Understanding ArcSight Platform Features

The following are some of the features of the ArcSight Platform that you can take advantage of to understand how secure your organization is and take appropriate actions in ensuring its security.

• The Platform provides several ways to get a holistic view of the security health of your environment. You can analyze potential threats; monitor the rate of data ingestion to the ArcSight Database; explore risky elements and their behaviors within your organization; understand the overall risk in your organization, and more:

  • The Dashboard Deck provides quick access to a set of dashboards that focus on commonly known vulnerabilities that might threaten your environment. Most of the dashboards allow you to drill down to event details or other dashboards. These dashboards are part of the built-in Foundation content, which is available in the Reports Portal. The Dashboard Deck is available only when Multi-tenancy is enabled.

  • Optics help you gain insight into specific aspects of your environment by visualizing correlated events from ArcSight ESM, which you can filter and drill into. For example, a CISO might want a quick overview of alerts worldwide or review key security metrics based on alerts. A security analyst can quickly identify potential threats and take the necessary actions to mitigate risks.

    Depending on the your permissions, you can view tenant-specific data or a rolled-up view of data across multiple tenants. Optics are available only when Multi-tenancy is enabled.

  • In the Reports Portal, you can access built-in reports and dashboards for known threats, such as account hijacking and security misconfiguration. Administrators can add content from compliance packs covering standards such as PCI DSS and GDPR. You can also create your own dashboards and reports to visualize and report event data.

  • ArcSight Dashboard enables you to visualize, identify, and analyze potential threats by incorporating intelligence from the multiple layers of security sources that might be deployed in your security environment. The ArcSight Dashboard is available only when Multi-tenancy is disabled.

• The Search feature enables you to look for and investigate events that meet specified criteria so you can detect anomalies that point to security threats.

• The Event Integrity Check feature allows you to determine whether the events stored in the ArcSight Database are not tampered with and hence reliable when you are investigating incidents or hunting for threats based on those events.

• The Outlier Analytics feature helps you define and build models that aid in identifying anomalous behaviors in your organization.

• The Respond feature serves as a Security Orchestration Automation and Response (SOAR) platform that delivers an automated case response solution for repetitive security events and imparts a seamless security management experience by performing faster threat detection and remediation.

The Platform's Single Sign-On (SSO) function ensures that users can navigate among the features in the Platform or launch applications from the Platform without having to log in for each product solution.