What users are saying about

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings

Splunk Light

15 Ratings

AlienVault USM<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

329 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Splunk Light

15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

Add comparison

Likelihood to Recommend

AlienVault USM

AlienVault is well suited for businesses that lack someone who specializes in information security. As new threats emerge daily, as long as updates are taking place and the system is set up correctly, you'll be notified of suspicious activity. I find the Reputation report to be invaluable, as it shows what machines within the organization are talking to known bad IP addresses (based on the OTX reputation...make sure you opt into OTX).
Christopher Taylor profile photo

Splunk Light

Splunk light is awesome for anyone wanting to do proactive monitoring. It is also really well suited for insights into data with dashboards. Splunk light might not be a great choice if you do not want to manage the infrastructure on your own.
Pooja Gada profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault USM
7.3
Splunk Light
7.8
Centralized event and log data collection
AlienVault USM
8.0
Splunk Light
8.5
Correlation
AlienVault USM
8.0
Splunk Light
7.5
Event and log normalization
AlienVault USM
8.0
Splunk Light
9.0
Deployment flexibility
AlienVault USM
7.0
Splunk Light
8.0
Custom dashboards and views
AlienVault USM
6.0
Splunk Light
7.5
Host and network-based intrusion detection
AlienVault USM
7.0
Splunk Light
7.5
Integration with Identity and Access Management Tools
AlienVault USM
Splunk Light
6.5

Pros

  • AlienVault USM does log aggregation and quick analysis very well. There is an analysis screen which provides the ability to group events by signature for quick "big head and long tail" analysis. Looking at the most common events and the least common events often highlight misconfigurations, device errors, and security concerns. The analysis screen also provides the ability to filter events by signature, then select fields of interest within those events. Once this is done, it's just a few clicks to create a custom view and report module so that an analyst can quickly find and report on key pieces of information in the future.
  • AlienVault USM provides powerful out of the box correlation rules which generate alarms on security concerns, misconfigurations, and vulnerabilities. Analysts can add their own rules to alert on just about anything in the environment, such as a specific user logging into a specific machine, a machine going offline, or configuration change to a critical device.
  • Another thing AlienVault does well is providing administrative access to the underlying Linux system giving the analyst the ability to quickly troubleshoot issues within the SIEM implementation itself. Access to the underlying OS also provides the ability to make changes to configurations of the underlying well-known security tools to weed out noise events before they can start to consume higher level compute resources.
Kevin Geil profile photo
  • Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
  • Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
  • Dashboards provide insights into historical data
  • Love how Splunk indexes all of the data and provides keys to search on
Pooja Gada profile photo

Cons

  • The documentation can be spotty at times. Finding what you need to understand how to take full advantage of the appliance can be a bit difficult at times.
  • The vulnerability scanning within the USM is a nice feature that doesn't execute well. Getting the scans to complete in a timely manner- or at all sometimes- can be a pain. There are other scanners out there that do a much better job of finding the holes than this.
Joshua Fidler profile photo
  • Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
  • Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
  • Better insight into daily ingestion values
Pooja Gada profile photo

Likelihood to Renew

AlienVault USM9.0
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Aaron Rothstein profile photo
No score
No answers yet
No answers on this topic

Usability

AlienVault USM7.2
Based on 33 answers
The system is great in turns of functionality but in terms of being user friendly and usability for the average person it is very hard to understand and wil take a lot of training.
Mikhail Suleymanov profile photo
No score
No answers yet
No answers on this topic

Support

AlienVault USM7.6
Based on 24 answers
Only had to use this once, and they had us back on track in an hour or so. They followed up the day after to make sure all was still working, great team.
Jason Cresswell profile photo
No score
No answers yet
No answers on this topic

Implementation

AlienVault USM7.1
Based on 37 answers
Anything beyond a vanilla deployment will take a lot of effort.
Aaron Rothstein profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

I evaluated AlienVault against Secure Works, Snort, Palo Alto, IBM's Informix Dynamic Server, and HPE's ArcSight. I based my evaluation on several criteria and after talking with several people at AlienVault (including management) I decided it would be a good fit as the product was evolving with a solid roadmap. In the last year, there have been no updates of substance (despite being on the roadmap) and the product does not meet expectations.
Scott Whitehouse profile photo
ELK stack required too much infrastructure/configuration, NewRelic was expensive.
Pooja Gada profile photo

Return on Investment

No answers on this topic
  • Helped us be more proactive about issues
  • Helped us understand our system usage
  • Helped us invest in areas we previously did not think of
Pooja Gada profile photo

Screenshots

Splunk Light

Pricing Details

AlienVault USM

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Yes
Entry-level set up fee?
Optional
Additional Pricing Details

AlienVault USM More Information

Splunk Light

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Splunk Light More Information