ArcSight Enterprise Security Manager (2008)
ESM works in conjunction with ArcSight Logger, which collects and normalizes event data and reports on security events based on rules created by the user. The tool is agentless, and uses event source connectors to collect the log data.
The data collected is compressed and stored in a proprietary file-based repository; it can store both normalized and raw event data, according to ArcSight.
The ESM takes the logging data, analyzes it and displays events on the ArcSight console, triggering alerts. ArcSight said its ESM tool also integrates with custom data sources, including home grown applications and physical security systems.
ESM's correlation capabilities can discern events connected to a specific individual and that user's business role and organizational membership. It can associate any IP address-based events with events from the enterprise's physical infrastructure.