Reviews (1-4 of 4)
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
- Integration with smart logger and ESM to create rules and easy management of the same.
- Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
- There is a storage problem that should be improved for better management.
- There is need to improve the search mechanism.
If I have to choose the key points, they would be :
- User management.
- Smart Logger.
And if I were to point out where it is currently lagging :
- UI needs improvement.
- Slow search functionality.
1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.
- Really robust tool, as it can expand to millions of EPS.
- Support clustering.
- ArcSight is a really complex tool, but it's not that easy to implement and maintain.
- Troubleshooting issues on ArcSight can be hard if you have a large environment.
You can have customized rules & trends as per company requirements. You can integrate devices that you want even if no smart connector is present for that particular device. You can also have a list for dynamic requirements. We've created customized fieldsets & populated it with data we want with multiple data formats so that monitoring can be made easy instead of going into event details every time.
The only problem is that every time any old events are retrieved, it takes a long time to load.
- Good integration with IT infrastructure like ticketing systems, web applications and threat feeds etc.
- Real time correlation works very well.
- Dashboards and visualization is done well.
- Even though integration is good but not complete yet as there are a lot of new popular apps which Arcsight can't integrate with natively.
- UI can be improved.
If you work with older applications then integration might work but newer and cutting edge app support is nowhere near completion.
Arcsight Enterprise Security Manager (ESM) Scorecard Summary
Feature Scorecard Summary
What is Arcsight Enterprise Security Manager (ESM)?
Arcsight Enterprise Security Manager (ESM) Technical Details