<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>Score 8 out of 101
Based on 335 reviews and ratings
Likelihood to Recommend
AlienVault USM Anywhere is a great SIEM and if you need to deploy a SaaS solution then it is suited very well. It works very well for us being 100% AWS and integrates well with our toolset and AWS features. The Open Threat Intelligence (OTX) is perfect for providing context on events and feeding our incident response processes.
Splunk light is awesome for anyone wanting to do proactive monitoring. It is also really well suited for insights into data with dashboards. Splunk light might not be a great choice if you do not want to manage the infrastructure on your own.
Feature Rating Comparison
Centralized event and log data collection
Event and log normalization
Custom dashboards and views
Host and network-based intrusion detection
Integration with Identity and Access Management Tools
- The SIEM does a good job of correlating network data from multiple sources along with the Data from deployed HIDS
- The Nmap scan is fast and non-invasive that defines devices on your network.
- The vulnerability scanning has several options and reports to enable data to be available for compliance purposes.
- Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs
- Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data.
- Dashboards provide insights into historical data
- Love how Splunk indexes all of the data and provides keys to search on
- I would like to see an interface that is more menu driven. For example a method that allows me to drag and drop the items I would like in an adhoc report based on local machines that are attempting to connect to sites beyond our network that are blocked by our firewall.
- I would like to see a more robust connection to our SonicWall, having two devices in the same rack that must be configured independently is some times a pain to fine tune.
- I would like to see additional help files built that allow users to work with the Alienvault without attending formal training.
- Splunk light limits number of users to 5. Wish there was a flexible license, where one could add more users.
- Splunk light does not let you add > few realtime alerts. Wish there was a flexible license, where one could add as many realtime alerts as wanted.
- Better insight into daily ingestion values
Likelihood to Renew
Based on 13 answers
The centralized logging and retention for PCI compliance was our main driver, and it is meeting that need. Otherwise there has been enough frustration with the lack of documentation and the need to customize through the CLI that I would be open to alternatives.
Based on 24 answers
I have contacted support many times and every time they addressed the issue and continued until it was resolved. The product is solid, so the overall operation is trouble free.
Based on 37 answers
The best recommendation I can offer is understand the system that is being installed. Knowing how to configure and specific expectations that you expect from the machine. I would say to watch the tutorials and the online video's, get yourself involved with the community forum and ask the questions if you do not understand.Our company did not make the best choice on the computer that the service was installed on and it has led to some adverse effects that did not appear until now, almost 2 years later and needing to re-install the entire system all over again.If you need the help, ask for it. The technical support team at alienvault and community forum members are always there to answer questions.
We looked at a number of other products besides AlienVault. Most of them were software packages that had OK reviews, but would have been costly to implement and time-consuming to maintain. AlienVault was an all-in-one appliance, though it comes in a virtual machine that you can run as well. We chose the USM because of our virtualization resources were getting pretty tight at the time we chose AlienVault, and we prefer hardware appliances.
Splunk Light was easy to install, has great support from the vendor, and great community support. Other logging solutions did not have these benefits when we were looking to buy Splunk. They were cheaper, but Splunk seemed to be the gold standard in log repository and indexing. Splunk Light was a perfect fit for what we needed.
Return on Investment
- Splunk Light has had a positive impact on our overall business objective of having a central log repository.
- Splunk Light is able to help us hunt down the reasons for account lock outs and has thus had a positive impact on time to resolution of helpdesk issues.
- Splunk Light had a positive impact on reporting and showing our auditor specific events he was looking for.
Premium Consulting/Integration Services
Entry-level set up fee?
Additional Pricing Details—
AlienVault USM More Information
Premium Consulting/Integration Services—
Entry-level set up fee?