What users are saying about

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
334 Ratings
93 Ratings

AlienVault USM

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
334 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101
93 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.9 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

Elasticsearch

Elasticsearch is the gold standard for text-based search. Across large data sets it performs admirably, and we will certainly make it our first choice search solution in the future. For a use case where needs are simple and regular database queries might suffice, Elasticsearch may or may not provide any benefits.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Elasticsearch
Centralized event and log data collection
AlienVault USM
8.0
Elasticsearch
Correlation
AlienVault USM
8.0
Elasticsearch
Event and log normalization
AlienVault USM
8.0
Elasticsearch
Deployment flexibility
AlienVault USM
7.0
Elasticsearch
Custom dashboards and views
AlienVault USM
6.0
Elasticsearch
Host and network-based intrusion detection
AlienVault USM
7.0
Elasticsearch

Pros

  • AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
  • Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
  • USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
  • With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.
Matthew White profile photo
  • Lightning fast
  • Easily scalable
  • Powerful feature set
No photo available

Cons

  • We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
  • More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
  • Integration with OpsGenie would be great.
Matthew White profile photo
  • A bit more of a learning curve for complex searches, indexing more complex things.
  • Some of our updates between versions haven't gone as smoothly as we would like, but in more recent versions Elastic has done a much better job at trying to allow for full uptime upgrades.
  • Configuration needs to be set up to do larger searches, or more complex searches and at times while starting it wasn't obvious what configuration needed to be changed.
David Greenwell profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
Elasticsearch10.0
Based on 1 answer
We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Aaron Gussman profile photo

Usability

AlienVault USM7.2
Based on 33 answers
Not enough documentation, non-descript error messages, and too much required to be done at the command line for an "appliance".
Aaron Rothstein profile photo
Elasticsearch10.0
Based on 1 answer
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
No photo available

Support

AlienVault USM7.6
Based on 24 answers
I find their support to be excellent. From the FAQ's to the tech docs, it is very easy to resolve most issues. The few times we worked with a support technician, they were always quick to resolve our issue. We are very pleased with the overall level of support!
Chuck Bardram profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
Implementation is easy but having easy access to support and professional services is a great help. Getting it up and running is very easy, getting it configured for your specific environment does take a little more work, when you run into any issues support or your professional services provider is always there.
Karl Hart, ACSE, CEH, CHFI, CISSP profile photo
Elasticsearch9.0
Based on 1 answer
Do not mix data and master roles. Dedicate at least 3 nodes just for Master
No photo available

Alternatives Considered

None at the time as the product was purchased before I joined the organization.
AJ Gumataotao profile photo
For our application, ElasticSearch fulfilled all the criteria we were looking for. Something that's easy to scale and flexible. I think ElasticSearch works better that Solr with modern real-time search applications. Also, ElasticSearch is easy to integrate with. ElasticSearch is distributed with real-time replications.
No photo available

Return on Investment

No answers on this topic
  • Open source project that optimized search views in our application.
  • Cost of managing the elasticsearch clusters was added (which is small compared to the gains).
  • We are highly satisfied with what we got out of ElasticSearch.
No photo available

Screenshots

Elasticsearch

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Elasticsearch

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Elasticsearch More Information