Unified platform for monitoring of all enterprise

HPE ArcSight ESM is the brain of the HPE ArcSight SIEM platform. It analyzes and correlates every event that occurs across the organization – every login, logoff, file access, database query, etc. – to deliver accurate prioritization of security risks and compliance violations. The powerful correlation engine of HPE ArcSight ESM sifts through millions of log records to find the critical incidents that matter. These incidents are then presented through real-time dashboards, notifications or reports to the security administrator.

With deep understanding of users and roles, network activities and flows, HPE ArcSight ESM is uniquely able to understand who is on the network, what data they are seeing, which actions they are taking with that data, and how that affects business risk. Unlike competing products, HPE ArcSight ESM can model not only IP addresses/network zones, systems and devices, but also users, employees, customers and partners for powerful analysis. HPE ArcSight ESM can then apply modern techniques including pattern recognition and behavioral analysis to detect the sophisticated threats that are hurting organizations every day. Once threats and risks are identified, HPE ArcSight ESM uses its built-in workflow engine to manage incidents and prevent damage.

A flexible platform for building monitoring system

ArcSight ESM is a powerful and flexible threat and risk monitoring platform that
can used to build the sophisticated security management applications necessary to block today’s complex threats. The platform features include:

  • ArcSight FlexConnector
Development Kit
    Capture any data from any device, system or application using a simple “drag and drop” connector development framework.
  • Web Services API
    Interface with other IT management frame- works to collect data or deliver intelligent information to analysts, auditors and managers
  • Log Management Framework
    Manage and store every event occurring in your environment securely and efficiently.
  • Global Variables
    Author variables from a central location and use them amongst different resources, simplifying the application authoring process
  • Business-Specific Customization
    Extend the ArcSight ESM platform with industry-specific data types to enable monitoring of very targeted business objects
  • Pattern Detection Engine
    Perform heuristic analysis on historic event data with ArcSight Threat Detector to discover subtle patterns, low-and-slow attacks and advanced persistent threats.
  • Directory Integration
    Synchronize user, role and entitlement information from corporate directories to find unauthorized user activity, shared account usage and role policy violations.

Appliance Specifications

Max EPS (Sustained) 5000 EPS/3000 EPS
OS Oracle Linux
CPU 2 x Intel Xeon 5504 Quad core
RAM 24 Gb
Interfaces 4 x 10/100/1000
Storage 6 x 600GB — Serial Attached SCSI (SAS) disks in RAID 10
Chassis 2U Rack-mountable appliance 2 x 750W CS Platinum 100-240VAC
Power 2 x 750W CS Platinum 100-240VAC
Thermal 3000 BTU/hr
Weight 78 lbs (36 kg)
Dimensions (DxWxH) 27.3″ x 17.6″ x 3.4″
Minimum System Requirements HPE ArcSight ESM Manager Software
Supported OS Red Hat Linux, MS Windows Server 2003 32- or 64-bit,
IBM AIX 5L 5.3 64 bit, Solaris 9/10 32- or 64-bit
Hardware Requirements Linux or Windows – x86 Multi-Core CPU at least 1.0 GHz, 2-4 GB RAM and 2GB disk space.
IBM AIX – PPC Multi-CPU with 16 GB RAM and 2 GB disk space.
Sun Solaris – Sparc Multi-CPU system with 2-4 GB RAM and 2 GB disk space.