Integration: Arcsight

Take your ArcSight SIEM to the next level with full fidelity security event data from ExtraHop

Unleash the Full Potential of Your ArcSight SIEM with ExtraHop

Achieve enhanced threat detection, recovery, and compliance by supplementing your ArcSight Security Information and Event Management (SIEM) sources with wire data analytics from ExtraHop

Garland and ExtraHop Visibility

Take your ArcSight SIEM to the next level

The ArcSight Data Platform (ADP) provides a flexible, reliable, open-standards-based pipeline for streaming critical security event data from across an enterprise to the ArcSight Enterprise Security Manager (ESM) SIEM. However, there's still the challenge of how to efficiently supply high-fidelity security event data to the ADP pipeline in real time from thousands of disparate systems, services, and endpoints with inconsistent - and often inadequate or nonexistent - data capture mechanisms.

ExtraHop's wire data analytics platform provides a fast path to overcome this challenge. Within minutes of plugging an ExtraHop appliance into your enterprise network, ExtraHop can start forwarding full-fidelity security events from anything with an IP address communicating in your environment to ArcSight, at line speed, without logs or agents. By quickly eliminating visibility gaps across your enterprise, an ExtraHop-enabled ArcSight SIEM enables the SECOPS team to proactively spot threats, recover from attacks faster, and achieve compliance like never before.

Use Cases

Compliance Reporting


Use ExtraHop to supply ArcSight with critical information not available from log sources, such as rate and volume of application traffic and performance baselines and fluctuations.

Workflow Automation


Combine streaming wire data from ExtraHop with ArcSight's workflow-automation capabilities to create granular, predictable trigger conditions that support a wider variety of use cases.

Intelligent Alerting


Reduce alert fatigue by using wire data from ExtraHop to create precise triggers with fewer false positives and redundant alerts.

Automatic Discovery


Reduce risk by automatically discovering every device on your network in real time with ExtraHop, including IoT and BYOD. ArcSight receives the data and knows immediately about potentially risky nodes.

Agent Minimization


Minimize the need for complex agent installation, configuration, and ongoing maintenance – by using ExtraHop to supply ArcSight with security event data instead of agents where applicable.

How it Works

The ExtraHop appliance requires no agents and integrates with ADP out of the box via ExtraHop's Open Data Stream interface. Built for speed and scale, ExtraHop passively analyzes every packet that flows across your enterprise at a sustained 40 Gbps, decrypting, reassembling, filtering, and extracting actionable insights before streaming that information to ArcSight. Extensive support for the most commonly used enterprise applications and protocols gives you maximum visibility and control over which data you send to ArcSight.

How Arcsight Works

 

Why Wire Data

Wire data provides an unbiased, complete, immutable, and detailed record of all communication in your environment in a way that log data cannot. Applications without logging enabled can still be monitored, and even where logging is configured, ExtraHop captures critical details not included in the logs. By supplementing your existing data sources with wire data, your SIEM can get complete visibility into everything communicating in your enterprise, enabling it to detect more threats and empowering your incident responders to discover root cause faster.

See The Power

Ready to See for Yourself?

Push to Start