Hello there! In this blog, I’m going to dive into one of the most popular SIEM solutions called HP ArcSight. I hope this blog can be helpful to those who are interested in Information Security Management and/or are looking forward to implementing their own for their organizations. Before we dive deeper, let’s get through some introductions and basics of ArcSight.
What is ArcSight?
HP ArcSight is a cyber-security company founded in 2000 that provides big data security analytics and intelligence software for security information and event management and log management solutions. It was later acquired by HP in 2010. ArcSight comes with three different offerings for its customers:
- HP ArcSight Enterprise Security Manager (ESM): Analyzes various threats within the database and correlates the vulnerabilities based on their risk level
- HP ArcSight Express: Analyzes threats within the database and correlates the vulnerabilities on a smaller scale than ESM
- HP ArcSight Logger: Streams real-time logs and categorizes them into specific log
For now, I’m just going to focus on ArcSight Logger as this one is a software based solution and also an entry point from the learning perspective.