Recon provides a modern log search and hunt solution powered by a high-performance column-oriented, clustered database. The Search feature helps you investigate security issues by viewing search results and identifying outlier events. The Reports feature, including MITRE ATT&CK content, enables you to hunt for undetected threats as well as create charts and dashboard to visualize filtered data with tables, charts, and gauges. With the Outlier Analytics feature you can identify anomalous behavior by comparing incoming event values to typical values for your environment.
Recon deploys within the ArcSight Platform, which provides common services such as the Dashboard and user management.