Elastic Stack ArcSight Integration

Enhance your ArcSight deployment with the Elastic Stack (sometimes called the ELK Stack). Let the speed, scale, and relevance of Elasticsearch elevate your security analytics and SIEM to a new level.

See a demo of the Elastic Stack and ArcSight integration.   Watch Now

Increase Security Visibility in One Command

Streamline getting value from your ArcSight security events in real time with the Elastic Stack. The integration handles up-front configurations for processing data in Logstash, ingesting into Elasticsearch with a pre-defined index pattern, and visualizing in Kibana with pre-built dashboards you can then tailor to meet your needs.


Easily Hook into Your ArcSight Data

Driven by the Logstash ArcSight module, the integration automatically configures Logstash to accept, enrich, and index CEF-formatted security events from ArcSight into the Elastic Stack for real-time analysis. Instantly stream data from ArcSight Smart Connectors or hook into the ArcSight Data Platform (ADP), it's just as easy.

Smart Connectors

Follow Hunches at Speed and Scale

Accelerate the time-to-insight experience and ad hoc data exploration for security analysts and operators, helping them quickly get to the bottom of questions like:

Which of my devices are generating the most security events right now?

What are the top sources, destinations, and protocols with elevated failures?

Which of my devices or endpoints are the busiest and what services were rendered?

See What One Command Can Offer

Grab a fresh installation of the Elastic Stack and start exploring your ArcSight security events in a few easy-to-follow steps.