Hi,
From you earlier post, I understand that you have integrated Splunk with ArcSight and so I would request if you please help me to understand a few question here,
What should be the SIEM architecture in a scenario where I have ArcSight Manager, Logger and connector and now I want to integrate Splunk for long term data retention purpose. I find that long term data retention is not a good cost effective option with ArcSight Logger and also searching performance is very slow in archived data since it does not contain index information. Also please send me the integration document between ArcSight and Splunk.
... View more