What is ArcSight Recon? (& list of documentation)
For orgs that plan to build a full #SOC but aren’t there yet, ArcSight Recon is an excellent option, with its own analytics engine and can expand as needed.
Security professionals familiar with ArcSight will recognize features from ArcSight Logger and ArcSight Investigate. These features have been preserved and fashioned into one cohesive storage and analytics solution. Features like compliance reporting, MITRE ATT&CK reports, and data visualizations are all a part of ArcSight Recon. In fact, existing ArcSight customers with Logger and/or Investigate can upgrade to ArcSight Recon free of charge. This is yet another way ArcSight is demonstrating their commitment to simplicity and intelligence in security.
ArcSight Recon 1.0 Documentation
Provides a modern hunt solution powered by a high-performance ingestion and advanced analytics database, which helps pinpoint security issues regardless of the timeframe chosen or result size analyzed.
Deployment and Configuration
Interacting with Recon