AlienVault USM vs PRTG

• Log analysis, both syslog and AWS cloud trail, and searchability/reporting is actually better than most of our other related tools: All of our systems send log information using rsyslog to our AlienVault USM system. AlienVault is able to alert us of many issues with minimal configuration, including adding/removing users to sensitive groups, creating or removing resources such as EBS volumes, S3 buckets, or security groups.
• AWS loadbalancer traffic/log analysis: AlienVault automatically identifies threatening IPs or entries that match suspicious traffic patterns.
• The ability to search the many logs AlienVault collects in a way that even novice users can follow is super valuable. Logs can be quickly sorted by source, log type, and/or keyword searches. There have been many occasions where we were able to find non-security related issues due to the simple yet advanced search abilities of AlienVault. This has led to the challenge of deciding when and how long to allow non-security personnel access for troubleshooting.

Read full review

• PRTG appears to be plain and simple and you can use it that way if you want. But it has power under the hood and can be used to monitor anything you can think of. I like the fact that it's simple to use, it's truely as easy as auto discover, tweak and forget (or wait until you get PRTG notices via email).
• Alarms are easy to use and you can set them to be granular by error or by group/users.
• PRTG upgrades are a snap with auto update.
• I've set up PRTG in a cluster so that we don't have to log when we take the server down for maintenance for reporting on uptime, etc. Cluster setup is very easy.
• In a previous job, I posted public pages to our IT intranet page so employees could see if there was a server outage. Again, very easy and a nice idea.

Read full review

• The "Agent" has caused many problems in our environment.
• The AlienVault server seems to get overwhelmed quickly and could use an option for greater scaling for larger installations.
• The documentation is often lacking on details. The documentation often covers what specific steps to take but does not cover why or how certain items work.
• The user interface is missing many features for bulk/large-scale operations. Such as the ability to close more than one page of alarms at once.
• The "report false positive" does not provide a way to easily remove items so they still show up in audits.
• There is no way to reconfigure many checks to avoid false positives.
• The system lacks transparency for many security or infrastructure operations.

Read full review

• A more built-in dashboard would be nice.
• Licensing can be tricky since it is not device based. Currently, each sensor (IE interface) counts as a sensor license

Read full review

• Downtime has been reduced
• Monitoring available disk space enables us to plan and forecast storage needs more effectively
• Monitoring network traffic has alerted us to bottlenecks that we were able to identify and correct

Read full review