AlienVault USM - best bang for the buck with all-in-one pane of glass
November 09, 2017

AlienVault USM - best bang for the buck with all-in-one pane of glass

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault OSSIM

We are using AlienVault USM across our entire organization. We started with the AllInOne150 and moved to the unlimited asset license. It allows us to see all the logs in one place and correlate across systems. It also has vulnerability reporting and behavioral analysis built-in. It helps show regulatory compliance with reporting features.


  • Asset management: AlienVault can be set to run scans on a specific IP address range or network and will load the assets into the database without manually entering them in.
  • SIEM/Log Management: AlienVault does a good job of bringing in logs from multiple systems. There were some where we had to create a custom plugin, but they have most of the major vendors covered.
  • Reporting: AlienVault has built in reports for SOX, PCI, GLBA, etc. which show good data.


  • The installation was challenging to get up and running if you have no experience with SIEM and/or Linux. We are still working on fine tuning after having the system for two years.
  • Once you hit the 150 asset mark, you have to jump to their unlimited license. There is no middle ground. We were only 10 or so assets above the 150 so we had to chose to either not monitor those assets or pay the price of the upgrade.
  • AlienVault brings all the information to one place which makes it much quicker to track down problems.
FortiSIEM was much more expensive and really did not have all the features of AlienVault without paying extra. I liked the fact that FortiSIEM would integrate directly with the rest of the Fortinet products, but the high cost was not worth it. We get all the data we need from AlienVault - it just doesn't have the same look and feel as the Fortinet reports.
We are using it in a smaller environment and only need one AlienVault virtual appliance. They also have options for setting up sensors for remote locations. We decided not to move that route and are just forwarding via syslog data. That portion was not difficult to implement. AlienVault does a great job at pulling in information from multiple sources and correlating it to show relevant data. As with any SIEM, you have to teach it to filter out the noise. That is a work in progress.

AlienVault USM Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Custom dashboards and workspaces
Host and network-based intrusion detection


More Reviews of AlienVault USM