Elastic Stack ArcSight Integration

Enhance your ArcSight deployment with the Elastic Stack (sometimes called the ELK Stack). Let the speed, scale, and analytical power of Elasticsearch advance your ArcSight deployment.

New

View your CEF data in new dashboards added to the Filebeat CEF module in version 7.6.

Increase your security visibility

Analyze your ArcSight security events in near real time with the Elastic Stack. Monitor your environment with custom visualizations and rapid search capabilities. Surface potential threats with anomaly detection and correlation.

Easily hook into your ArcSight data

The Elastic Stack is certified by ArcSight to support CEF-formatted data, whether generated by ArcSight or external sources. Stream events via ArcSight Smart Connectors or hook into the ArcSight Data Platform (ADP). Parsing and enrichment by Logstash simplify the indexing of data into Elasticsearch. Pre-built dashboards can be tailored to meet your specific needs.

Follow hunches at speed and scale

Security analysts and threat hunters accomplish more when armed to quickly test and iterate on new hypotheses. Accelerate ad hoc data exploration to more quickly answer questions like:

Which of my devices are generating the most security events right now?
What are the top sources, destinations, and protocols with elevated failures?

Which of my devices or endpoints are busiest and what services are they rendering?

See what one command can do

Grab a fresh installation of the Elastic Stack and start exploring your ArcSight security events in a few easy-to-follow steps.