Threat Detection and Response

OpenText ArcSight Intelligence

Proactively detect insider risks, novel attacks, and advanced persistent threats

A person looking at a computer screen


A person typing on a laptop

OpenText™ ArcSight™ Intelligence is an advanced threat-detection tool that uses user entity behavior analytics (UEBA) and 100%-online, unsupervised machine learning (ML) to detect behavioral anomalies across the organization and empower threat hunters. It evolves with the organization so teams can detect insider risk, novel attacks, and advanced persistent threats without needing to maintain rules or update thresholds.

Read the behavioral analytics flyer

Why choose ArcSight Intelligence?

  • Machine learning foundation

    Rely on hundreds of unsupervised machine learning models to detect behavioral anomalies that indicate threats.

  • Adaptive detection

    Adjust to new concepts of normal with advanced threat detection that automatically adapts to your organization with every new event.

  • Simplified threat detection

    Enable analysts to focus their attention on stopping threats with automated ML training and the elimination of rules and thresholds.

  • Normalized risk scoring

    Quickly visualize and contextualize an entity’s risk at a glance with risk scores ranging from 0 to 100.

How ArcSight Intelligence can benefit business

Proactively detect insider risk, novel attacks, and advanced persistent threats with mature machine learning capabilities to improve threat hunter efficacy and efficiency.

  • Detect difficult-to-find threats

    Detect difficult-to-find threats

    Identify behavior changes and detect adversaries that rule-bound systems struggle to detect, even if attackers change their method of attack.

  • Increase analyst efficacy and efficiency

    Increase analyst efficacy and efficiency

    Transform billions of events into a handful of actionable threat leads, freeing analysts to focus on the threats that matter the most.

  • Automate maintenance and tuning

    Automate maintenance and tuning

    Gain contextually rich leads with 100%-online, unsupervised ML models that automatically adjust to your organization’s level of normal—without rules or thresholds.

  • Reduce insider attack remediation costs

    Reduce insider attack remediation costs

    Catch insider threats in days—not months—to drastically reduce remediation costs.


  • Organizational risk at a glance

    Provides dashboards that make it easy to see the overall risk of the entire organization, view trends, highlight individual risks, and quickly address threats.

  • Dynamic anomaly and risk timelines

    Presents an entity’s risk profile over time—including the anomalies that contributed to its risk score—and offers advanced filtering so threat hunters can focus in on anomalies of interest.

  • Fully transparent alerts

    Accelerates threat hunting with context-rich leads—including visualizations and highly readable descriptions of the anomalies—backed by the events that caused them.

  • Analyst collaboration

    Enables real-time collaboration within one centralized location so analysts can quickly identify attacks by leaving comments, applying visual flags, and marking events with user-defined tags.

  • Raw event viewer

    Uses a normalization process that retains all raw log fields, enabling users to review the exact details that contribute to an increased risk score.

  • Anomaly mapping

    Delivers insights into security stack vulnerabilities by mapping anomalies to MITRE ATT&CK® tactics.

  • API integration

    Leverages APIs to integrate with existing SOAR and threat-ticketing systems, allowing users to create tickets or automate actions with ease.

  • Expanded threat hunting capabilities

    Supports bundling with OpenText™ Threat Hunting Services to deliver world-class threat analytics with expert, human support.

Take advantage of OpenText and partner services

Professional Services

OpenText Consulting Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.


OpenText helps customers find the right solution, the right support and the right outcome.


Learning Services offers comprehensive enablement and learning programs to accelerate knowledge and skills.


Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Leaders trust OpenText

See how customers are succeeding with ArcSight Intelligence.

See more success stories
Major Healthcare Company

ArcSight Intelligence neutralizes insider threats and prevents sensitive data theft

Learn more
Major Financial Services Organization logo

Astonishing POC insight leads to ArcSight Intelligence for CrowdStrike implementation to combat insider threat

Learn more
Large Healthcare organization logo

ArcSight Intelligence prevents security breach in sensitive patient data

Learn more
Large Government Agency logo

ArcSight suite provides full visibility for faster threat response through User and Entity Behavior Analytics

Learn more
Large Online Retailer logo

ArcSight Intelligence teams with CrowdStrike, reveals hidden threats, and establishes outstanding advanced threat and insider threat detection to prevent breaches

Learn more
Global Manufacturer logo

ArcSight Intelligence proof-of-concept detects and remediates brute force attack in process

Learn more

ArcSight Intelligence resources

Threat hunting with ArcSight Intelligence

Read the flyer

What is User and Entity Behavior Analytics (UEBA)?

Learn more

What makes ArcSight Intelligence different part 1

Read the position paper

The insider threat problem: Your biggest threat may already be inside

Read the blog

Insider threats: A problem too advanced for machines alone

Read the blog

Highlights from the 2024 Verizon Data Breach Investigations Report (DBIR)

Read the blog

ArcSight Intelligence with Microsoft Defender for Endpoint

Read the flyer

ArcSight for preemptive threat detection

Read the flyer

What makes ArcSight Intelligence different part 2

Read the position paper