What users are saying about

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings

Elasticsearch

87 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Elasticsearch

87 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.9 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Matthew White profile photo

Elasticsearch

Elasticsearch is the gold standard for text-based search. Across large data sets it performs admirably, and we will certainly make it our first choice search solution in the future. For a use case where needs are simple and regular database queries might suffice, Elasticsearch may or may not provide any benefits.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Elasticsearch
Centralized event and log data collection
AlienVault USM
8.0
Elasticsearch
Correlation
AlienVault USM
8.0
Elasticsearch
Event and log normalization
AlienVault USM
8.0
Elasticsearch
Deployment flexibility
AlienVault USM
7.0
Elasticsearch
Custom dashboards and views
AlienVault USM
6.0
Elasticsearch
Host and network-based intrusion detection
AlienVault USM
7.0
Elasticsearch

Pros

  • AlienVault enables integration with external technologies, thereby broadening its scope and possibilities.
  • AlienVault has a dashboard customization and reporting scheme that makes it flexible to query your data, allowing you to model the tool according to your needs.
  • AlienVault will make you forget the need to consult some information on AWS Cloudtrail. It extracts the data from there and delivers in a much more efficient way.
  • With a single tool you can monitor your cloud and on-premises environment.
Erlon Sousa Pinheiro profile photo
  • Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
  • Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
  • Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.
Anatoly Geyfman profile photo

Cons

  • It can be difficult to set up correctly. I found the documentation sparse in some instances.
  • It can generate a ton of alerts, again if not set up correctly. I recommend taking the engineer's class for it, so that you can get the most out of your investment.
  • The vulnerability scans can eat up a lot of resources, as well as be a bit pushy. Running a scan against one of our printers resulted in that printer constantly flooded with inventory scan requests by AlienVault, which rendered said printer unusable. Make sure you break out your networks when doing scans!
Christopher Taylor profile photo
  • Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
  • The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
  • This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.
Colby Shores profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
Elasticsearch10.0
Based on 1 answer
We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Aaron Gussman profile photo

Usability

AlienVault USM7.2
Based on 33 answers
Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.
Matthew Frederickson profile photo
Elasticsearch10.0
Based on 1 answer
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
No photo available

Support

AlienVault USM7.6
Based on 24 answers
Based on previous experience we had to explain and demonstrate the problems several times; fixes takes long time to be implemented and rolled out to end users. Several times we had to guide the support contact to fully understand the problem
Bilal Al Sabbagh profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
Matthew Frederickson profile photo
Elasticsearch9.0
Based on 1 answer
Do not mix data and master roles. Dedicate at least 3 nodes just for Master
No photo available

Alternatives Considered

I recommended Alert Logic, but management was drawn to the much lower price of AlienVault. Alert Logic seems to have a more mature product and has some of these features that have been lacking in AlienVault.
John Grosjean profile photo
The only other competitor we researched was mongo as some of our table information is stored in an XML file, but as we were doing searching we gravitated towards Elasticsearch. We knew mongo had some of the qualifications for what we wanted, but went with Elasticsearch for specifically our searches and actually used Mongo for more DB storage.
David Greenwell profile photo

Return on Investment

No answers on this topic
  • It has allowed fast searching on large datasets which allow our customers to conduct business in a timely and simple manner.
Josh Kramer profile photo

Screenshots

Elasticsearch

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Elasticsearch

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Elasticsearch More Information