ArcSight ESM + D3 Smart SOAR
Combine Powerful Correlation with Seamless Orchestration
Micro Focus’ ArcSight Enterprise Security Manager (ESM) is a NextGen SIEM built to help modern SOCs detect cyberattacks in real time with security software backed by powerful security analytics. Smart SOAR acts as a unified dashboard for analysis and investigation of ArcSight ESM events.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have studied ArcSight ESM’s APIs and capabilities to create a powerful integration with capabilities that include:
- Increasing the speed and quality of triage by enriching ArcSight ESM’s correlated events using Smart SOAR
- Achieving faster and more consistent response, with incident-specific playbooks for ArcSight ESM events
- Enhancing journaling and case management capabilities, for handling, tracking, and reporting on the full incident response lifecycle
- Automating SecOps and IR workflows with actions across hundreds of other security tools
Use CAse
Event Escalation and Enrichment
By combining ArcSight ESM for threat detection with Smart SOAR for incident enrichment and response, you can automatically escalate real threats to incident status in Smart SOAR and assess their criticality through data enrichment and MITRE ATT&CK matrix correlation. Smart SOAR can then trigger an incident-specific automated response playbook. When notable events trigger Smart SOAR’s automated workflows and full-lifecycle playbooks for incident response, analysts no longer have to manually coordinate dozens of triage and response tasks. Response occurs in seconds, not hours.
- Triage ArcSight events with Smart SOAR’s automated Event Pipeline
- Capture the full incident lifecycle, including timelines, evidence, and compliance obligation in a single, audit-friendly platform.
- Orchestrate response across hundreds of integrated tools.
Use Case
Improved Investigations through Contextual Link Analysis
Once an event has been escalated, Smart SOAR automatically correlates IOCs—such as source IP/domain, destination IP/domain, file hashes, etc.— and MITRE ATT&CK techniques against threat intelligence, and historical incident data, painting a complete picture of the threat. An intuitive link analysis dashboard provides analysts with the dexterity and visualizations needed for complex investigations. Adding Smart SOAR’s link analysis to ArcSight ESM events provides users with vastly improved triage, the ability to easily spot false positives, and better handling of complex incidents.
- Reduce SOC fatigue by eliminating context-switching, while improving response through integrated intelligence.
- Reveal how incidents fit into larger attacks.
- Maintain continuity across incidents handled by different team members.
Why Smart SOAR?
Joint users of Micro Focus ArcSight ESM and D3 Smart SOAR don’t just get real-time threat intelligence, response, and investigation management; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
ArcSight ESM Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
