This document provides an overview and introduction to HP ArcSight ESM software. It describes ESM's capabilities for security event monitoring, network intelligence, correlation, anomaly detection, and automated remediation. It also outlines the key components of ESM including the CORR-Engine for high-speed event storage and retrieval, and introduces the various tools and user roles within ESM. The document is intended to provide readers with a basic understanding of how ESM works and how its different functions are used throughout the lifecycle of analyzing and responding to security events.