OpenText Security Log Analytics (ArcSight)
Log analysis software
DevSecOps software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenText Security Log Analytics (ArcSight) and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Banking and insurance
- Public sector and nonprofit organizations
- Energy and utilities
What is OpenText Security Log Analytics (ArcSight)
OpenText Security Log Analytics (ArcSight) is a security-focused log management and analytics product used to collect, normalize, store, and analyze event data from infrastructure, applications, and security tools. It is typically used by security operations teams for threat detection, investigations, and compliance reporting. The product emphasizes security event normalization and correlation workflows and is commonly deployed in environments that require centralized log retention and controlled access.
Security-focused log normalization
It supports parsing and normalization of security-relevant events from a wide range of sources, which helps analysts search and correlate data consistently. This is useful in heterogeneous environments where logs come from many vendors and formats. Normalized fields also support repeatable detection and reporting workflows.
Correlation and investigation workflows
The platform is designed around security analytics use cases such as event correlation, triage, and investigation. It supports building and tuning rules and using structured event fields to pivot during incident response. These capabilities align more closely with SOC workflows than general-purpose observability tooling.
Compliance-oriented retention controls
It is commonly used for centralized log retention and auditability requirements, including controlled access to security logs. The product’s architecture and features are oriented toward maintaining evidentiary records and supporting compliance reporting. This can reduce reliance on ad hoc log storage approaches across teams.
Complex deployment and operations
Implementations often require careful planning for collectors, storage, normalization, and performance tuning. Ongoing operations can involve specialized skills for content tuning and data onboarding. This can increase time-to-value compared with more turnkey SaaS-first log analytics offerings.
Cost sensitivity at high volume
Security log analytics platforms can become expensive as event volume, retention periods, and high-availability requirements grow. Organizations may need to manage ingestion scope, filtering, and tiered retention to control total cost. This can constrain “log everything” approaches in large environments.
Less aligned to DevSecOps telemetry
While it can ingest application and infrastructure logs, it is primarily oriented to security operations rather than full-stack observability. Teams looking for unified metrics-traces-logs workflows and developer-centric debugging may need additional tooling. Integration into CI/CD and developer workflows may require extra engineering effort.
Seller details
OpenText Corporation
Waterloo, Ontario, Canada
1991
Public
https://www.opentext.com/
https://x.com/OpenText
https://www.linkedin.com/company/opentext/
