytics of the tool to understand what value it can provide.
On a scale of one to ten I would rate ArcSight an eight.
We use this solution for monitoring our network. It does authentication failure monitoring, VPN log monitoring, internal threat monitoring, and outside threat monitoring. It also looks for IOCs and malicious activity that is originating from internet connections.
The most valuable feature is the log monitoring.
ArcSight is not a user-friendly solution and the interface needs to be improved. It is a bit tough to use for people who are inexperienced.
ArcSight needs better support for integration with third-party applications. It should be able to handle logs from all kinds of different sources.
The API needs to be improved.
I have used other log management solutions including Splunk and Elasticsearch. I also use QRadar as a more general SIEM.
This is not a solution that I would recommend. Instead, I would recommend Splunk or QRadar. In the case of an organization with a small budget, I would recommend AlientValut or Elasticsearch.
I would rate this solution a six out of ten.
We are primarily using the solution for security alerts and correlation of security events and logs.
The ability to correlate different logs is the solution's most valuable feature.
The reporting and the way it is worded needs to be improved in future releases. The dashboards are quite poorly designed.
The ecosystem needs improvement. It's not only in the planning though, but it's also just the ecosystem overall. Nowadays, it's not about security, and not only about analytics, but it's about the complete ecosystem that can give you much more visibility on what's happening and what the meaning of logs are that are being injected into the system. Increasing the ecosystem of ArcSight also means introducing more features and more tools that integrate within the solution.
The stability of the solution is perfect.
The scalability of the solution is excellent. We have 25 analysts that use the solution and at this time we do not plan to increase usage.
We're not completely satisfied with technical support. It's an area the solution could improve.
The initial setup has a moderate amount of complexity. It's something in between complex and straightforward. The process is not something that any beginner can do, however, is also doesn't require a highly skilled developer. It does require people to know what they are doing.
We handled the deployment ourselves.
If you compare it to even a few years ago, pricing seems to have improved a lot. However, it's still one of the most expensive solutions available on the market.
I would rate the solution seven out of ten.
The solution is much more suited to complex use cases. If it's a very simple use case, then ArcSight is not the right choice for you.
Our primary use for this product is to cover on DCI (Data Center Interconnect) requirement and design excerpts. It is used to connect all the links from different systems and environments. We also use it to do accommodations between the systems and environments and have multiple use cases between the systems.
Our organization has improved because ArcSight allows multiple integrations with multiple systems which we did not do before using the product. There can be multiple integrations with different parts of systems that process them. This can include files, XML, how the parts of the system receive connection, a specific API, other different products like anti-virus packages, or risk prediction.
We needed a predictive function that worked with other systems. It is supposed to be possible by using different agents. There is an agent called Smart Connector. Each connector has a specific role and function and launches with specific technologies.
All the features are valuable for us because we use all of them. It's like any other ESM (Enterprise Service Management) solution. You can use how you want to. It depends on the reports, on the correlation rule alerts, notifications, dashboards, all of the business rules. It is very important for most of the clients.
Most of the clients need to cover their BPI (Business Process Insight). They generate a lot of records to provide them for BPI department or risk department. That could be including their Instagram, or checking that the system's working fine, and information collected by the SIEM (Security Information and Event Management).
The product might be improved in comparison with other products. For example, they need to work with the flexibility of the GUI. It is sometimes considered complex by some of our customers. Also, the ArcSight Analytic is not so easy. The end-users are not supposed to be required to learn the network. Another thing, it only supports through links and the analytic bar, not the network traffic parts. That's the major point that could be more improvement in the system.
Network and network paths could be supported better in integration with other network traffic catchers. It would be great then.
I find the product to be very stable and we experience no problems with it.
It is scalable based on the fact that licenses could be added-on. There is a part of the solution that requires an upgrade to ArcSight that could provide additional capabilities and many-stepped solutions that could be installed in an ISP provider.
On occasion, we have contacted customer support. We have bought a support contract just in case there is any failure or other issues that could happen on the system. Sometimes we need their support directly to efficiently solve an issue. Their support is very helpful, and they can help you and provide you good solutions.
We sometimes use different solutions. We have RSA and ArcSight implementations. We use RSA to do networking and the use of ArcSight depends on the need of the customer. Sometimes there are customers who ask for RSA. Sometimes there are customers who have knowledge about ArcSight and they like what it provides and the features it has but they want to improve how they use it in their system. There is no need to have a new system to implement a new solution.
The initial installation has co-integration and settings, so it is mostly straightforward. But sometimes customers need specific co-integration and finer tuning saved on their system.
The base deployment for any system will take around two weeks. With integration and customization, it may be another two weeks to three weeks maximum.
We provide support for our customers in ArcSight and RSA so we do our own installations and installations for clients.
The product is not really intended to generate income as it is a security solution.
We did not evaluate other solutions as through research we could tell the product was well accepted and had the solutions we needed.
Advice that I would give to other people who are considering using this product is that they need to have a good working knowledge of the system. They might want to consider training. They need to be able to specify exactly what the scope of the project is for the net position and in their implementation and installation. If customers who have common needs, like a solution to cover PCI (Payment Card Industry) only, I sometimes advise them to not invest in this system, because it is not made to only cover your PCI requirements.
If I had to rate this product on a scale from one to ten it would be an eight. It would rate higher if there were better flexibility and the GUI was easier to read and use.
We use this solution for log management and correletion.
We have specific use cases for our platform and it helps us to monitor connexion to applications and investigation.
This solution allows us to identify connections for all users. We can see the name, login time, IP address, and other information for each connection to each server.
The interactive dashboard is more complicated comparing to his concurrent Qradar and you need to have training in order to do complexe configuration, so I think that it could be made easier to use. It's very powerful, stable, but not very user-friendly.
I would like to see the documentation improved because it is not enough accessible, flexible or pertinent. It is not very rich.
This is a very stable solution.
Scaling this solution is easier if you have support.
I am currently the only user for this solution in the company.
The local support for this solution needs improvement.
We used previouly Loglogic. We acquired it for investigation purposes so that we can learn more about who is connected to the server.
The installation of this solution is easy.
This solution has taught me a lot about log files, including what types of network information is contained in them.
I would rate this solution an eight out of ten.
We use this solution for the authentication of software.
This solution makes it easy to create use cases, and it is easy to move queries from use cases to the report to the dashboard.
The parallel logic to create queries is very helpful.
The GUI and dashboards are very basic and need to be improved.
The product does not have continuous updates.
I would like to see easy integration with the Intelligence Suite.
I would like to see integration with automation products, such as Phantom Automation.
This is a very stable solution. It is the most stable ESM that I have worked with.
Scalability of this solution is very good.
We have twenty analysts using this solution, and we do not plan on expanding our usage at this time.
Technical support for this solution has been very helpful.
We did not use another solution prior to this one.
The initial setup of this solution is straightforward.
We used a consultant to assist us with the deployment.
This is a solution that I recommend.
I would rate this solution a seven out of ten.
