OpenText Behavioral Signals Reviews

One of the most valuable features of ArcSight Intelligence is its ease of use. This is not just one functionality; multiple aspects contribute to it. For instance, it's easy to write rules, and as you do so, the rules get populated automatically, making it simple to understand the commands.

The product could be improved in several areas; it currently requires significant enhancement. Compared to QRadar and Splunk, ArcSight Intelligence falls behind, placing it as the third choice among these software options.

We have been using ArcSight Intelligence for two and a half years.

We haven't found the product fully scalable. The scalability depends on the support resources provided by the partner. 

The technical support team is capable of resolving issues. However, sometimes, their feedback is not sufficient to solve the problem.

Positive

I prefer Splunk because it offers more functionality and intelligence than ArcSight Intelligence.

Deployment took about a month to complete, but the final fine-tuning took longer, spanning several months. Each server and network device had different requirements, which prolonged the process. It eventually got settled in three months, approximately 90 days.

They offer perpetual licenses for the product.

We integrated this tool with our security infrastructure. We installed it on a Linux server, where we have a Logger and ESM installed. With the Linux server as the hub, we manage all the configurations and rules, including those for email triggers. The logs are routed through a connector to the Logger, allowing us to monitor our infrastructure effectively.

The platform helps us improve threat detection capabilities. I recommend it to others and rate it a seven out of ten.

We use ArcSight Intelligence for some user behavioral analytics. The solution is used to integrate the logs properly with different Unix-based and Microsoft-based connectors. The solution gives us alerts on a single console to give us clear visibility of the total network and filter the unnecessary false positives.

The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place. Using ArcSight Intelligence, all the log sources we get from various sources can be integrated.

ArcSight Intelligence is a bit slower, and its speed should be improved. As our business is growing, different types of logs are coming out. We need to build a connector for each log, which is difficult. It would be helpful if the solution could build connectors for new devices.

I have been using ArcSight Intelligence for six years.

I rate ArcSight Intelligence a nine out of ten for stability.

ArcSight Intelligence is a scalable solution.

I rate ArcSight Intelligence a nine out of ten for scalability.

The solution’s technical support is very good.

Positive

The solution’s initial setup is easy.

One engineer can deploy the solution in a day.

We have seen a return on investment with ArcSight Intelligence. The solution has helped our company save around 40% to 50% of its cost.

ArcSight Intelligence is an expensive solution. On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing an eight out of ten. We have to pay a yearly licensing fee for ArcSight Intelligence. ArcSight Intelligence charges extra for new features, and they are not included in the same license.

ArcSight Intelligence is easy to maintain; one person is enough for the solution's maintenance. The maintenance person will add new features or devices, make policy changes or configurations, and learn and guide other engineers about new threats.

ArcSight Intelligence is a user-friendly solution, and users should buy it if their company can afford its cost.

Overall, I rate ArcSight Intelligence a nine out of ten.

All network devices send their logs to the ArcSight logger as Syslog. Logs may include power failure, link failure, multiple failed login attempts, successful user login failure, and more. Security logs are stored in ArcSight's database for up to 90 days (this can be varied depending on the environment). Examples of security logs include authentication and authorization failures, incorrect logins, and wrong passwords; non-security logs such as link and device failure, module failure, STP logs, and unicast/multicast storm problems. These are some of the primary uses of the ArcSight Logger. 

It didn't. It requires a high expertise.

The ability to tailor an environment to suit your specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk. This capability allows us to customize the alerts we receive based on our environment, such as an airport or banking setting. For example, we can configure alerts to be triggered when someone attempts to access a restricted area or forcefully enter a room. This type of customization is not readily available on other logging servers, making ArcSight an ideal choice for businesses and organizations with specialized needs.

The dashboard is not user-friendly. Using the system requires specialized knowledge and training, as it includes three consoles, the logger, the central management center, and the ESM. The dashboard is not easy to use and requires a lot of commands, making it difficult for those new to the system. All of the commands may be overwhelming for those just learning the system. Making the dashboard more user-friendly and reducing the reliance on commands, perhaps by using plain English text for filters and searches, would be a great improvement. Everyone we ask would agree that the dashboard needs to be made more user-friendly. 

The scalability of the solution can be improved.

I have been using the solution for five years.

The solution is stable.

The solution has limited scalability. I give the scalability a six out of ten.

I had an awesome support experience.

Neutral

The initial setup is difficult. Deployment took us approximately 2 weeks to transition from hardware to VM in our existing environment. When starting from scratch, it would take longer since we had to create the use cases, match logs from every device, and ensure that ArcSight was receiving all the logs.

vendor team

The solution is expensive and only suitable for enterprise environments.

I give the solution a seven out of ten.

I suggest that potential users go for Splunk or SolarWinds as ArcSight requires a rich knowledge base and there are only few online resources available. To ensure that we can deploy and set up ArcSight correctly, it is better to attend a training course to get the necessary knowledge. However, SolarWinds has a log server that is easier to learn, with fewer commands, and most of the tasks are done through the GUI. Therefore, I recommend SolarWinds instead of ArcSight. 

We have a subscription service to gather global intelligence from the cloud. Within that, we get various feeds. We can get notifications about various types of global attacks that are happening. We can also get updates for our correlation engines from these subscriptions. We are using its latest version.

We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way.

The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening.

There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better.

I have been using this solution for over seven years.

It has been stable for us.

We have 34 clients. In terms of devices, there are over 120 devices.

We will increase its usage when we get clients who are seeking such services. Currently, we don't have many clients who are seeking such threat intelligence or threat hunting services. At present, we are also learning about Splunk. In the future, we might migrate our setup to Splunk.

We have contacted them, and their response is a bit slow. Multiple communication exchanges are required for getting the desired output, but we do get a response. We are satisfied with them.

Its initial setup is easy. There are no issues with that.

Its price is average and not very high. Splunk might be a bit cheaper than this. Its licensing is on a monthly basis.

We had evaluated SolarWinds and QRadar. We have different use cases for which we found ArcSight to be better.

I would rate ArcSight Interset/Intelligence an eight out of ten.

We use the platform for monitoring purposes.

The product has a valuable interface. It provides easy access and can present all the analyses in a single report. Another key advantage is compartmentalization in terms of ease of understanding.

ArcSight Intelligence's pricing needs improvement.

We have been using ArcSight Intelligence for six months.

It is a stable platform. We never encountered any glitches or bugs.

The complexity of scalability depends on the navigation. It is sometimes tricky to scale for users without prior experience working with it. In general, it is finely scalable. We have ten users in our organization.

I rate the scalability a seven out of ten.

We have used FortiSIEM before. In comparison, ArcSight has an intuitive interface. When the FortiSIEM has a downtime, we have to call an engineer to restart it. At the same time, I can work on the process myself while using ArcSight. We get all reports in a PDF format. For FortiSIEM, we have to review all the recordings to document the activities.

The initial setup process is relatively easy and takes a day to complete. It requires five engineers to work on the deployment. Additionally, it is easy to maintain.

It is an expensive platform. We purchase its monthly licenses.

I rate ArcSight Intelligence a nine out of ten.