Understanding the Base Platform

The base platform for ArcSight SIEM as a Service includes the following features:

• Advanced Authentication Service

• ArcSight Unified Storage

• Fusion

• Reports and Dashboards

• Search

• SOAR

For more information about using reports and dashboards, Search, SOAR, or other common features, see the Help in the product or the User Guide for Fusion on the documentation site for ArcSight.

Advanced Authentication Service

The Advanced Authentication component comes from the NetIQ suite of access products and services. Advanced Authentication delivers a full complement of security capabilities such as password enforcement and multi-factor authentication, including biometrics and SAML capabilities for federated integrations.

To have users access the service, you create user accounts in ArcSight. In the OpenText SIEM as a Service (SaaS) environment, all services use a limited version of Advanced Authentication Service to authenticate the users that log in to all of the services. When the ArcSight users log in, Advanced Authentication Service authenticates the users with their credentials.

ArcSight Unified Storage

A central part of the ArcSight SIEM is its integrated unified data storage. This datastore is used with each of the potential plug-in technologies. The data storage is a columnar datastore by design and delivers high-speed query response and long-term archival storage.

Fusion

Fusion manages the core services for ArcSight such as user, role, and group management; Search; SOAR; and the Reports Portal.

Reports and Dashboards

The Reports Portal provides built-in reports and dashboards, such as OWASP content, across the ArcSight technologies with one implementation. Use the portal to create charts and dashboards to visualize filtered data with tables, charts, and gauges. ArcSight reports and dashboards support all of the potential plug-in technologies within its modular architecture.

Search

The Search feature helps you investigate security issues by viewing search results and identifying outlier events.

SOAR (Respond)

ArcSight SOAR is a Security Orchestration, Automation, and Response (SOAR) tool that combines orchestration of both technology and people, automation, and incident management into a seamless experience. SOAR helps your security teams improve their efficiency in responding to cyberattacks in security operations. You can use SOAR to perform the following tasks:

• Ingest security events from multiple resources

• Case Creation and Management

• Triage, investigate cases, and track incidents in a unified user interface

• Automate your responses to incidents with playbooks automation

SOAR has over 100 integration points that allow for many different types of enrichment capabilities such as threat intelligence platforms, ticketing systems, and endpoint security tools.