Arcsight recently presented their new version of the Logger. Some of the new features are:
- Distributed reports over multiple Logger
- User configurable dashboards
- Event summary (overview)
- Live event viewer
- LDAP and AD directory integration
- dedup and transaction search commands
- SNMP polling support
I’ve been waiting for some of these feature for a long time (except in the reporting area, previous versions were lacking some features that I would consider basic).
One bad point however: when I installed this new release, all my previously stored data disappeared (Update: it was the case on the software version, but the upgrade on appliance version worked without any problem).
It looks more like Splunk, it smells more like Splunk, but it still does not have Splunk taste !