What users are saying about

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings

Graylog

7 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Graylog

7 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

I've only used AlienVault in an environment monitoring around 1,000 nodes and with the all-in-one appliance. My first thoughts are that this product is great for companies our size and smaller, but with the advanced configurations of branched out sensors and servers (higher cost), it may be scalable for larger companies as well. It does what other SIEMs do but is more hackable and friendly to the power analysts needing to correlate lots of data.
Jon Armani profile photo

Graylog

This is well suited for a small to medium sized environment where you are looking to collect all your system logs. In larger scale environments it would be trickier to pull this software off. The software can only handle a certain amount of logs per second, if you have lots of devices you should invest in a more premium product
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Graylog
Centralized event and log data collection
AlienVault USM
8.0
Graylog
Correlation
AlienVault USM
8.0
Graylog
Event and log normalization
AlienVault USM
8.0
Graylog
Deployment flexibility
AlienVault USM
7.0
Graylog
Custom dashboards and views
AlienVault USM
6.0
Graylog
Host and network-based intrusion detection
AlienVault USM
7.0
Graylog

Pros

  • AlienVault USM does log aggregation and quick analysis very well. There is an analysis screen which provides the ability to group events by signature for quick "big head and long tail" analysis. Looking at the most common events and the least common events often highlight misconfigurations, device errors, and security concerns. The analysis screen also provides the ability to filter events by signature, then select fields of interest within those events. Once this is done, it's just a few clicks to create a custom view and report module so that an analyst can quickly find and report on key pieces of information in the future.
  • AlienVault USM provides powerful out of the box correlation rules which generate alarms on security concerns, misconfigurations, and vulnerabilities. Analysts can add their own rules to alert on just about anything in the environment, such as a specific user logging into a specific machine, a machine going offline, or configuration change to a critical device.
  • Another thing AlienVault does well is providing administrative access to the underlying Linux system giving the analyst the ability to quickly troubleshoot issues within the SIEM implementation itself. Access to the underlying OS also provides the ability to make changes to configurations of the underlying well-known security tools to weed out noise events before they can start to consume higher level compute resources.
Kevin Geil profile photo
  • Manages logs for a variety of devices
  • Easy to set up
  • A great open source solution
No photo available

Cons

  • AlienVault is excellent at finding issues/exploits and providing the information necessary for forensics. It could be nice if instructions for remedies could be provided as well.
Dana Hancock profile photo
  • If you don't know your way around Linux setup would be tricky. Some step by step videos would be helpful.
No photo available

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
Graylog10.0
Based on 1 answer
The product is great, and the support we have gotten from the developers has been top notch!
Andrew Meyer profile photo

Usability

AlienVault USM7.2
Based on 33 answers
Best SIEM out there. Built for the serious security practioner. Has features you would expect in something much more expensive. Product continues to be refined and improved.
Matthew Frederickson profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Support was initially slow but once engaged resolution was fast and efficient.Additional support on other topics was also resolved under the same initial call which helped rather than closing the call off and starting again.Further check backs were carried out before the case was closed so support was very useful throughout.
Philip Clarke profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
The one thing to remember is where to place the sensors within your organization. It is one thing to collect and analyze data, but collecting the right data is key. This is where AlienVaults experts really help. Instead of trying to sell you a gazillion sensors, they walk you through your network to make sure he sensors are where they need to be so you can achieve your goal. Implementation works so well because they take the time upfront to know your goals before they help you achieve them.
Matthew Frederickson profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault Unified Security does surprisingly well as an IDS as well as a capture tool for malware. It does have some intel with the OTX so that is helpful. So, there are some overlaps but my comparison is like the bell curve. AlienVault catches that 60-70% range of the middle stuff, but not necessarily the fringes. That's what the other tools do in conjunction. But obviously, AlienVault Unified Security has the SIEM piece which is a huge win.
Baillio, Aaron profile photo
Graylog provides some great functionality for free. There are some more premium products that would handle more logs and would be a little easier to configure
No photo available

Return on Investment

No answers on this topic
  • This is a perfect solution for us and didn't cost us a dime.
No photo available

Screenshots

Graylog

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Graylog

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Graylog More Information