AlienVault helps scan for bad behavior not just known threats.
November 20, 2015

AlienVault helps scan for bad behavior not just known threats.

Greg Baugh | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault Unified Security Management

We are using AlienVault for host based intrusion detection, log aggregation and screening, network monitoring, and vulnerability assessments.
  • Host based Intrusion detection works well on Windows servers, and monitors for a number of security related events. Also contains event log monitoring.
  • Ease of deployment to Windows Servers.
  • Ability to add custom plugins when needed.
  • Log file normalization.
  • Integration with Open Threat Exchange, and use of IP reputation information.
  • There is a lot to it. This is a strength and a weakness. This is a powerful set of tools, it can take a little work to understand everything it can do.
  • Navigation can be a bit tricky, i.e. I know it does this, I have seen that option before, but where is it.
We have used some other Intrusion Detection Systems, and made other attempt at log file aggregation and event management, but AlienVault brings these tools and more together under one appliance.
Cost and complexity are always concerns, but If you buy the right package and deploy it correctly it can cover any environment. There are simple deployments, complex deployments, and even manged deployments. It can cover your needs if set up correctly.

I would like to see automated responses, other than alerts. I believe they may be working on this, so that it can actually take action not just warn you of the incident.