ArcSight Logger License
Table of Contents
ArcSight Logger License
ArcSight Logger Overview
ArcSight Logger delivers a cost-effective universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data.
ArcSight Logger delivers a cost-effective universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data. This unified machine data can be used for compliance, regulations, security, IT operations, and log analytics. ArcSight Logger helps you with:
- Comprehensive log collection and storage from over 350 sources
- Ultra-fast searching of logs in full-text
- Simplified forensic investigation
- Built-in content for regulatory and security compliance requirements
- Support IT operational analytics
- Store years? worth of data through a high compression ratio of up to 10:1
- Scale to support billions of events per day
- Extend log management to security information and event management (SIEM) solution
ArcSight Logger Highlights
With the rise of cyber-security threats, centralized machine data logs quickly became an important source of intelligence. Today, effective log management plays an important role in achieving insightful security analysis.
ArcSight Logger is a comprehensive log management solution that eases compliance burdens and enables faster forensic investigation for security professionals, by unifying and storing machine data logs from across their organizations, and by facilitating rapid search and reporting on that data.
ArcSight Logger plays an important role in ArcSight’s mission to deliver powerful layered analytics and establish foundational Security Operations. Logger enables organizations to collect data logs from over 480 sources, and store their logs in a clean, normalized format for years, thanks to its impressive, cost-effective compression ratio.
Not only can Logger ingest and store millions (even billions) of events per day, but it can help security professionals use that data to efficiently uncover anomalies and conduct rapid forensic investigations through simplified searching and customizable dashboards. Logger comes with built-in content, dashboards, and reports that facilitate non-stop security compliance.
Content packages are also available to facilitate compliance with PCI, SOX, HIPAA, and more. This will ease the burden of audits and reduce the time it takes you to show that you’re in compliance with relevant regulatory requirements. Overall, ArcSight Logger offers organizations a solution to facilitate simplified data collection, storage, compliance, and search.
ArcSight Logger Benefits
- Comprehensive Data Collection: ArcSight Logger collects machine data at ingest rates of terabytes of data per day from any source (including logs, clickstreams, sensors, stream network traffic, security devices, Web servers, custom applications, social media, and cloud services). It enables you to search, monitor, and analyze the data to gain valuable security intelligence across your entire organization.
- Flexible Deployment Architecture: ArcSight Logger can be configured as a cluster providing load-balanced collection, with search queries distributed across the platform. It can be installed on a Linux system , a VMware Virtual Machine (VM), as an appliance, and in the cloud (AWS and Azure). ArcSight Logger can leverage local drives or an existing SAN investment as the primary datastore. Regardless of whether the storage is onboard or off-board, data is efficiently compressed to reduce the storage and maintenance costs. It utilizes Common Event Format (CEF), an extensible, text-based, high-performance format so that data can be easily collected and aggregated for analysis by an enterprise management system, such as ArcSight ESM, ArcSight Investigate, Interset UEBA, Arcsight License or any third-party application that provides event orchestration, automation, correlation, prioritization, analysis of security events, or all of the above.
- Secure and Reliable Data Collection: ArcSight Logger Software can deliver encrypted, compressed logs, keeping data safe from interception, alteration, and deletion, for both data at rest and in motion. Secure Encryption on Logger appliances to encrypt your sensitive data at rest (while stored). It also supports TLS and SSL encryption protocols to secure data in motion. Security administration and user/group role definitions. Administrators can set access rights on reports and report categories based on user role and group permissions. They can also encrypt specific data columns and selectively grant decryption rights. Format Preserving Encryption (FPE),which keeps your data from being exposed without authorization. It protects your data at rest, in motion, and in use. Federal Information Processing Standard 140-2 (FIPS 140-2).
- Ultra-Fast Investigation and Forensics: When seconds mean the difference between a successful or thwarted attack, obtaining the right information at the right time is critical. ArcSight Logger enables ultra-fast investigation of indexed data via a simple search interface. Interesting search patterns can easily be converted into real-time alerts. Logger also speeds up your investigation with machine-learning data science content. Use pre-built content or develop your own data science algorithms using python scripts. ArcSight Logger provides ad hoc searching of billions of events in less than 10 seconds over years of data, which allows you to identify breaches and conduct detailed breach analysis.
- Non-Stop Compliance: ArcSight Logger comes with built-in content that can be used for cyber security, compliance, application security, and IT operations monitoring. Additional compliance content packages for PCI, ITGOV, HIPAA, NERC, and Sarbanes-Oxley (SOX) are available as add-on options and are mapped to well-known standards, including National Institute of Standards and Technology (NIST) 800–53, ISO-17799, and SANS.
- Easy to Deploy and Manage: ArcSight Logger can be configured, managed, and monitored through ArcSight’s Management Center, a centralized, a centralized management console, allowing you to connect to data easily and with just a few clicks. It can be configured, managed, and upgraded easily even in large deployments, allowing you to focus on your use cases and not the tool itself.