HPE ArcSight Express correlates seemingly unrelated events and NetFlow data from network devices using the most advanced real-time correlation techniques. By correlating disparate events and NetFlow data, it can detect even the most subtle attacks. As a result, organizations can cut through millions of activities to focus on the most critical incidents affecting the organization. This provides better security and faster response with fewer resources. HPE ArcSight Express also includes the first log management solution to fully integrate field-based and raw text search across structured and unstructured log data.
The volume and sophistication of malicious software that results in data theft has drastically increased. Consequently, event management and correlation solutions need to be able to process much greater amounts of data to detect threats to corporate servers, networks, applications and users. HPE ArcSight Express is the first Security Information and Event Management (SIEM) product to use the unique Correlation Optimized Retention and Retrieval Engine (CORR-Engine) as the underlying architecture to allow organizations to scale to meet the threats they face. This new architecture results in true universal visibility across enterprises and their Big Data requirements.
|Peak EPS/Flows||500/50K Flows||1000/50K Flows||2500/50K Flows||5000/50K Flows||10000/50K Flows||15000/50K Flows|
|System OS||Red Hat Linux 5 64-Bit|
|CPU||2 x Intel Xeon E5620 Quad Core 2.4 GHz|
|Interfaces||4 x 10/100/1000|
|Storage||6 x 600GB — SAS disks in RAID-10|
|Power||2x 750W CS Platinum 100-240 VAC|
|Dimensions||27.3″x 17.6″x 3.4″|