HPE ArcSight Logger Add-On - license - 5 GB per day

Mfg.Part: H7P31AAE | CDW Part: 3540426 | UNSPSC: 43233204
Availability: In Stock
$2,838.99 Advertised Price
Advertised Price
Lease Option ($85.79/month) Lease Price Information
Note: Leasing is available to businesses only. Leasing is not available to individuals.
Product Details
  • License
  • 5 GB per day
  • non-production
  • electronic
View Full Product Details
Better Together
HPE ArcSight Logger Add-On - license - 5 GB per day
Quick View
Total Price:

Product Overview

Main Features
  • License
  • 5 GB per day
  • non-production
  • electronic
HP ArcSight Logger delivers a cost-effective universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data. This unified machine data can be used for compliance, regulations, security, IT operations, and log analytics.

HPE ArcSight Logger Add-On - license - 5 GB per day is rated 4.0 out of 5 by 5.
Rated 4 out of 5 by from It has excellent query syntax and response. Valuable Features:It has excellent query syntax and response. Complex queries of large volumes of data generally take seconds if not minutes.Improvements to My Organization:ArcSight has improved incident response from days to minutes. It also offered ancillary non-security troubleshooting features, which were surprise benefits to teams such as network and operations.Room for Improvement:I'd like to see more pre-built smart connector supported applications, although the list today is voluminous.Use of Solution:We've been using it for two years.Deployment Issues:We had no issues with the deployment.Stability Issues:We have had no stability issues.Scalability Issues:The original Connector Appliance peaked its events-per-second limit much sooner than anticipated and required us to purchase another, and significantly larger, appliance. The issue was self-inflicted as we discovered more use cases when adding new logs and log types.Technical Support:Technical support is excellent. In fact, that was one of the best "features" of the implementation. I never had to wait to reach specialist help, and all engineers that I spoke with were highly technical and were pleasant.Previous Solutions:I previously used a significant RSA Envision installation that had extremely poor performance with complex queries. It was routine to wait an hour or more for a more complex query. HP ArcSight was introduced by a CISO with previous experience at a previous employer and the improvement was immediately obvious. It was a wise decision that I took with me to my next organization.Implementation Team:It can be difficult to set up connectors to ingest and normalize different log types initially.ROI:I would recommend HP professional services for starting up. I used that approach and was able to glean enough through knowledge transfer to hit the ground running from day one in production.Cost and Licensing Advice:Security makes it difficult to quantify ROI, but I can say that we were able to complete incident response in minutes where the same had taken hours or days.Other Solutions Considered:In terms of pricing, size appropriately, and realistically up front. That said, the product architecture is scalable as needs grow.Other Advice:ArcSight has a Google-like query syntax with boolean-style operands. That said, there is also a GUI to craft queries. I'd recommend learning the GUI as this is the same GUI used in HP's ESM product, the engine that can correlate disparate log events and turn incident response from reactive to proactive alerting. Getting a head start on learning that syntax would help ease into the highly-recommended ESM or ESM Express products.Disclaimer: My company has a business relationship with this vendor other than being a customer:At the time, I formed a strategic partnership with HP Enterprise Security and co-presented their products at a business vertical relevant technology conference, served as a customer reference and referenced HP ArcSight in a case study about my complementary HP (now TrendMicro) TippingPoint Intrusion Prevention System implementation.
Date published: 2016-03-31
Rated 4 out of 5 by from Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues. Valuable Features:* Log collecting* Big Data analytics* Security analyticsImprovements to My Organization:This product was used to help us get PCI compliant. Its automated functions made it easier so we could concentrate more on real issues instead of standard log collecting and alerting issues.Room for Improvement:With the connectors, there were some legacy devices that had some problems since support was dropped for those.Use of Solution:We've been using it for four years alongside ArcSight Express.Deployment Issues:We had no issues with the deployment.Stability Issues:The stability of the system was good except when we had a DDoS attack, when we lost some functions for a short time.Scalability Issues:Scalability is good if your need is high enough, but for smaller cases it isn't so good.Customer Service:Customer service was very helpful.Technical Support:Technical support is at a good level.Previous Solutions:We used an older version that was going to be replaced.Initial Setup:The initial setup was complex, but that was mainly because of customer security reasons.Implementation Team:We used a subcontractor for the first part of the installation, and finished it off in-house.Cost and Licensing Advice:We had some big licensing issues when there was a DDoS attack. The attack caused a huge amount of extra activity, so it would be nice to have an "emergency level" of licenses when there are these kinds of issues.I would recommend, from a security point of view, calculating licensing limits according to what incidents could happen and then get 5-10% more licences on top of that.Other Solutions Considered:We did an evaluation of major vendors and HP was fastest for us to get in and use.Other Advice:Overall, it is a good system for what we use it for, but some licensing parts are really annoying.As always, a pre-calculation and pre-planning will help a lot, and compare it to three to four other vendors. Changes on the system that is running are a bit harder to do., in our case this, of course, might be an issue of our customers strict security requirements.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2016-03-29
Rated 4 out of 5 by from It gives administrators the ability to turn off some of the options displayed in case they don't need to see those specific sections. Valuable Features:The functionalities of this particular server is absolutely phenomenal. The server has the ability to provide in-depth, real-time awareness of all actives on the network.The platform also gives the administrators the ability to turn off some of the options displayed in case they don't need to see those specific sections.The ability to query anything at any time using any specific field required, and the ability to automate the logger storage capabilities are great features.Improvements to My Organization:Before the logger was installed on our network, we were very limited as to what type of information we could get back from our previous logger because the old one didn't have as many functionalities.With ArcSight Logger, our ability to have a more in-depth look into the network traffic and the ability to save the reports for a set amount of time was a huge improvement.Room for Improvement:The only thing I did not particularly like about the product was its speed on the web interface. It took very long for it to populate and perform the queries.Use of Solution:I used this product as a network administrator for two years.Deployment Issues:The installation of the server and its agents on the network devices went extremely smoothly. The only issue we had was finding the correct agents to install on our older UNIX-based servers for which we had to contact HP to get information on how to go about acquiring the correct agents.Stability Issues:We have had no issues with the stability.Scalability Issues:We had no issues scaling it for our needs.Technical Support:We never actually had to call customer support because of the technical forums available to all ArcSight users who could share information and help troubleshoot in case anything was wrong or unclear about how to set up and use the system.Previous Solutions:We were using a different product for our monitoring and logging services. The reason why we chose to switch over was the in-depth analysis capabilities provided by HP ArcSight which were not previously available to us.Initial Setup:Initially, we had some trouble finding the right agents to install on our servers since we were using some proprietary software on the network, but after we got past that step, everything else was pretty straightforward.Implementation Team:We had one agent come out to our office to assist us with the implementation.Other Advice:Start using the available resources by registering your product immediately after deploying the unit and contributing to the ArcSight community.Also, once you decide to go with ArcSight, make sure you go with the complete solution recommended by HP based on the size of your network because that could potentially cause the ArcSight server to perform extremely slow.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2016-03-25
Rated 4 out of 5 by from The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs. Valuable Features:The most valuable features for us are the out-of-the-box device support capability and multi-tenancy maturity compared to other SIEM OEMs.Improvements to My Organization:For example, it has helped us and the organization with a maturity level in the SIEM market to reach greater heights and compete with other organizations. We have an edge in the market with this product.Room for Improvement:ArcSight Logger needs to improve in the area of threat analytics as security is vitally important to us. It also needs to provide some "upper-hand" features on some functionalities, as they're somewhat no so easy to use.Use of Solution:I've used it for four-and-a-half years myself, and it's been around 12 years of use by the organization.Deployment Issues:We had no issues with the deployment.Stability Issues:HP needs to work on the stability as it is mostly dependent on Java and there are console-related issues.Scalability Issues:We have had no issues scaling it for our needs.Technical Support:I would rate technical support as good but not the best when compared to a few years prior. The level of support seems to have decreased lately.Previous Solutions:Our first SIEM product is this. We chose it because it's a major player in the SIEM technology market and it's mature, even as it's in the earlier stages.Initial Setup:I would say the initial versions of ArcSight components were pretty complex. For example, consider ESM, for which we had to install the manager and database separately and there were major issues with it on the archiving, and also the database management was pretty tough. But over a period of time, they improved drastically when the CORR-E came into the market.Implementation Team:We have our own in-house SIEM administration and implementation team which handles all the activities for multiple customers.Cost and Licensing Advice:For licensing, I would say ArcSight beats all the vendors in the market in complexity.Other Advice:I would definitely say to go with this product as it's the best in the market, but before opting for this product your perform solution-sizing because otherwise you might end up digging your own grave in fixing it.Disclaimer: My company has a business relationship with this vendor other than being a customer:We're partners.
Date published: 2016-03-24
Rated 4 out of 5 by from We like the compression rates and scalability of the smart connectors. Valuable Features:* Scalability of the smart connectors* Ease of storing billions of events without special storage needs* Great compression ratesImprovements to My Organization:First of all, the collection of a mass of events is a challenge for enterprise companies. You need a great deal of storage and how you collect them is an issue. The smart connectors and great compression rates of ArcSight helped us a lot.The other thing is to be able to be competitive as you need to show that you need a logging system that complies to the laws in your country and company policy so that you can continue to do your business. With ArcSight, we easily pass the requirements of the external audits our clients require.Room for Improvement:I would say that the consolidation should be done only by using ArcSight. We need to use the ESM module to create complex rules and reports as we can only do limited reports with ArcSight.Use of Solution:We've used it for about two years.Deployment Issues:The main problem is how to collect logs from various resources.Stability Issues:The smart connectors are very stable.Scalability Issues:We've had no issues scaling it for our needs.Technical Support:Since we work with partners, I can't say too much. However, for every company on this planet there is always room for improvement in the level of support.Previous Solutions:This was the first solution we've used, and I believe it will be the last solution we need.Initial Setup:We used an appliance, so the setup was very easy. But I must say that even if you use an open server, it is not complex to deploy this product.Implementation Team:We worked with a partner for the implementation.ROI:It is really hard to measure ROI financially, but there are some important things to say. First of all, since it's easy to use, our operational time has decreased so that we as technical staff have much more time to spend on other issues. Since we collect all of the logs, we can investigate fraud and find their sources. We can also find the causes of system outages.Other Advice:It works fast and you can collect just about everything. The only drawback is that without ESM, you are limited. The most important thing is the scalability of the product and its ease of use. Companies like us need some specific connectors, and smart connectors give us a very scalable solution. Also, even though we have billions of events, it is really fast in finding the logs we need. That makes this solution amazing.Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2016-03-20
  • y_2018, m_12, d_17, h_15
  • bvseo_bulk, prod_bvrr, vn_bulk_2.0.9
  • cp_1, bvpage1
  • co_hasreviews, tv_0, tr_5
  • loc_en_US, sid_3540426, prod, sort_[SortEntry(order=SUBMISSION_TIME, direction=DESCENDING), SortEntry(order=FEATURED, direction=DESCENDING)]
  • clientName_cdw