OpenText ArcSight Enterprise Security Manager (ESM)
Security information and event management (SIEM) software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if OpenText ArcSight Enterprise Security Manager (ESM) and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Banking and insurance
- Energy and utilities
- Healthcare and life sciences
What is OpenText ArcSight Enterprise Security Manager (ESM)
OpenText ArcSight Enterprise Security Manager (ESM) is an on-premises SIEM platform that centralizes security event collection, correlation, and alerting to support threat detection and incident investigation. It is used by security operations teams that need to monitor large, heterogeneous environments and meet audit and compliance reporting requirements. ESM emphasizes rule-based correlation, a mature content ecosystem (connectors, parsers, and use-case packages), and deployment patterns suited to organizations that prefer or require self-managed infrastructure.
Mature correlation and rules
ESM provides a long-established correlation engine with configurable rules, thresholds, and multi-stage logic for alerting. This supports SOC workflows that rely on deterministic detection and well-defined escalation criteria. It also enables tuning to reduce noise when log volumes and event diversity are high.
Broad log source integration
ArcSight SmartConnectors support collection and normalization from many security and infrastructure data sources. This helps organizations consolidate events across network, endpoint, identity, and application layers into a common schema. The connector-based approach can reduce custom parsing work compared with building and maintaining bespoke ingestion pipelines.
Strong compliance reporting support
ESM includes reporting and dashboarding capabilities commonly used for audit evidence and compliance monitoring. Organizations can map detections and log retention practices to internal controls and external frameworks. The platform’s on-premises deployment model can align with data residency and retention policies where cloud logging is restricted.
Operationally heavy to run
ESM typically requires dedicated infrastructure planning, storage sizing, and ongoing administration to maintain performance and retention. Upgrades, connector management, and content tuning can be resource-intensive for smaller teams. Organizations without SIEM engineering capacity may find total operational effort higher than more managed alternatives.
User experience can feel dated
Some workflows (search, investigation pivots, and content management) can be less streamlined than newer analytics-first platforms. Analysts may need more training to become efficient with the interface and data model. This can slow time-to-value when onboarding new SOC staff.
Scaling and cost complexity
Scaling ingestion and retention often involves additional components and careful architecture decisions, which can increase implementation complexity. Licensing and capacity planning can be difficult when event volumes fluctuate or when new telemetry sources are added. This can make budgeting and long-term expansion planning less predictable.
Plan & Pricing
| Plan | Price | Key features & notes |
|---|---|---|
| Commercial / Enterprise (purchase via sales) | Not disclosed on OpenText official product pages — contact sales | OpenText product page directs buyers to "Contact us" for ESM; OpenText describes "flexible licensing" and appliance/implementation options but does not publish list prices or public tiers for ArcSight ESM. No public per-user/month or per-EPS prices listed on vendor site. |
Seller details
OpenText Corporation
Waterloo, Ontario, Canada
1991
Public
https://www.opentext.com/
https://x.com/OpenText
https://www.linkedin.com/company/opentext/
