Infrastructure Response

ArcSight Availability – Always an Issue

Keeping your Micro Focus ArcSight SIEM solution running and optimized is critical. ArcSight ESM is a complex and dynamic system which parses, stores, correlates and reports upon thousands of log records per second from a wide variety of network, security, database and application platforms. Sudden problems related to unexpected spikes in event volume, new or changed log source formats, network outages, server misconfigurations, storage constraints, software failures and log flow disruptions are unavoidable. These issues can affect rule correlation, reporting, and content, but also can result in violations of mandated company policies regarding log storage and retention. ArcSight Logger flow disruption is especially pernicious, and missing log records are often difficult to detect.

ArcSight SIEM Infrastructure Monitoring and Response

This service provides you with SEMplicity-developed infrastructure monitoring content and access to our on-call monitoring response team to diagnose and fix problems as they occur. SEMplicity has many years of experience supporting the largest Micro Focus ArcSight SIEM implementations, and we are very familiar with the diagnosis and remediation of every common issue encountered on SmartConnector, ArcSight Connector Appliance, ArcMC, ArcSight Logger and ArcSight ESM levels. SEMplicity will also install our proprietary ArcSight ESM content and this powerful tool provides alerts on actual as well as potential problems, including log flow disruption and unexpected event volume spikes. By engaging our infrastructure response services, you reduce your burden on in-house staff as well as leverage our extensive expertise to solve issues quickly  while keeping your ArcSight SIEM infrastructure up and running.

Service Benefits SLA Options
Infrastructure Content and Monitoring Alert upon a wide variety of common ArcSight infrastructure problems Included in all packages.
Coverage Hours of availability 8×5, 10×5, 8×7, 10×7, 24×7. All time zones supported.
Initial response Correspond with the problem reporter, gather relevant information 1, 2 or 4 hours from initial contact
Diagnosis Determine the problem, present remediation plan 4 or 8 hours from initial response
Remediate problem Fix the issue, present resolution plan, optionally restore service N/A
Problem report Full report of all monthly incidents, including diagnosis and remediation Included in all SLA levels

Requirements:

  • Credentials for all ArcSight components
  • Remote access
  • Four hours with current ArcSight SIEM resource to scope project, produce initial infrastructure report
  • Micro Focus customer SAID(s) so you can track Micro Focus support tickets to your site