HPE ArcSight Express

HPE ArcSight Express correlates seemingly unrelated events and NetFlow data from network devices using the most advanced real-time correlation techniques. By correlating disparate events and NetFlow data, it can detect even the most subtle attacks. As a result, organizations can cut through millions of activities to focus on the most critical incidents affecting the organization. This provides better security and faster response with fewer resources. HPE ArcSight Express also includes the first log management solution to fully integrate field-based and raw text search across structured and unstructured log data.

The volume and sophistication of malicious software that results in data theft has drastically increased. Consequently, event management and correlation solutions need to be able to process much greater amounts of data to detect threats to corporate servers, networks, applications and users. HPE ArcSight Express is the first Security Information and Event Management (SIEM) product to use the unique Correlation Optimized Retention and Retrieval Engine (CORR-Engine) as the underlying architecture to allow organizations to scale to meet the threats they face. This new architecture results in true universal visibility across enterprises and their Big Data requirements.


Using ArcSight Express administrators and analysts are able to:

  • Detect more incidents
    The new architecture will allow event correlation rates of up to 5x the current performance using the same hardware.
  • Address more data
    The new architecture will enable storage capacity of up to 10x the current capacity for correlated events using the same disk space.
  • Operate more efficiently
    The use of a common data store allows both the real-time correlation application and the log management application to use the same set of data, providing a seamless workflow that includes detection, alerting, forensic analysis and reporting.

Appliance Specifications

Model AE7405 AE7410 AE7425 AE7450 AE7465 AE7480
Max Devices 750 750 750 750 1500 1500
Peak EPS/Flows 500/50K Flows 1000/50K Flows 2500/50K Flows 5000/50K Flows 10000/50K Flows 15000/50K Flows
Max Assets 5,000 5,000 10,000 10,000 25,000 25,000
System OS Red Hat Linux 5 64-Bit
Web Users Unlimited
CPU 2 x Intel Xeon E5620 Quad Core 2.4 GHz
Interfaces 4 x 10/100/1000
RAM 36GB
Storage 6 x 600GB — SAS disks in RAID-10
Chassis 2U
Power 2x 750W CS Platinum 100-240 VAC
Dimensions 27.3″x 17.6″x 3.4″