17 years helping Australian businesses
choose better software

What Is ArcSight?

ArcSight is a security operations and analytics platform that provides holistic security monitoring, threat detection, investigation, and response capabilities. The platform offers real-time correlation, behavioral analytics, and orchestration to help security teams detect threats, streamline investigations, and automate response workflows. Key capabilities include multi-layered analytics, adversary intelligence, log management, MITRE ATT&CK framework integration, and a data lake for collecting and enriching security data.

Who Uses ArcSight?

Designed for all business sizes, it is a vulnerability management solution that helps monitor applications for internal and external threats.

ArcSight Software - ArcSight platform
ArcSight Software - ArcSight dashboard
ArcSight Software - ArcSight layered analytics

Not sure about ArcSight? Compare with a popular alternative

ArcSight

ArcSight

4.1 (12)
No pricing found
Free version
Free trial
14
No integrations found
3.8 (12)
4.0 (12)
3.7 (12)
VS
Starting Price
Pricing Options
Features
Integrations
Ease of Use
Value for Money
Customer Service
USD 15.00
month
Free version
Free trial
154
166
4.2 (244)
4.1 (244)
4.2 (244)
Green rating bars show the winning product based on the average rating and number of reviews.

Other great alternatives to ArcSight

Datadog
Top rated features
Alerts/Notifications
Real-Time Monitoring
Search/Filter
Invicti
Top rated features
No features have been rated by reviewers for this product.
Logsign Unified SO Platform
Top rated features
Real-Time Monitoring
Server Logs
Threat Intelligence
IBM Security QRadar
Top rated features
Incident Management
Real-Time Data
Real-Time Monitoring
ServicePilot
Top rated features
No features have been rated by reviewers for this product.
EcoTrust
Top rated features
Vulnerability Assessment
Vulnerability Scanning
Vulnerability/Threat Prioritization
HackerOne
Top rated features
Real-Time Notifications
Two-Factor Authentication
User Management
Enginsight
Top rated features
Alerts/Notifications
Real-Time Monitoring
Real-Time Notifications
TEHTRIS XDR Platform
Top rated features
Anomaly/Malware Detection
Endpoint Protection Software
Threat Response

Reviews of ArcSight

Average score

Overall
4.1
Ease of Use
3.8
Customer Service
3.7
Features
4.3
Value for Money
4.0

Reviews by company size (employees)

  • <50
  • 51-200
  • 201-1,000
  • >1,001

Find reviews by score

5
33%
4
42%
3
25%
Alexander
Alexander
Account Manager in Bulgaria
Verified LinkedIn User
Computer & Network Security, 11–50 Employees
Used the Software for: 6-12 months
Reviewer Source

Alternatives Considered:

Heart of the SOC

5.0 5 years ago

Comments: Our company and our partners facing a lot incidents masked as a normal events. The SIEM helped us to be protected and to prioritize the events, based of the security risk. Automations of the responses is the other feauture that is a key differentiator.

Pros:

Very powerful SIEM with plenty of predefined corellation scenarios. Could be integrate easily with almost everything.

Cons:

For new users could be a little difficult to play with, but there are a lot of training materials and courses.

Verified Reviewer
Verified LinkedIn User
Banking, 5,001–10,000 Employees
Used the Software for: 2+ years
Reviewer Source

Alternatives Considered:

It provides powerful features to make every operation with received logs.

4.0 6 years ago

Comments: I have been using this product for about 3 years. We use ESM and Logger products. As a SIEM solution, we are able to host this product in our environment. We monitor the alarm and correlation rules, abnormal activities and cyber threats, which we write through the logs we receive from various security products and applications in our environment and monitor our incident response processes.

Pros:

ArcSight supports functions such as processing, categorizing, normalizing, converting alarms and correlations and receiving reports on SIEM with very powerful search and filter operators. The product also supports making and running trend reports. It offers very powerful features for SIEM. It has features that provide great flexibility on logs. My favorite feature is the trend report. With this feature, real-time logs over the logs of the report to match the results of the report with a different database to get instant reports to access the report provide quick access.

Cons:

Ticket management feature is one of the least favorite features. It does not have an interface that can be easily adapted and applied according to your environment. If you want to use this feature, you need professional support and software support.

OpenText Response

5 years ago

Thank you for the 4-star review, it is very much appreciated. We did note your comments about your `least favorite feature? and this certainly helps us build a better product. ArcSight has Case Management; that is different from Ticket Management. Ticket Management is more of a support function / ITSM issue; and while ArcSight does have connectors for ServiceNow, we know it's been problematic for some customers. As you point out, we typically recommend that Professional Services be engaged as each implementation has its idiosyncrasies. That said, improving this area is a KPI for us and we will be looking at options as we move to advance the ?Open? portion of our strategy in late 2019. We'd be happy to hear your thoughts / recommendations in more depth.

Verified Reviewer
Verified LinkedIn User
Financial Services, 1,001–5,000 Employees
Used the Software for: 2+ years
Reviewer Source

Arcsight - Good but complex SIEM solution

3.0 4 years ago

Comments: Arcsight ESM is a powerful but complex tool that needs deep knowledge of the product.

Pros:

We are using Arcsight ESM and Logger for event logging and correlation. Events correlation is done at the ESM level and provides better visibility on organizations' security posture. Dashboards and reports can be generated on ESM and further, it facilitates case management so we can open a case on the tool itself. Arcsight was one of the most demanding tools at the time we implemented the tool. ESM's log supporting surface is very high and almost all the types of logs are supported which is one of the best features of the tool. Further logs can be routed through the smart connectors and through these connectors EPS count can be managed which is a good option when it comes to licensing. I like the option of Flex connectors which can be used for integrating non supporting devices or logs.

Cons:

Arcsight Smart connector setup needs deep knowledge of the tool and configuration is a bit hectic task. Flex connector configuration and correlation configuration is another complex task that cannot be done without product knowledge. Further case management tools need more features with a simple view. First level support should have a technically savvy team. Most of the time the first level support team provides generic solutions and references to knowledge-based articles rather than studying the case.

Sebnem
Senior Information Security Specialist in US
Financial Services, 10,000+ Employees
Used the Software for: 2+ years
Reviewer Source

Alternatives Considered:

Micro Focus ArcSight SIEM

5.0 5 years ago

Comments: We have a lot of security products and applications. We gather all logs from these products and we can easily manage our logs according to rules. Reporting module and dashboard are the best feature of this product.

Pros:

We have been using Arcsight SIEM tool in Information Security department in our organization since 2013. We can integrated this product with all other security management products such as Firewall, IPS, Antivirus, Web Filtering etc. also in house softwares easily. We can gather all logs from these products and create rules and manage logs according to rules. Dashboard and alarm mechanism are done well.

Cons:

Sometimes we have some problems with search mechanism, it needs some improvements. Because of our big organization and large products which gather logs sometimes we have problems with troubleshooting issues that is little bit hard for us.

OpenText Response

5 years ago

My name is Michael Mychalczuk, and I am the Director Of Product Management for Micro Focus' Security Operations portfolio which includes ArcSight. I would like to personally take a moment, and thank you for the review you provided. We are thrilled that you were able to find the product feature rich, easy to use, and find value in the solution. We do agree that there is more we can do in making the product easier to use, and we are working to make that happen in the near future. In fact, any suggestions you might have to improve ArcSight, please do not hesitate to submit them to the Idea Exchange: https://community.microfocus.com/t5/ArcSight-Idea-Exchange/idb-p/ArcSightIdeas. Speaking for the entire ArcSight product team nothing makes us happier than finding someone who is very likely to recommend us to other.

Verified Reviewer
Verified LinkedIn User
Computer & Network Security, 2–10 Employees
Used the Software for: 2+ years
Reviewer Source

ArcSight Review

5.0 last year

Pros:

ArcSight is a SIEM tool. Which is used to collecting, analyzing and managing the logs from multiple log sources.

Cons:

Its all good but it has components which we have to install and use separately. It should be all in one like Splunk.

Shubham
SOC Analyst in India
Information Technology & Services, 10,000+ Employees
Used the Software for: 1+ year
Reviewer Source

Best On-prem SIEM tool

4.0 3 years ago

Pros:

The most impactful feature of the ArcSight is the rule co-relation engine and the capabilities that it has are almost exceptional and literally stand out when compared to its competitors.

Cons:

The least exciting feature of ArcSight is that it has some third party security devices that cannot be integrated with ArcSight leading it to be less effective sometimes.

Verified Reviewer
Verified LinkedIn User
Banking, 5,001–10,000 Employees
Used the Software for: 2+ years
Reviewer Source

World of Data

4.0 6 years ago

Comments: The ArcSight product is seen as one of the leaders and leaders in the Safety Information and Event Management category, according to Gartner's Magic Quadrant report. ArcSight's approach is to create a single point of communication for observation and control. Gathers all appropriate event data and puts it into a standard form. It collects at a central location for analysis. As a result, the company allows you to easily monitor and, if necessary, take measures. This increases your compliance with your legal requirements and business continuity.

Pros:

The most important feature of Arcsight is that it is the only point of communication for observation and control. collects all appropriate data and puts it into a standard form. these data are stored on a hard disk and are expected to be analyzed. With arcsight, it is monitored with the help of side applications and with the help of monitoring tool (see arcsight esm).

Cons:

The ESM platform is Java. This causes slowness and excessive welding in intensive processes.

Verified Reviewer
Verified LinkedIn User
Information Technology & Services, 10,000+ Employees
Used the Software for: 1+ year
Reviewer Source

Lack of Support

3.0 5 years ago

Pros:

The flexibility. I liked that even without good product support, the application was still flexible enough for our team to create work arounds.

Cons:

The lack of enterprise support. There are no out of the box connectors for new SSO products like Okta.

OpenText Response

5 years ago

Thank you for the review and I'm sorry to read that your experience with Micro Focus was not wholly what we strive to deliver. It is true that our connectors do not yet support some popular SSO products like Okta. I have reached out to the ArcSight Connectors Product Manager for information on the roadmap. We do support many others, such as RSA, IBM, Layer 7, etc. This does not solve the challenges you experienced with Customer Support. I would welcome the opportunity to remediate the situation. Could you be more specific? You should receive my contact details via Capterra. I look forward to having the opportunity to help improve your impression of Micro Focus. David Shephard Program Manager, Customer Engagement [email protected]

Luis
Solution Consultant in Mexico
Information Technology & Services, 5,001–10,000 Employees
Used the Software for: 1+ year
Reviewer Source

Excellent Enterprise Grade Security Log Analyzer

5.0 5 years ago

Comments: Very powerfull Security Log Analyzer and visualizer, simply enterprise grade

Pros:

Processing power is amazing, it can analyze hundreds of gigs per minute very easily and efficiently with not a lot of resource consumption.

Cons:

It's not so easy to set up and every connector requires a different setup so it takes some time to manage.

OpenText Response

5 years ago

Luis, My name is Michael Mychalczuk, and I am the Dir. Of Product Management for Micro Focus' Security Operations portfolio which includes ArcSight. I would like to personally take a moment, and thank you for the review you provided. We are thrilled that you were able to find the product feature rich, easy to use, and find value in the solution. We do agree that there is more we can do in making the product easier to use, and we are working to make that happen in the near future. Speaking for the entire ArcSight product team nothing makes us happier than finding someone who is very likely to recommend us to other. I would also like to direct you to our Ideas Exchange: https://community.microfocus.com/t5/ArcSight-Idea-Exchange/idb-p/ArcSightIdeas?utm_campaign=00164298 to share your ideas with us. Respectfully Michael Mychalczuk

Joe
Joe
Cyber Incident Response Manager in UK
Verified LinkedIn User
Information Technology & Services, 51–200 Employees
Used the Software for: 6-12 months
Reviewer Source

Outdated UI - Powerful backend

3.0 4 years ago

Comments: Poor. 'meat' of the product is good but the UI is difficult to use. Due to this, my company moved to Logrhythm, A company leveraging ex Arcsight employees to improve on the faults of Arcsight whilst retaining the benefits

Pros:

The 'meat' of this product is very powerful allowing for complex searches of ingested log data.

Cons:

The UI of this product is very outdated, relying on 90's looking themes.

Javier
CSO in Spain
Computer Software, 11–50 Employees
Used the Software for: 2+ years
Reviewer Source

First layer for enterprise SIEM

4.0 6 years ago

Comments: The current configuration of the platform allows the intake of millions of events and its ability to integrate third-party applications and addons facilitates the availability of a functional SIEM in a reasonable time. However, deepening and getting to have very customized configurations implies...

Pros:

Ease to perform the intake of virtually any data source.

Cons:

The learning curve is very complex and requires specialized personnel

Nagesh
Manager in India
Computer & Network Security, 10,000+ Employees
Used the Software for: 2+ years
Reviewer Source

Good tool for Network Security Monitoring

4.0 6 years ago

Pros:

Flexibility and scalability Third party integrations

Cons:

Reporting and searching becomes difficult when data pipe is huge above 10k EPS