Beoordeeld op 4-5-2019
It provides powerful features to make every operation with received logs.
Opmerkingen: I have been using this product for about 3 years. We use ESM and Logger products. As a SIEM solution, we are able to host this product in our environment. We monitor the alarm and correlation rules, abnormal activities and cyber threats, which we write through the logs we receive from various security products and applications in our environment and monitor our incident response processes.
Pluspunten: ArcSight supports functions such as processing, categorizing, normalizing, converting alarms and correlations and receiving reports on SIEM with very powerful search and filter operators. The product also supports making and running trend reports. It offers very powerful features for SIEM. It has features that provide great flexibility on logs. My favorite feature is the trend report. With this feature, real-time logs over the logs of the report to match the results of the report with a different database to get instant reports to access the report provide quick access.
Minpunten: Ticket management feature is one of the least favorite features. It does not have an interface that can be easily adapted and applied according to your environment. If you want to use this feature, you need professional support and software support.
Antwoord van de leverancier
van Micro Focus op 20-6-2019
Thank you for the 4-star review, it is very much appreciated. We did note your comments about your `least favorite feature? and this certainly helps us build a better product. ArcSight has Case Management; that is different from Ticket Management. Ticket Management is more of a support function / ITSM issue; and while ArcSight does have connectors for ServiceNow, we know it's been problematic for some customers. As you point out, we typically recommend that Professional Services be engaged as each implementation has its idiosyncrasies. That said, improving this area is a KPI for us and we will be looking at options as we move to advance the ?Open? portion of our strategy in late 2019. We'd be happy to hear your thoughts / recommendations in more depth.
Beoordeeld op 17-5-2019
World of Data
Opmerkingen: The ArcSight product is seen as one of the leaders and leaders in the Safety Information and Event Management category, according to Gartner's Magic Quadrant report. ArcSight's approach is to create a single point of communication for observation and control. Gathers all appropriate event data and puts it into a standard form. It collects at a central location for analysis. As a result, the company allows you to easily monitor and, if necessary, take measures. This increases your compliance with your legal requirements and business continuity.
Pluspunten: The most important feature of Arcsight is that it is the only point of communication for observation and control. collects all appropriate data and puts it into a standard form. these data are stored on a hard disk and are expected to be analyzed. With arcsight, it is monitored with the help of side applications and with the help of monitoring tool (see arcsight esm).
Minpunten: The ESM platform is Java. This causes slowness and excessive welding in intensive processes.
Beoordeeld op 13-6-2019
Lack of Support
Pluspunten: The flexibility. I liked that even without good product support, the application was still flexible enough for our team to create work arounds.
Minpunten: The lack of enterprise support. There are no out of the box connectors for new SSO products like Okta.
Antwoord van de leverancier
van Micro Focus op 20-6-2019
Thank you for the review and I'm sorry to read that your experience with Micro Focus was not wholly what we strive to deliver.
It is true that our connectors do not yet support some popular SSO products like Okta. I have reached out to the ArcSight Connectors Product Manager for information on the roadmap. We do support many others, such as RSA, IBM, Layer 7, etc.
This does not solve the challenges you experienced with Customer Support. I would welcome the opportunity to remediate the situation. Could you be more specific? You should receive my contact details via Capterra.
I look forward to having the opportunity to help improve your impression of Micro Focus.
Program Manager, Customer Engagement
Beoordeeld op 8-5-2019
First layer for enterprise SIEM
Opmerkingen: The current configuration of the platform allows the intake of millions of events and its ability to integrate third-party applications and addons facilitates the availability of a functional SIEM in a reasonable time. However, deepening and getting to have very customized configurations implies...
Pluspunten: Ease to perform the intake of virtually any data source.
Minpunten: The learning curve is very complex and requires specialized personnel
Beoordeeld op 5-12-2019
Heart of the SOC
Opmerkingen: Our company and our partners facing a lot incidents masked as a normal events. The SIEM helped us to be protected and to prioritize the events, based of the security risk. Automations of the responses is the other feauture that is a key differentiator.
Pluspunten: Very powerful SIEM with plenty of predefined corellation scenarios. Could be integrate easily with almost everything.
Minpunten: For new users could be a little difficult to play with, but there are a lot of training materials and courses.
Beoordeeld op 2-10-2018
Good tool for Network Security Monitoring
Flexibility and scalability
Third party integrations
Minpunten: Reporting and searching becomes difficult when data pipe is huge above 10k EPS