AlienVault USM: Simplifying Security with Cost-Effective Threat Detection.
Our organization uses AlienVault USM to enhance the security posture and streamline our clients' threat detection and response. The …
Starting at $1,075 per month
View PricingOverview
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (8)8.585%
- Correlation (8)8.585%
- Event and log normalization/management (8)8.080%
- Custom dashboards and workspaces (8)7.070%
Reviewer Pros & Cons
Pricing
Essentials
$1,075
Cloud
per month
Standard
$1,695
Cloud
per month
Premium
$2,595
Cloud
per month
Entry-level set up fee?
- Setup fee optional
For the latest information on pricing, visithttps://www.alienvault.com/products/pri…
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Features
Return to navigation
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments, including SIEM, intrusion detection, vulnerability management, as well as continuous threat intelligence updates. The vendor states that even for resource-limited IT security teams, AlienVault USM can be affordable, fast to deploy, and easy to use. It eliminates the need to deploy, integrate, and maintain multiple point solutions in the data center.
Smart, automated data collection & analysis: USM Anywhere automatically collects and analyzes data across the attack surface, helping to quickly gain centralized security visibility without the complexity of multiple disparate security technologies.
Automated threat detection powered by AT&T Alien Labs: With threat intelligence provided by AT&T Alien Labs, USM Anywhere is updated automatically to stay on top of evolving and emerging threats, so the security team can focus on responding to alerts.
Incident response orchestration with AlienApps: USM Anywhere supports a growing ecosystem of AlienApps, enabling the user to orchestrate and automate actions towards other security technologies, able to respond to incidents quickly and easily.
AlienVault USM Features
Security Information and Event Management (SIEM) Features
- Supported: Centralized event and log data collection
- Supported: Correlation
- Supported: Event and log normalization/management
- Supported: Deployment flexibility
- Supported: Integration with Identity and Access Management Tools
- Supported: Custom dashboards and workspaces
- Supported: Host and network-based intrusion detection
Additional Features
- Supported: AlienVault Open Threat Exchange
AlienVault USM Screenshots
AlienVault USM Videos
AlienVault USM Competitors
AlienVault USM Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
| Supported Countries | Global |
AlienVault USM Downloadables
- Unified Security Management vs. SIEM: a Technical Comparison
- AlienVault USM Anywhere: Datasheet
- AlienVault Fast Facts
- AlienVault USM Anywhere: Datasheet
- Beginner’s Guide to Open Source Intrusion Detection Tools
- SIEM for Beginners: Everything You Wanted to Know About Log Management But Were Afraid to Ask
Frequently Asked Questions
Splunk Cloud and Fortinet on IBM Cloud are common alternatives for AlienVault USM.
Reviewers rate Deployment flexibility highest, with a score of 8.6.
The most common users of AlienVault USM are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(735)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Recommendations
Users have found AlienVault USM to be a valuable SIEM solution for centralizing and searching log data from a large number of network attached devices. This platform is being used for various use cases such as vulnerability management, scanning, malware detection, and monitoring malicious network traffic. It is considered a good SIEM solution for organizations new to security operational logging or those with a smaller staff and budget. The product has been praised for its integrated feature sets, including HIDS, NIDS, FIM, and security alerting capabilities. The inclusion of features like vulnerability scanning and file integrity monitoring has extended its value for organizations in the early stages of cybersecurity program development. Many users have experienced real-time alerts, enabling them to respond to security incidents and compromised passwords more quickly. Furthermore, AlienVault is used for a range of functions such as SIEM, vulnerability scanning, asset discovery, and investigations. It provides organizations with a centralized log collection site, allowing them to monitor and address new problems more effectively. The platform has been effective in helping organizations meet regulatory compliance requirements and improve SOC operations. Additionally, AlienVault is used to analyze network traffic, Windows Event Logs, and other security events, helping organizations improve network security and protect their customers. It solves security challenges related to device and software visibility, monitoring for anomalous events, and ensuring patch management. Users appreciate the simplicity of deployment and the robustness of the interface. The support team is highly responsive and knowledgeable.
AlienVault USM Anywhere is used by organizations to easily identify security incidents happening across their infrastructure and comply with PCI-DSS compliance requirements. MSSPs utilize AlienVault USM Anywhere to provide their customers with best-in-class threat monitoring and response services. It is also used to monitor cloud environments, scanning and alerting for any known vulnerabilities or activity on servers. AlienVault helps organizations with auditing purposes by monitoring cloud permissions and changes to security. Additionally, it is deployed to customers for monitoring and is used by NSOCs to monitor their networks. AlienVault has been implemented across organizations, covering server assets and providing granular logging on systems and networks. It helps in raising alarms/alerts and mitigating network-related activities. AlienVault collects and alerts on network and system activity across the entire organization, making it easy to filter for important data. The product centralizes log data and helps perform vulnerability analysis and threat detection. It assists in security patching and monitoring within AWS environments. Users appreciate the ease of use and configuration of the cloud-based panel. AlienVault is implemented and managed for clients as a recommended SIEM solution, collecting and normalizing logs from various data sources. It is used throughout organizations to gain insight into network and server events, manage and correlate logs, and recognize anomalous activity. Users have been able to set up alerts for specific events and policies, effectively managing systems and alerts in place, monitoring multiple client environments, and identifying issues that clients may have missed.
AlienVault USM Anywhere is praised for its cost-effectiveness compared to other SIEM solutions on the market. Users appreciate its threat intelligence capabilities, ease of use, user-friendly interface, and simplicity of deployment. The built-in correlation rules require minimal setup and provide high-quality results. Asset management and scanning features help users stay on top of monitoring assets, including dynamic and static asset lists. The integration of OTX into USM Anywhere allows for up-to-date threat intelligence and pulse subscriptions.
The software plays a crucial role in monitoring and alerting when anomalies occur, aiding in threat detection, compliance management, log collection, and vulnerability scanning. It helps organizations stay up to speed on new vulnerabilities and supports agile business initiatives by aiding analysts in identifying cyber threats and providing access to threat cross-referencing data. AlienVault USM Anywhere is deployed to monitor AWS cloud environments, attain compliance, identify threats, and facilitate auditing of non-emergency configuration changes and vulnerability monitoring.
Overall, AlienVault USM Anywhere provides centralized security monitoring, incident response capabilities, compliance reporting features, vulnerability assessment tools, real-time SIEM functionality, as well as asset discovery and user activity monitoring capabilities. It has been widely adopted across various industries for enhancing security posture and gaining comprehensive visibility into network activities.
Based on user recommendations, AlienVault USM receives the following common recommendations:
-
AlienVault USM is recommended for cost-conscious companies and small to medium businesses due to its affordability and effectiveness. Users find it to be a great tool for analyzing and reacting to threats, offering excellent value for the price.
-
Users suggest exploring alternative SIEM choices and discussing functionality and configuration requirements. Logrhythm is mentioned as a possible alternate SIEM choice, especially for high-end functionality needs. It is advised to compare features and select the SIEM system that offers the best cost for desired features.
-
To maximize the experience with AlienVault USM, users recommend taking advantage of training opportunities provided by AlienVault. Joining official training sessions allows users to learn best practices from other users and gain comprehensive knowledge of the product. Users also recommend utilizing forums, support, webinars, and videos offered by AlienVault to enhance understanding and achieve optimal results.
Overall, AlienVault USM is regarded as a cost-effective solution suitable for organizations with data privacy and security priorities. The product's flexibility, community-created intelligence, and continual improvement are also highlighted by users. While some mention areas for improvement, such as support stability and module quality, the general consensus is that AlienVault USM delivers reliable security enhancements and cost savings.
Attribute Ratings
Reviews
(126-150 of 390)Companies can't remove reviews or game the system. Here's why
June 24, 2019
AlienVault USM Anywhere - A One-Man-SOC
AlienVault is used by the cybersecurity unit of the organization to monitor and correlate security logs from other systems within the organization. Also, AlienVault acts as a log management system or repository of logs for the organization. We chose AlienVault as it is one of the few SaaS-based SIEM in the market and it was in line with our organization’s direction of going with a cloud-based solution.
- Cloud based solution which minimises the need to maintain additional on premise servers.
- Among the cheapest SIEM solution on the market with features comparable to the other bigger players.
- Great dashboard and UI which makes it super easy to use.
- Packed with many features and integrates with many major off the shelf brands.
- The SaaS based model makes the pricing very dependent on the storage capacity subscribed to. Compared to other on premise solutions, it can be really hard to deal with once the log storage has reached or maxed out the monthly storage capacity.
- After AT&T took over Alienvault, their customer service has deteriorated and they don’t give as much care as they did earlier with their customers.
- After AT&T took over, the product pricing has been increasing steadily and soon this solution may not be as affordable as it used to be.
June 24, 2019
AlienVault is pretty dope
We are using AlienVault as a SIEM, Log Manager, FIM, and Vulnerablility Management tool. It is used across the whole organization. We need to be HIPAA compliant, so it addresses the need for a log manager, vulnerability scanner, policy report generator, and FIM.
- log management
- vulnerability management
- correlation alerts
- Policy Reports
We used AlienVault for a few years and were very satisfied with the product. Then, they got bought by AT&T and we are now in contractual and legal hell. In the past, both companies made changes to the operating agreements to meet our needs; AlienVault was good at helping us with regulatory requirements. This time during the contract renewal, they made promises about updating agreements again, but somewhere this got lost when both or customer manager and sales representative changed three times in short succession. Then, the legal team refused to even speak with us even after they originally agreed to during the negotiation. So, we've been ignored for months by multiple groups with no meeting scheduled all because their legal team is busy updating legal agreements due to the merger, which is exactly what we want! Another thing to consider: more marketing emails from all the other companies in the AT&T family, get your spam filters ready. Overall: good product, but we've spent more effort on managing the relationship than this is worth. We will consider other, even more expensive options, whose TCO will, in the end, be lower.
- Your Points of Contact will change a lot
- Your requests will be ignored
- If you have unique requirements, you may be out of luck under the new AT&T regime
- We pay you, you work for us, remember that
- Get your house in order and don't leak the damage to your clients
- Get more staff if you cannot handle the post-merger load
- Retain your current employees
June 20, 2019
Cloud-based Healthcare Analytics Company
AlientVault is our SIEM solution across our AWS infrastructure (300+ appliances) as well as our desktop workstations in our Kathmandu, Nepal location which houses 300 employees.
- Intrusion detection
- DDOS detection
- Storage allocation vs price.
- Support for customers not purchasing dedicated services.
- Performance of Monitors.
We use the USM Anywhere SIEM for our corporate security program currently, separate from our application security team in charge of our cloud environments our SaaS offering is hosted on. This solves the compliance and security issues we face as an organization for forensically sound log storage as well as data aggregation for correlation.
- The integration setup for syslog forwarding and native web apps partnered with the platform is a very simple setup.
- Deploying sensors in cloud systems usually follow a pre-defined build flow for ease of sensor deployments and scaling.
- For perimeter defense, as long as your defended organizational structure uses Active Directory or another LDAP replication type service, vuln scanning and KIDS is a breeze.
- For highly distributed workforce issues, the system requires a lot of third-party integrations to collect data for automation.
- Customization can be lacking in areas without significant help from their support teams.
- Building rules for filtering, suppression, and custom alarms can be a steep learning curve, although this is slightly offset by their training offerings.
June 20, 2019
AlienVault Is a Success
AlienVault is being used for the Security Team to see all host and network traffic. This real-time SIEM is tuned to give us alarms we actually need to look at on a daily basis. This addresses anything from malware to network, system and email breaches.
- Deployment with the sensors for USM anywhere.
- Support
- Responsive UI
- Alien Apps
- Agents offline
- Easier agent deployment on host.
- Quicker response from engineers and not just send engineers a document for the fix.
June 20, 2019
Best SIEM around!
AlienVault is implemented in the organization to closely monitor and alert the Information Security Team on activity to address regarding threats and vulnerabilities.
- Alarms and email alerts on potential threats and compromises.
- Vulnerability scans allow a view of the risks from each asset.
- Integration with Anitvirus, Office 365, and file monitoring software (Varonis).
- AlienVault agent appears offline at times for assets that are known to be online.
- AlienVault agent does not update on its own.
June 17, 2019
SIEM at its best!
We currently use AlienVault USM anywhere across the corporation and it does what it's supposed to do 99.9% of the time. The deployment option (on-Prem/SaaS) could be a factor performance-wise and in terms of custom plugins and rule-set but otherwise it meets all our business requirements. Most importantly support is great and always ready to help where possible.
- Correlation
- Constant feature updates
- Support
- Ability to build custom plugins in all deployment models
- Roll back the decision to halt creating custom plugins
- Ability to modify correlation rules
June 17, 2019
Initial review
We use it to offer SIEM solution for us and our clients
- Centralized dashboard
- Training
- Response from sales reps
- Support is not quickly responded to.
- Escalation for support takes a lot of steps.
- API's need to be expanded.
June 14, 2019
AlienVault USM Anywhere Review
In our organization, AlienVault USM Anywhere is being used as our SIEM. We have all of our SaaS solutions feeding logs to it. The business problem that it addresses is that it provides a "single pane of glass" for all of our logging purposes. Instead of having multiple admin consoles for log reporting on each system, we can just login to AlienVault USM Anywhere to see all logs from all systems.
- Supports many connectors
- Provides a single pane of glass for all logging
- Easy sensor configuration
- Their support could be more helpful
- The UI is not very user-friendly
- The name sounds unprofessional
We are a small company and needed to satisfy requirements for log management and vulnerability scanning and AlienVault USM Anywhere was selected. AlienVault USM Anywhere is being used across the entire company and is gathering logs from our local office and from our Azure cloud provider subscriptions.
- Simple and understandable User Interface (UI)
- Capable of performing multiple network security functions
- Good price point for SMB and mid-market tier SIEM
- Log collection sensors can be difficult to install and configure
- Not all functions are intuitive or simple to set up
- AlienVault outsources professional services, with mixed results
- Documentation is not always up-to-date, increasing time to troubleshoot and resolve issues
June 12, 2019
USM Anywhere does what it says.
Alienvault USM is being used to aggregate, inspect, and correlate both Windows/Linux logs and our Data Center network traffic. It is used exclusively by the SOC team for threat hunting and EDR.
- VMWare Sensor deployment is very easy.
- Dashboards are nice and clean.
- Network monitoring and Syslog collector just work.
- USM Anywhere does not support Netflow or any variation. SPAN and RSPAN are currently the only methods to monitor IP flows.
- USM Anywhere tech support is lackluster. I have opened two tickets and struggled to receive knowledgeable technical assistance.
- USM Anywhere does not do scheduled report delivery in any format. Reports are run on demand and must be printed to pdf for distribution.
June 12, 2019
Alien Vault Review
We are an MSSP and use AlienVault to make sure our client's networks are secure and to confirm that all network access is approved and merited. AlienVault provides great visibility into network events and allows the operations team to confirm and take action on activities that may be considered rouge.
- Dashboarding.
- Alert monitoring.
- Ease of installation.
- Agent Installs.
- System updating.
June 11, 2019
USM Anywhere, the easy SIEM.
USM is the SIEM used to collect data across the entire environment, that data is used to report to the QSA for PCI compliance. It has greatly helped find problems as well as streamline our PCI compliance reporting. What was once very manual and time consuming is not simply pulling reports.
- Find security issues such as malware.
- PCI compliance reporting.
- Deep dive into various issues in the environment.
- UI could be streamlined some.
June 10, 2019
AlienVault and an honest comparison to Darktrace
We are using AlienVault USM as the cornerstone of our layered security model. We use it for Incident Management, Event Logging and Anomaly Detection.
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
We have a Global Security Operations Centre and are deploying AlienVault globally. We want to standardize our security incident responses globally to ensure that we can implement a true 'follow the sun' model. AlienVault has a global presence and we want to leverage that capability to support our security teams.
- Excellent feedback and reviews from external organisations and in-house experience
- Good value for money
- A reliable, all-round tool to avoid duplication / overlap with other products
- Allowed us to build a security tool-set without wasting money on duplicated (and unused) functions
- Global presence
- Other products, like Darktrace, provide exceptional automatic isolation and intrusion protection. I want AlienVault to provide equivalent protection / isolation to protect environments out of working hours (public holidays etc)
- External threat monitoring is a great way to identify threats mobilizing before they attack (horizon monitoring). Intsights (https://intsights.com/) provides this for a fee, but I would like to see a capability for monitoring key assets, such as domain names, C-Suite personnel etc.
- Some simple mechanisms to reduce white noise. We are gradually improving our filtering, but machine learning (aka Darktrace) would be helpful to allow the system to 'learn' behaviours and then allow to be filtered by an administrator. Full AI learning is difficult (hence the costs for Darktrace) but a configuration dashboard to reduce 'noise' should be easy to deliver, rather than having to edit and apply filters individually.
- Dashboards for ISO27001 and PCI. ISO27001 KPIs such as Threats Detected, Threats automatically prevented, Threats requiring human intervention etc are simple and should be easy to provide.
- Anything you can do to link with Vulnerability Management, such as Nessus, Cyberark DNA etc would be helpful. Currently these are managed separately, but would be great if these could be integrated for running routine scans from a single dashboard, or reporting on a dashboard.
June 08, 2019
AlienVault, the right product at the right price.
We are currently deploying AlienVault to all our offices across midtown. We have it in 4 out of 8 offices so far. We use it to monitor the security health of our company.
- Easy to implement into a company.
- Deep insights into company assets and the vulnerabilities these assets have.
- The online Dashboard is easy to navigate and able to be accessed anywhere online.
- Provides the ability to coordinate with team members more easily in terms of handling fixes.
- The online dashboard seems sluggish at times, and could be faster.
- More tutorials about setting up personalized alarms and actions.
June 07, 2019
All In One SIEM Solution
We use AlienVault across the whole organization. AlienVault USM creates an all in one security solution where we are able to correlate events from different source types, such as server events, but also the complete cloud trail from our public cloud provider Amazon Web Services. All the security logic, which is part of the offer, has really relieved our operations team.
- Many event sources, including public cloud!
- Setup is easy.
- Filtering options for browsing events is convenient.
- Reporting cannot be automated currently. Every month we need to open the web console and generate them ourselves.
- MFA authentification cannot be forced.
- The license fee for each sensor is costly when you have a multi-account cloud setup at AWS.
June 07, 2019
AlienVault USM Review
AlienVault USM recently rolled out in our environment, and it is currently used only in the IT department. Further staging is in progress and will be deployed across the rest of the business. AlienVault is our standard security operation tool solely used for security monitoring purposes for the detection of threats, intrusion detection, vulnerabilities etc.
- Vulnerability reporting - This gives administrators a holistic view of persisting threat before going for a vulnerability scan.
- Visibility to multiple devices and environments - Firewalls, Windows Servers, AWS, Azure, etc.
- No mobile application - most of the competitors have a mobile application, which gives administrator flexibility over the weekend.
- Need more features in terms of alerting.
- There is a lag in Alienvault updating the log results to the dashboard and sometimes the filters won't work as expected.
- Many false positives.
June 06, 2019
AlienVault Review
Used by a single department. It helps us address compliance and awareness of vulnerabilities.
- Comprehensive tooling.
- Easy to construct alerts.
- Strong reporting.
- Ability to get emailed reports.
- Ability to integrate internal networking logs.
- Improved support.
June 06, 2019
AlienVault--The SEIM for people that wear many hats.
We use AlienVault to monitor our infrastructure nationally. It is primarily used to correlate log data from multiple systems to provide insight on security events. At present we have our firewall, server, workstation, and network traffic being analyzed by AlienVault.
- Has an effective dashboard. The classification of alarms by intent is a favorite.
- Being able to drill into specific details and get actionable information is crucial. AlienVault makes this easy.
- Having an integrated vulnerability reference is very nice to have. It may not be as full-featured as point solutions, but for quick references it is nice.
- The deployment instructions could be written better.
- Vulnerability scanning and setup could be updated.
June 05, 2019
Easy, Efficient, Smart, and Incredibly Time-Saving
AlienVault USM Anywhere has enabled our firm to centrally manage our cybersecurity posture. We appreciate the in-depth insight into our information systems and love the interactive customizable GUI. The platform rulesets are easy to configure and we enjoy the variety of free training offered by AlienVault. Other SIEM's we tried seemed too overtly complex or dysfunctional, and the simplicity of AlienVault USM Anywhere is much welcomed in a world where products and tools all fight for the "simplified user experience" badge.
- Monitoring and Alerting.
- Visual display of all information security-related events and actions.
- Detailed alarms for suspicious events.
- Incorporation of the MITRE ATT&CK framework.
- Automatic updates for AV agents. Currently, we have to manually redeploy an agent in order to apply the latest update... this takes precious time.
- More detailed insight into identified vulnerabilities from the internal scanning tool.
- Incorporation of SOC 2 - Type II compliance template - similar to the templates for PCI DSS and ISO27001.
Score 5 out of 10
Vetted Review
Verified User
Globally as a SIEM/FIM solution.
- FIM with limits.
- Vulnerability scans (with agents installed as opposed to "NXlog").
- Dashboards.
- Need to be able to comment on issues flagged by AlienVault so that other users may know what has been done for triage.
- Single pane of glass, need to have a shared dashboard that is customizable.
We use AlienVault to monitor our on-prem and cloud environments for vulnerabilities and questionable activity. AlienVault is generally only used by IT staff at our company. It's great for monitoring and reporting and has a lot to offer in the way of making sure your company is ready for that IT audit.
- It is exceptional at finding vulnerabilities in workstations and servers.
- The reporting is simple, yet powerful.
- Detailed alerts to IT staff has been extremely helpful in identifying threats.
- Would like to use AlienVault to effectively find vulnerabilities in users' workstations, however, each machine is identified by IP instead of the computer name. Not DHCP friendly.
- Not really a con, but it seems to collect ALL of the events that occur in your environment(s). There are ways to filter those events out, but without setting up rules, it can very easily become overwhelming.
- Quite pricey.
We are using it as a SIEM to aggregate and monitor events generated by our AWS infrastructure. It is being used across the entire organization.
- Easy to get started
- Very proactive account executive
- Plugins are not configurable by the user. If they don't have what you use, you're in a long queue for custom development.
- Support is very transactional and often needs several touches to resolve issues
- Some quality issues were encountered
AlienVault is deployed across the corporate infrastructure to centrally manage security logs on all servers via the agent. Sensors are deployed in the corporate network to monitor and scan workstations and servers for vulnerabilities and perform discovery scans for new systems on the network. The firewalls also supply syslogs to the sensors. Office 365 is monitored via an Azure sensor, along with Azure infrastructure.
Production systems are monitored using agents and a sensor.
Production systems are monitored using agents and a sensor.
- Effective correlation of various log sources to provide useful alerts.
- An agent provides detailed logs of events on every system, be it Windows, Linux, or MacOS, to the point you do not have to log in to each machine to review security logs.
- Provides auto detection of log sources and effective mapping of the log data to key fields.
- Pre-built alerts allow AlienVault to be effective right away. There's no need to spend days creating alerts for it to be usable.
- Has powerful search capabilities once the logs are in AlienVault.
- Has the ability to run queries on agent systems based on an alert trigger (eg. list of logged on users).
- The biggest challenge is the deployment of the Agent. It requires logging onto each system and running the install script manually. You need a GPO or a scriptable way to push the agent.
- We would like the ability to limit access to specific sensors for users that have been given access to AlienVault. Currently, if an analyst has access to AlienVault, they can see all data sources and logs.
- We saw a lot of false positive results in the beginning, requiring a bit of tuning to suppress some rules.
- There's no ability to suppress Vulnerabilities identified in the vulnerability scanning component.