Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Extend the life of your security data with HP ArcSight ESM and Hadoop

‎05-28-2013 11:41 AM - edited ‎09-16-2015 02:00 PM

Data is the lifeblood of any security system. Data about attacks and our attackers, data about ourselves, all necessary to get a clearer picture of the risk surrounding our business and the effectiveness of our security programs. We use security data in a variety of ways: 


  • We log it so that it can be audited for compliance purposes
  • We use it to alert us of threats and malicious events
  • We comb through it in the case of a breach


By utilizing a Hadoop instance with your HP ArcSight implementation you can extend the life of the security data and make it work harder for you.


“The integration between ArcSight and Hadoop allows you to ask questions over the entire data set and get answers quickly,” says Morris Hicks, Senior Director of Solution Engineering for HP Enterprise Security Products. “Processing security data from ArcSight via Hadoop allows you to perform advanced security analytics.”


HP ArcSight technology gives you the ability to pull-in security data from disparate systems including:


  • Intrusion detection/prevention systems (IDS/IPS)
  • Firewalls (FW)
  • Vulnerability scan data Netflows
  • A host of other systems 


Within the ArcSight console, you can correlate the events and have rules that fire when certain threats emerge. It also allows for historical views and pattern discovery.  This is truly amazing technology for dealing with real-time events and trending reports.


With the new HP ArcSight + Hadoop integration you can extract base events, correlated events and triggered-rule information from ArcSight ESM and feed them into Hadoop HDFS.  This gives you the ability to  query vast data sets quickly.  Queries can include “Show me everything this IP address has done in my network over all data in the data store” or “Show me all activity of user XYZ including file downloads and external file uploads or emails”.


The data transfer from ArcSight ESM to the Hadoop cluster file system is a serious way to leverage security information over huge data stores.


How would you leverage ArcSight and Hadoop with your security data?

0 Kudos
About the Author


Nilanjan Ghosh
on ‎06-03-2013 03:55 AM

I want to learn more on the IAST offering of HP, it's Data sheets, it's differences with the existing SAST and DAST tools and about it's unique features.

Any help?

on ‎06-11-2013 01:13 PM

@Nilanjan Gosh: Our IAST offering is a Runtime agent running with WebInspect.  Feel free to send me an email and I can put you in touch with the product experts.

Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all