ArcSight Logger Reviews

We check a lot of logs in ArcSight Logger because we're running a massive database platform.

I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency. 

I have been using Logger for around five years.

The scalability is good. I built our ArcSight Logger deployment, so I will increase resources if there are any performance problems. 

I haven't had many problems, but I a partner in Jordan has helped me more than the vendor.  

I didn't use logging tools previously, but I used Elasticsearch to prepare to use Logger, and I have the ability to build query support in ArcSight Logger.

Setting up ArcSight Logger is easy.

We have a Logger license for lots of devices because our company built 5,000 CBS. 5,000 CBS. You need to buy the  ESM and Logger licenses.This is the last year we will be using ArcSight Logger. We plan to switch to Recon. We'll adopt the next-generation ArcSight tools like Recon and Transformation Hub. If the performance improves, then I have licensed 5,000 CBS. We expect to increase the licenses to 15,000 CBS and expand the scope and network. 

I rate ArcSight Logger eight out of 10.

The solution is used for searching and test reports.

The provisioning engine is a valuable feature of the solution.

It is really difficult to work in ArcSight Logger, as it is very slow. I have worked three times on these logs due to their slow functioning.

If it changes completely, I think there will be two issues. Firstly, if they are using big data, then it will be very costly, and it will be enhanced with service protocol. Secondly, I see a lot of customers in Saudi Arabia coming overseas to vendors to get the ArcSight Logger version which uses big data for searching.

I have been using ArcSight Logger for nine years.

It is a scalable solution. You can create tools and add more than one program to one board. A total of fifteen users are using ArcSight Logger at the moment.

The technical support team is good.

The initial setup is straightforward. The maintenance is good. We deployed the solution on-premises, as there is some restriction on the cloud, and customers prefer it on on-premises as it is cheaper.

If you are willing to work with ArcSight Logger, you must be aware of the security reasons as an institution. The security advantages should be known to understand the functionalities, and you also have to be familiar with VNX strategies.

I rate the overall solution a three out of ten.

Most of our clients need security devices that can monitor events such as authentication failures, incorrect logins, link, module, device, and switch failures, security events and alarms, vulnerability events, and threat logs. We are currently using ArcSight Logger and many other Syslog devices to monitor these security events and logs.

ArcSight's robustness is its most valuable feature. The solution is specifically designed to manage and aggregate large amounts of log data, making it an ideal solution for Syslog servers with a large environment of network devices and servers (both VM and physical appliances).

Using the ArcSight Logger dashboard is not particularly intuitive or efficient, so it is important to be trained in its use. Unless you have experience with the dashboard, it is not something you can easily figure out. For optimal use, it is recommended to seek out training before attempting to use the dashboard. The dashboard has room for improvement, by making it more user-friendly with fewer commands. Maintenance and troubleshooting can be complicated and complex.

I have been using the solution for five years.

The solution is extremely stable.

The solution is highly scalable. When we need to expand our license or add more sources, it's simple to do.

We had a call with technical support today to discuss the issue of their dashboard not being user-friendly. Following the call, we are setting up a demo practice to help them generate their reports in a more accessible way. They have been very cooperative and accommodating throughout the process.

Positive

Setting up the initial configuration can be quite time-consuming, as there are roughly three components to address: the ESM, the Loggers, and the Management Center or Portal. For HPE, we may need to deploy two Logger, one Management Center, and two ESMs, which can take weeks to complete. Setting up the use cases is not a straightforward process and will require two weeks to complete. There are many variables that must be adjusted and fine-tuned for optimal results.

ArcSight is an expensive solution and is difficult to setup.

I give the solution an eight out of ten.

Only a few people have access to ArcSight Logger due to the technical know-how required to use it. Not everyone is able to use the virtual as it involves sensitive information, so access is restricted to those with a technical background.

ArcSight is not recommended for small environments. ArcSight is designed for large environments and requires specialized training. Furthermore, the community of users is not as vast as other vendors, such as Cisco, and VMware. There are better options available than ArcSight, which may better suit an organization's environment.

Our primary use case was to catch malicious activity happening inside our organization.

As the name suggests, it's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data.

The search operations are very fast, and you can get reports very easily for a huge number of events. You can export the search operations.

It's very easy when you want to further forward the logs as well. For example, from the end device if I'm receiving logs in an outside logger and I want to forward those to some other product, which will do something for me, I can easily do it. That's one thing that I like about it.

It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult.

There is a storage problem, and some improvement can be made at the search mechanism.

If you want to do a search, then you have to obtain a couple of criteria to get the exact amount of data. Let's say you have hundreds and thousands of servers in your environment, which will ultimately populate billions of events in a single day, especially the network devices. In this case, if you want to search a specific event, you have to be very, very specific with that query. That's something that can be generalized a bit.

Apart from that, it's a very complex tool and is not easy to implement and maintain. It requires a dedicated team.

Another thing that I think can be improved is the performance issue. When you are ingesting data in ArcSight and also you are forwarding the data from ArcSight to some other products, I have seen some performance issues.

ArcSight, does not perform well in this case. It takes time to process the data. The load is too much. At times, the logger crashes.

The UI can be improved as well.

I used it for close to two years.

The overall stability is good, and I'd rate it as fine.

To scale it, it again comes down to how are you using it. You need to identify the areas which are taking too much load or requiring too many resources from the logger. Area identification needs to be there. Once you do that, then it is easier to scale.

If you are not looking at the right place, then it would be difficult to scale because the bigger the organization, the bigger is the architecture of ArcSight Logger. This is because you need to have multiple loggers so that ArcSight Logger can withhold all the data that I want to feed into it.

We had 20 to 30 users who used ArcSight Logger logger on a daily basis.

Technical support is good. Depending on the agreement with the vendor, such as gold support, platinum support, etc., the support can differ. However, overall, it is good.

The initial setup is complex.

We got help from the vendor during implementation. Without the vendor's help, I would say it's very, very difficult to implement ArcSight Logger and maintain. It's a very complex tool, so we need to have vendor support for implementation.

It's not cheap at all as it's a big product and has been in the market for quite some time now.

I would recommend ArcSight Logger and rate it at seven on a scale from one to ten.

We have just upgraded to Splunk, so we're currently in the process of converting everything over from ArcSight to Splunk.

ArcSight provides the basic information that we want.

The support structure is not very good.

They are not 100% up to date with the current technology.

ArcSight does not provide the advanced details that we require.

AI and analytics are one of the major things that are needed for better analysis.

The integration with other systems could be improved.

The interface could be improved with a better GUI.

The company has been using ArcSight Logger for between six and seven years. I joined the company six months ago, which was my first experience with it.

The stability is alright.

Scaling this product is painful.

Staff-wise, we're not very big but scale-wise, we're right across the whole world. We operate in EMEA, Mexico, and APAC.

We are not satisfied with the support.

We are now using Splunk and are moving away from ArcSight.

The pricing is quite harsh.

I would rate this solution a five out of ten.

The solution offers very good performance and is efficient.

The provider offered excellent training to help us successfully launch the project.

The interface is user-friendly.

The solution passed compliance thresholds and standard requirements which we hoped to satisfy at the time of launch. At our first audit, we presented the roadmap to our auditor and on the second audit, we presented plans to help us re-conduct our certification. They were able to verify the parameters and reporting. It was very successful.

The console in older versions is not user-friendly.

At one point, we experienced an RMA. However, they sent an expert to do an SDN check. Someone came to the company to verify the hardware and try to access the log just to verify what the root cause of the incident was. The hardware was replaced without incident for us.

The solution could benefit from adding in machine learning.

The solution is stable. We haven't faced any incidents after deployment.

The solution is scalable, but it depends on the license you acquire. You can expand your license as needed if you need to integrate more infrastructure. 

For us, our goal was to integrate all the infrastructure so we acquired a license with the expansion option so that we could integrate all the infrastructure that we wanted to. 

In order to expand, users should expect to pay additional fees.

We  are in the digital transformation space. This transformation means that very quickly we may need to be able to add more and more servers into our infrastructure. It was important that the solution we chose had a license that covered that capability.

We've been in touch with technical support twice. Once was for the RMA when we needed some hardware replaced. I had to check the platform to verify it was done.

Technical support was helpful. For the RMA they sent an engineer to be on-site to verify the hardware and to verify also the root cause about that incident. It didn't take a lot of time to replace the hardware. At that time, we were only the second client to acquire Arcsight in Morocco.

Deployment for the solution took a month, or four weeks, in total. The first week was spent installing the firmware and logging the hardware. We updated to the latest supported version as well. The following weeks were spent deploying the agent to the target systems.

The installation itself was easy, but you needed to be trained to use it because the administration console is a bit difficult. It's not like QRadar or Splunk which both have easy to use consoles. ArcSight is efficient but it wasn't until the last version that they started to use a simpler console.

We did all of the training in order to use the solution. The first was technical - for example, how to install and deploy the system. The second training was admin related - for example, how to manage the solution. There was also training on how to manage the parameters, configure the solution, integrate the agent, and handle reporting.

In our case, we bought a license for a three year period. The technology itself is expensive.

At the time we were evaluating other solutions, we looked at Splunk and LogLogic. ArcSight was the first one that positioned itself as a market leader, which was a big reason we chose it.

Arcsight was a technology we used for CM security information event management. We deployed it when I was an Information Security Senior Engineer in a company that provided electricity and water for Casablanca and neighboring cities. Arcsight was a requirement for the ISO27001 standard. It was a requirement because the company was certified. For the first audit, we presented the roadmap that contained the deployment of that kind of solution. After that, we launched an offering to different information system providers. We choose Arcsight as the CM solution.

A requirement of our local regulator, due to the fact that we manipulate sensitive data, was that all data needed to be on-premises which is why we use that deployment model and not a cloud or a hybrid deployment.

ArcSight is a good solution. I'd recommend it. However, I'd advise other companies to acquire a solution that responds to their needs.

I'd rate the solution nine out of ten.

The tool helps us to collect, correlate and publish logs on our site. 

I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events. 

The product's connectors should work better and the user manuals need an update. 

I have been working with the product for three years. 

I would rate the tool's stability a nine out of ten. 

I would rate the product's scalability a ten out of ten. 

The level 3 engineers do not work in our time zone. Hence, we need to wait until late at night for support. You may get an answer not today but only tomorrow or the day after. 

Neutral

The tool's setup is neither simple nor difficult. 

I would rate the product a seven out of ten since it's an enterprise product. 

I would rate the tool a seven out of ten. 

Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query. Additionally, it is user friendly and the automatic graph creation feature is beneficial. 

The solution could be improved in maintenance settings.

Some of the additional features I would like to see in the next release is an automated dashboard of the logs that has information that is more detailed. 

I have used this solution for one and a half years. 

It is a stable solution. 

It is a scalable solution. 

The technical support is very good providing accurate answers and I have never experienced problems with them.

The initial setup to be straightforward, you just have to stick to the documents and it is really easy.

My current deployment was not a complex environment. It was very easy to deploy and connect with the different connectors. I had deployed the solution approximately three times in my career. 

With a complex environment, the deployment was approximately two days whereas with a really complex environment the setup would require around 15-20 connectors.

I would recommend it to others because the performance of the solution is overall great. One of the significant features are its high search capacity and if you know the query language you will be more comfortable.

I rate ArcSight Logger a nine out of ten.