Forensics on the fly with ArcSight Logger

ArcSight announced a new release of ArcSight that provides “forensics on the fly.” This capability, now available across the entire ArcSight SIEM platform, enables IT and forensics teams to quickly conduct informative top-down investigations. These teams can immediately drill down into source events from dashboards, reports, searches, and alerts both in real-time and in support of after-the-fact compliance audits.

ArcSight forensics-on-the-fly capabilities enable organizations to accelerate resolution time, increase staff efficiency, and reduce costs through intuitive, interactive dashboards. Drill-down capabilities and pre-built navigation paths eliminate the need to conduct separate drill-down investigations and significantly reduce the complexity and time associated with root-cause analysis.

  • Users are presented with interactive and personalized dashboards that combine relevant reports into a single role-based view.
  • From these aggregate dashboards, users can drill into and across reports and investigate potential violations.
  • Users can further analyze report results using an intuitive search interface to conduct quick-and-easy ad hoc investigations for root-cause analysis.
  • In turn, users can convert the search patterns into real-time alerts to ensure that subsequent matches lead to instant notification.
  • Finally, users can directly drill from any alert to underlying events that triggered the alert.



Share this