ArcSight - A better insight security solution
December 10, 2019

ArcSight - A better insight security solution

Jatin Rai | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Arcsight Enterprise Security Manager (formerly HP Arcsight)

Arcsight is being used in the security department in our organization. It is used as a SIEM (Security Event and Incident Manager) tool in our organization. As any other SIEM tool, we used Arcsight Enterprise security manager for managing security on all of our endpoint devices, It was one of the best and demanding tool at the time we have implemented in our organization and provide a number of features which help us to have a quick check and easy handling of security event and incidents on all the endpoint devices. To be specific, Arcsight Enterprise security manager is used for integrating all endpoint safety management tool be it IPS, IDS, Firewall, Anti-virus etc. and help to reduce the redundant and false-positive alerts which may not be useful from the security perspective and help us to have a quick check of a lot devices in an effective way.
It also help us to check the complete activity that has been perform on any of the endpoint device integrated with it, creating own rule and filters and creating active channel dashboards that help us to keep a vigil watch in case any big event happens on any devices.
  • Integration with smart logger and ESM to create rules and easy management of the same.
  • Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
  • There is a storage problem that should be improved for better management.
  • There is need to improve the search mechanism.
  • It helps us a lot which managing security event and incidents.
  • It is also very useful to have a dashboard for an quick overview and scheduled reports for timely checks of all activities.
  • It requires more space and search management to be one of the favorites on the market.
We are currently using Elastic search as well for better management of our devices and to keep all the loopholes filled that have been created around the non-upgraded version of Arcsight Enterprise Manager. Elastic searches have the latest mechanism to fetch logs and correlated data, as well as process them in a more useful way.
Let's go here point by point:

1) Better logs management.
2) An effective way of managing the user and their roles.
3) Easy to handle and manage end-point user machines.
4) Better logs collection mechanism(still there is a lot of scopes to improve)
5) Easy to create scheduled reports and Dashboards for a quick check.
6) Easy to implement and handle all the services provide by the ArcSight.
7) User-friendly UI.

Do you think Arcsight by OpenText delivers good value for the price?


Are you happy with Arcsight by OpenText's feature set?


Did Arcsight by OpenText live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Arcsight by OpenText go as expected?


Would you buy Arcsight by OpenText again?


Arcsight was one of the best SIEM tools at the time it entered the market and has advanced features that make it a favorite for a number of organizations, but they lack to upgrade it with the time. Some of there features are still at their best but required timely update to manage with the other competitor present in the market.
If I have to choose the key points, they would be :
  1. User management.
  2. Smart Logger.

And if I were to point out where it is currently lagging :
  1. UI needs improvement.
  2. Slow search functionality.

Arcsight by OpenText Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection