Micro Focus
ArcSight
Overview
Micro Focus ArcSight is a full-featured SIEM offering, with ERP integration the only noteworthy missing feature. Lack of a SaaS offering limits the product to large enterprises and service providers, but its scalability and data ingestion capabilities make it a good one for distributed environments. Log management and reporting and real-time monitoring are particular strengths.
Features
Data Mapping, Data Catalog
Ingest terabytes of data from any source. You can simplify SIEM log management for all your data via SmartConnectors, which collect, normalize, aggregate, and enrich data from 480+ source types. Source types include syslog, clickstreams, stream network traffic, security devices, web servers, custom applications, social media, and cloud services.
DSAR Automation
ArcSight Recon’s columnar database responds to queries faster than traditional databases, enabling you to quickly and efficiently investigate within millions of events. It facilitates threat hunting in massive datasets, enabling security analytics at scale.
Policy Enforcement
ArcSight Recon eases your compliance burden by offering content to facilitate regulatory requirements. Its built-in reports decrease the time required to document for compliance.