Elastic Stack ArcSight Integration
Augment and enhance your ArcSight deployment with the Elastic Stack (sometimes called the ELK Stack). Take the best of tried-and-true SIEM tradition and combine it with the speed and flexibility of Elastic.
Increase Security Visibility in One Command
Streamline getting value from your ArcSight security events in real time with the Elastic Stack. The integration handles up-front configurations for processing data in Logstash, ingesting into Elasticsearch with a pre-defined index pattern, and visualizing in Kibana with pre-built dashboards you can then tailor to meet your needs.
Easily Tap into Your ArcSight Data
Driven by the Logstash ArcSight module, the integration automatically configures Logstash to accept, enrich, and index CEF-formatted security events from ArcSight into the Elastic Stack for real-time analysis. Instantly stream data from ArcSight Smart Connectors or hook into the ArcSight Data Platform (ADP), it's just as easy.
Follow Hunches at Speed and Scale
Accelerate the time-to-insight experience and ad hoc data exploration for security analysts and operators, helping them quickly get to the bottom of questions like:
Which of my devices are generating the most security events right now?
What are the top sources, destinations, and protocols with elevated failures?
Which of my devices or endpoints are the busiest and what services were rendered?
See What One Command Can Offer
Grab a fresh installation of the Elastic Stack and start exploring your ArcSight security events in a few easy-to-follow steps.