AlienVault USM - The SEIM has landed.
February 13, 2017
AlienVault USM - The SEIM has landed.
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with AlienVault USM
Alienvault USM is being used as our main log collection and correlation engine. As we are a relatively small company, IT resources from all parts of the company feed into the USM. The main business problem it solved is insight into network and user activity along with the benefit of having applied threat intelligence through the OTX.
- The price point is amazing.
- Directives are highly customizable.
- The open threat exchange is quite valuable as an open threat and IOC exchange.
- The UI has a bit of a learning curve.
- I would recommend a strong Linux background if you are going to do any custom plugins or directives.
- Some events are fairly generic in terms of naming convention, which can require more hands on investigation.
AlienVault may be slightly less refined when compared to other enterprise offerings. But in our testing, we found either the cost, licensing model, learning curve, or any combination of the three, made AlienVault's competitors not appropriate for our environment. Over the past year, AlienVault has made great improvements to its usability and threat detection components.