IT Central Station community members have contributed 33 detailed user reviews of HPE ArcSight. They discuss the valuable features of the solution, where they see room for improvement, and other solutions they have previously used, as well as the scalability and stability of the solution. HPE ArcSight has a 7.9 rating from our community, and reviews have been viewed over 28,000 times.
We’ve chosen several new user reviews of HPE ArcSight for 2017 — to help you in your purchasing decision.
Laszlo Kereszturi points to three valuable features of the HPE ArcSight:
- “Event correlation across multiple device categories: It allows us to have a full picture of what is happening in the environment.
- Flexible event collection: Besides hundreds of standard devices, you can send custom CEF Syslog prepared with your own scripts.
- Customization of alerts: Velocity macros allows you to send very clear and user-friendly alerts.”
Amit Kumar Gupta agrees “Correlation and flexibility are the most valuable features. ArcSight saved time and effort responding to security incidents with one centralized console and helped to meet compliance requirements for log collection.”
Bharath writes “It’s a highly customizable solution. Rules can be customized to a great extent. Session lists, active lists, and global and local variables are pretty unique to the solution.”
Alexander Kuzmin highlights “High performance: The amount of data fed to the solution is huge (100s of millions of events per day). Security incident discovery and mitigation is a matter of hours, rather than days or even months, like it was before.”
User Merana Sadikovic Mandzukic notes the following valuable features:
- “Collecting logs from many different sources. If you have your own app, you can do logging for it. In addition, you can customize log parsing.
- Built-in content such as reports, dashboard, compliance, and standard packages.
- Ready-made content that can be used immediately.
- Customized business tables can be correlated.”
Room for Improvement
However, Shane Lawrence finds room for improvement “I’ve had stability issues, particularly with SmartConnectors. They sometimes crash. Worse still, they often report that they’re working fine but completely stop listening for events.”
David Hourani would like to see improvement in HPE ArcSight’s “Ease of use, access and simplicity: ArcSight can be quite complicated to use for “non-IT” user.”
Sorin Brici agrees, “Making the FlexConnector configuration less complex. You need development skills in order to do your job in creating/configuring agents and connectors. The cost for this work, via HPE consultancy, is huge.”
According to Associatb8eb, “The correlation and storage have to be improved. The correlation works fine, if we have less amount of rules being written, but it becomes slow if we have more than 200 rules written for any correlation.”
Mandzukic would like to see:
- “Ease of changing the product underneath. For example, instead of Juniper routers, we started to use Check Point routers.
- Component accessibility: Components are managed in different places; console, web console, and administration web. It would be nice to have easier access.
- Better UX: I would like to see a better user experience with the web client. Sometimes, it is very slow and not very intuitive.”
Read new reviews from 2017 for the Top SIEM Solutions on IT Central Station here.