ArcSight Consulting and Managed Services

ThetaPoint provides industry leading ArcSight Consulting and Managed Services. Organizations look to ThetaPoint to help them modernize their ArcSight investment to address today’s advanced cybersecurity use cases. Leveraging the ThetaPoint Security Reference Architecture, we help optimize the capabilities of ArcSight ESM and ArcSight Logger to meet the needs of today’s Security Operations Centers (SOCs).


ThetaPoint consultants have delivered more than 2,000 ArcSight engagements over the past two decades and are recognized for their technical acumen and thought leadership in SIEM and Log Management solutions. Possessing the only two Level V Certified ArcSight Master Architects on the planet, commercial and government institutions of all sizes turn to the experts at ThetaPoint for their ArcSight needs. Contact ThetaPoint to learn how you can realize maximum value from your investment in ArcSight today.

ArcSight Corporate Logo

ArcSight – A Legacy SIEM built for the Future

ArcSight Enterprise Security Manager (ESM) is a comprehensive real-time threat detection, analysis, workflow, and compliance management platform with increased data enrichment capabilities. ArcSight detects and directs analysts to cyber-security threats, in real time, helping security operations teams respond quickly to indicators of compromise. By automatically identifying and prioritizing threats, teams avoid the cost, complexity and extra work associated with being alerted of false positives. ESM allows SecOps organizations the ability to have a centralized, powerful view into their multiple environments creating workflow efficiency for streamlined processes. Through improved detection, real-time correlation, and workflow automation, SOC teams can resolve incidents quickly and accurately.

ArcSight ESM

In the 2020 Gartner Magic Quadrant it is noted that ArcSight rarely appears on shortlists for new SIEM deployments outside of certain geographic areas. We believe this is a missed opportunity for organizations who are evaluating their SIEM options.  From our experience, ArcSight remains one of the best Security Information and Event Management (SIEM) platforms on the market today. Adopted by some of the largest and most sophisticated institutions, it receives top marks for its SmartConnector data collection framework, event correlation and monitoring capabilities with ESM, and extensive integration capabilities into other Security Operations Center tools and platforms.

ArcSight ESM

Enterprise customers of the ArcSight platform have invested lots of money and time into their SIEM and still rely heavily on it for event capture and event monitoring due to its excellent correlation, alerting, analysis and reporting capabilities. Even so, organizations are increasingly augmenting their ArcSight platform with other technologies to help drive down the cost and effort associated with incident response and triage. ThetaPoint has helped organizations of all sizes and industries adapt to this changing landscape and leverage the right solution for the right problem at the right time. Organizations that partner with ThetaPoint are able to extract more value out of their ArcSight investment and prepare themselves better for the future demands of Security Operations. To learn more about our ArcSight Consulting and Managed Services, please continue below.

ArcSight ESM
ArcSight ESM
ArcSight ESM
ArcSight ESM

ArcSight is a registered trademark™ of Micro Focus.


Maintain ArcSight software and appliances with the latest software releases, patches, hotfixes and other updates.

Break / Fix

Triage and provide Break / Fix services for all ThetaPoint O&M and ArcSight / Micro Focus Support tickets on behalf of customer.

Monitoring Service

Monitor ArcSight software and appliances for availability, performance and other issues.

Touch Free Services

Touch Free hours are used for extended break / fix situations and additional ThetaPoint service offerings.

Operations & Maintenance

Most organizations find it difficult to identify and retain qualified IT security resources. The types of individuals required to run a Security Operations Center (SOC) just don’t exist in some cases. Most research studies will tell the same story, there are not enough qualified personnel available to meet today’s cyber security needs. Many times organizations find themselves in bidding wars for these talents and that is assuming they can find the correct qualifications for their business.


Companies are becoming increasingly aware of the threat landscape and the true risks of cyber incidents all the way up to the board level. Unfortunately, organizations lack the experts they need to truly utilize the tools at their disposal.


To address this problem for organizations, ThetaPoint provides a co-managed ArcSight Operations & Maintenance (O&M) service to eliminate the resource gap that exists in organizations today. The ThetaPoint O&M service delivers global 7×24 management and monitoring of your ArcSight solutions in a secure co-sourced model.


The ArcSight managed service offering is composed of four critical components; Regular Maintenance, 7×24 Monitoring, Premium Support, and Touch Free Services.

Regular Maintenance

ThetaPoint’s ArcSight Managed Service proactively maintains and updates your SIEM/Log Management Platform.  Proper maintenance is important to insure new features are installed, removes outdated features, updates drivers, delivers bug fixes and most importantly, plugs security holes that have been identified. Software manufacturers overwhelm organizations with patches, hot-fixes and other updates to meet the above needs.  Resources are not confident on what patches/updates need to be applied and why.  ThetaPoint eliminates this guesswork and handles the tasks for you.  We will validate the need for an update, what business/technical benefits are achieved with the update and what is required to do so.  In addition, we will only apply the patches/updates that are relevant to you and your business.  Eliminate the risk of going through an expensive change process for a non-value add update with ThetaPoint’s ArcSight Managed Service for regular maintenance.

7x24 Monitoring Services

ArcSight products are relied on to ensure compliance, identify security incidents and provide insight into security events across disparate systems.  Therefore, it is paramount that your ArcSight Environment is operating optimally at all times.  ThetaPoint’s O&M managed service monitors your ArcSight Products 7 days a week, 24 hours a day for the following issues:

  • Availability
  • Performance / Resource Utilization
  • Capacity
  • Fatal and Warning Errors
  • Parsing Issues
  • Constant Event Delivery
  • License Compliance

Premium Support

Over the past 5 years we have witnessed a variety of mergers and acquisitions in the SIEM/Log Management marketspace.  Unfortunately, a byproduct of these acquisitions has been a drain of talent from the acquired firm as the company is slowly integrated into the acquiring firm’s culture and processes. This has had a profound impact on customer experience and support for those that leverage the newly acquired technology.  Long wait times, calls that go unanswered, disconnected support sites all lead to increased Mean Time to Resolutions for customers and downright anger and frustration working with the new support organization.


ThetaPoint understands this frustration and provides our clients a truly unique experience. With the ThetaPoint O&M service, we become an extension of your team and will work directly with ArcSight / Micro Focus on your behalf so you don’t have to.  If you have a question and don’t want to waste time scrolling through knowledge bases, our experts can answer it quickly.  If you have a P1 ticket that seems to be in support limbo, leave it to ThetaPoint.  Start spending your time managing your business risk while we manage your ArcSight environment!

Touch Free Services

Touch Free Services is an optional addition to the O&M Service Offering. Touch Free hours are primarily used for break / fix situations that are discovered during monitoring. However, the time may be used for any ThetaPoint service offering. Many of our clients utilize this time to conduct quarterly use case/business case reviews and make necessary content/application changes to stay abreast of today’s modern threat landscape.

ArcSight Products Supported

ThetaPoint currently offers Operations & Maintenance managed service for the following ArcSight solutions:

  • ArcSight ESM
  • ArcSight Logger
  • ArcSight SmartConnectors
  • ArcSight Management Console (ArcMC)
  • ArcSight Event Broker / Kafka


ArcSight Consulting Services

ThetaPoint provides industry leading ArcSight Consulting and Managed Services. Organizations look to ThetaPoint to help them modernize their ArcSight investment to address today’s advanced cybersecurity use cases. Leveraging the ThetaPoint Security Reference Architecture, we help optimize the capabilities of ArcSight ESM and ArcSight Logger to meet the needs of today’s Security Operations Centers (SOCs).


The following are ArcSight specific services that can be used a la carte or as part of a larger modernization project. Contact ThetaPoint to learn how you can realize maximum value from your investment in ArcSight today.

ThetaPoint Consulting Services

Architecture Review and Design

As organizations look to evaluate the current state or need to plan for expansion of their security infrastructure, they often find that they need detailed answers about how everything fits together in order to move forward. ThetaPoint’s Architecture Review and Design service is typically a 5-day effort, focusing on new and existing customers who are looking to re-tool or expand their usage of ArcSight, SIEM and Log Management technologies. This service can also used to establish a technology baseline so project milestones, goals, and tasks can be defined and measured. ThetaPoint consultants have over 10 years of experience at the Master Architect Level and can provide robust architectural recommendations for most customer projects.

Implementation Services

Micro Focus offers many products and solutions that need to be implemented by trained and knowledgeable resources. The various ArcSight products require deep understanding of Operating Systems, Oracle Databases, Network configurations, and SAN Storage configurations to be deployed successfully. ThetaPoint’s ArcSight Implementation Service focuses on installing, configuring, and tuning ArcSight products in a customer’s unique environment. Customers can be assured that when completed, they will have an optimally performing solution ready to tackle the complex business problems the products were intended to solve.

FlexConnector Development

Most SIEM and Log Management companies offer a wide range of supported security devices. However, many do not support emerging or highly customized point solutions. ThetaPoint can help bridge this gap by authoring production quality parsers and FlexConnectors for the unsupported or customized point solutions. ThetaPoint’s FlexConnector Development Service is typically a fixed price effort based on a review of the log(s) that needs to be parsed. Customer’s can expect to receive a production quality parser, categorization file (as needed), installation instructions, and support for up to 1 year.

Health Check & Performance Evaluation

During the day-to-day use of ArcSight ESM and ArcSight Logger, many customers often experience errors and performance issues that prevent them from gaining the real value of their investments. All SIEM and Log Management technologies need to run error and issue free to achieve optimum stability and performance. ThetaPoint’s ArcSight Health Check / Performance Evaluation service is typically a 5-day effort, focusing on the health and wellness of customer’s ArcSight and Log Managment infrastructures. The goal of this service is to provide customers with a clean bill of health so they can get the most out of the tools without annoying and problematic errors or issues.

Third Party Integrations

As SIEM and Log Management technologies become more ingrained in day-to-day IT security operations, companies find that they need these tools to integrate with other in-house technologies like Ticketing systems, internal HR systems, threat management systems, Etc… The problem is most SIEM and Log Management companies do not offer services to accomplish this type of integration. ThetaPoint’s 3rd Party Integrations service offers organizations the ability to integrate their SIEM and Log Management technologies with various complementary technologies. ThetaPoint can build custom solutions (content, scripts, programs, Etc…) leveraging Service Layers, APIs, and Common Protocols to accomplish a seamless integration between a customer’s product investments.

SOC Operational Assessment

Technology is one aspect of an effective IT security or incident response program, not a magic elixir that will cure all that ails them. Organizations must also have business goals, a strategy on how to use the technology, and defined processes and procedures to support operations to be successful. ThetaPoint’s Operational Assessment service is typically a 5-day effort, focusing on the supporting structure of an IT security organization. The goal of the service is to provide customers with an understanding of all the variables in their environment that need to be in place to support SIEM and Log Management technologies.

Custom Solution Development

Many SIEM and Log Management companies provide default content that attempts to address various IT security concerns. The fact is that default content tends to be highly ineffective and needs to be tuned to get value. In addition, new / customized content needs to be created to completely address an organizations IT security concerns and business problems. ThetaPoint’s Custom Solution Development service begins with a discovery workshop that identifies and documents in detail the business problem(s) to be addressed. ThetaPoint then uses its many years of industry expertise and best practices to create a solution that satisfies the customer’s stated goals.


For more information on this Solution or other ThetaPoint Service Offerings, please contact us.