Alien Vault UTM is a good middle of the road SIEM for the price
Updated October 05, 2017

Alien Vault UTM is a good middle of the road SIEM for the price

Anonymous | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User

Overall Satisfaction with AlienVault USM

We use the network IDS, Host IDS, and point our firewall logs to Alienvault. We have found the network IDS to be useful and easy to set up. The host IDS seems a bit less reliable. We have attempted to use the Nagios feature, but it does not work as well as regular Nagios. We like the OTX integration so that we can see when traffic is headed for known bad actors.
  • UI is easy to read.
  • OTX integration is good.
  • Setting up directives is fairly straightforward.
  • Upgrades/Updates have gotten better, but we still have to call support for them to fix one that has gone sideways occasionally.
  • Host IDS seems to regularly lose hosts.
  • Nagios features just do not work well for monitoring.
We have not used any competitive products. The ones we looked at when we made the initial purchase were too expensive.
It is pretty good for a small deployment, but it requires a fair amount of attention. This is true for any SIEM, so I give it middle of the road marks for that. It's much more affordable than many SIEM solutions, so that fit for us.

Using AlienVault USM

The base product is easy to understand, but configuring feeds to the SIEM can be a challenge.

Also, we still have not successfully set up Nagios monitoring inside the USM, even though we have had a working standalone Nagios for years.