AlienVault USM vs FortiSIEM

• AlienVault USM Anywhere is easy to deploy with their cloud-based model and deploying the required agents on-prem (or in the cloud) is quick and easy.
• Custom rules allow for alerting based on content from events and you can even trigger agents in response to threats, shutting down computers or grabbing forensic info for incident response.
• USM Anywhere also takes care of reporting for ISO and PCI, allowing you to pull reports for auditors at a moment’s notice.
• With many integrations out-of-the-box, you can pull in all the data from products you use and other sources, such as Amazon CloudWatch Logs.

Read full review

• Log aggregation and analytics
• CMDB
• Device inventory and remote management .
• It can be used by Managed Security Providers who have multiple customers as it offers multi organization support .

Read full review

• We would love to be able to create custom rules based on a series of events, to create rule-sets where, for example, failed logins to the VPN Server are logged and then when a successful attempt follows soon after, it triggers an alarm for a Brute Force. It does this for things like OKTA already, so control over which events this applies to would be great.
• More data tiers - something between 250GB and 500GB tiers, maybe break it down into 100GB tiers?
• Integration with OpsGenie would be great.

Read full review

• Non-intuitive/unattractive user interface
• Too many features that will usually remain unused
• Very crowded (too many icons) portal
• The reporting feature is confusing, e.g. you have to click on the "refresh" button to get the result of your inquiry. The report generation process can be much easier, as the user interaction is not pleasant.

Read full review

• Other SIEM solutions were cost prohibitive at the time of purchase (2016).
• Just like any other SIEM, it helped draw a better picture of our current security posture.

Read full review