What’s New with ArcSight Recon 1.2?

by in Security

In today’s fast-growing and sophisticated threat landscape, organizations are struggling to keep up with all of the unknowns. More business is conducted online, more sensitive information is stored digitally, and more work is completed by remote workforces than ever before. And compliance mandates are getting stricter, all while bad actors are developing increasingly sophisticated methods of infiltration. To overcome these challenges, organizations need to boost visibility across their environment and act confidently in their daily routines. 

Scheduled Searches in ArcSight Recon 1.2Organizations collect and store data from an infinite number of resources, which makes data monitoring and management more difficult. And since many data management solutions on the market today weren’t built with security in mind, it creates inefficiencies when implemented within the context of SIEM, security compliance, event logging, and forensic investigation. And because logging and forensic investigation are essential tasks in a modern SOC, organizations need a solution that transcends the standards of today to be equipped for the needs of tomorrow. That’s where ArcSight Recon comes in.

ArcSight Recon is a comprehensive log management and security analytics solution that eases compliance burdens and accelerates forensic investigation for security professionals. It combines the compliance, storage, and reporting needs of log management with the capabilities of big-data search and analysis. Recon is built for security event logs, making it more intuitive and accessible for security analysts. It enables you to hunt for and defeat threats by unifying data logs from across the organization—processing billions of events and quickly making them available for search, visualization, and reporting.

With our latest release, ArcSight Recon 1.2, we’ve provided significant updates to support our customers’ log management, compliance, search, and hunt requirements.

What’s new with ArcSight Recon 1.2? 

ArcSight Recon is now deployable to Amazon Web Services and Microsoft Azure. Support for cloud-hosted deployments of Recon enables you to avoid capital expenditure associated with the significant infrastructure required for search and hunt, as well as the effort required to maintain, manage, and replace compute and storage equipment. With the cloud-native deployment of Recon to AWS and Azure, you can take advantage of cloud-based services for greater efficiency and manageability. 

Ability to run the search automatically on a set schedule. With ArcSight Recon 1.2, you can schedule searches on a daily, weekly, or monthly basis and manage the searches by setting an expiration time. This means you can run the searches during non-peak hours and analyze the results at your convenience. Saved searches help analysts create their own searches for specific use cases and execute those searches to save time when searching, analyzing, and threat hunting. In short, these scheduled and saved searches provide “cruise control” for your routine compliance use cases.

Scheduled Searches in ArcSight Recon 1.2

Recon Search of Logger Event data is enabled with Recon 1.2: Existing Logger data can be sent to Recon to support your search, hunt, and reporting needs. 

Pixelperfect reports and interactive dashboards: With 100+ out-of-the-box reports/dashboards (covering MITRE ATT&CK, cloud, monitoring, OWASP), you can create, edit, publish, and visualize desired reports to increase visibility across your entire security landscape.> You can also import/export reports, dashboards, and related content to simplify sharing and reviewing.;

Supported external data sources, including Text/Excel/Directory, Elastic search, JDBC, REST, JSON, XML.

Ready-built compliance packages, covering GDPR, PCI, IT-GOV to ease the burden of security compliance requirements.

GDPR Compliance made easy with ArcSight Recon
With the prebuilt compliance packages in ArcSight Recon, you can save time for your analysts working on GDPR, PCI, IT-GOV. Recon reduces the pain and complexity of reporting with simple, automated, customizable reports and dashboards and provides easier, continuous compliance.

Data flow from non-EU countries to GDPR Systems

Data flow from non-EU countries to GDPR Systems 

In a GDPR Compliance use case demonstrated by Senior ArcSight Product Manager Emrah Alpa, we take a deep dive into a GDPR scenario to uncover any GDPR violations in the environment by utilizing Recon’s GDPR content, reports, dashboards, search, and hunt features. Watch this 5-minute GDPR Compliance DEMO with ArcSight Recon YouTube video to gain a better understanding of how to leverage GDPR content to maintain compliance in your environment.   

ArcSight 2021.1 introduces a number of upgrades for the ArcSight portfolio. Check out the resources below to see what’s new. 


Have technical questions about Security Operations? Visit the ArcSight User Discussion Forum. Keep up with the latest Tips & Info about Security Operations. Do you have an idea or product enhancement request about ArcSight? Submit it in the Idea Exchange. We’d love to hear your thoughts on this blog. Log in or register to comment below.


Security Operations