Introducing ArcSight Platform

ArcSight Platform (the Platform) enables you to deploy a combination of security, user, and entity solutions into a single cluster within the OPTIC Management Toolkit (OMT) environment. With OMT, you can add and remove product capabilities, as well as manage the workload across the installed nodes.

The Platform enables you to visualize, identify, and analyze potential threats by incorporating intelligence from the multiple layers of security sources that might be installed in your security environment.

These product capabilities might include the following:

Real-time event monitoring and correlation with data from ArcSight Enterprise Security Manager (ESM)
Analyzing end-user behavior with ArcSight Intelligence
Performing deep-dive investigations with ArcSight Recon
Responding to and mitigating cyber attacks with ArcSight SOAR
Coordinating and managing data streams with Transformation Hub

The Platform's Single Sign-On (SSO) function ensures that users can navigate among the features in the Platform or launch applications from the Platform without having to log in for each product solution.

Understanding the Platform Architecture

The Platform includes three primary elements:

The underlying OMT infrastructure
The capabilities you deploy into the infrastructure
The functions and applications that support the deployed capabilities

Click components with colored outlines to learn more about each.

The following sections describe these three elements of the Platform architecture.

Although you can also deploy NetIQ Identity Intelligence in this OMT-based environment, this Administrator's Guide does not provide instructions for deploying or managing that capability. For more information, see the Administrator's Guide to NetIQ Identity Intelligence.