AlienVault discovers Unidentified Data Events in your IT woods.
May 09, 2017
AlienVault discovers Unidentified Data Events in your IT woods.
Score 7 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
- It is being used for the SIEM role in our organization.
- It provides log aggregation, correlation, and reporting.
- It provides compliance for us within the financial realm and gives us metrics on what is happening in our environment.
- For the most part, it is effective, we would like more performance as we often find ourselves hitting the wall without current data load. This might be able to be fixed with a move to a virtual environment.
- AlienVault is particularly flexible at taking logs and being able to custom craft plugins using regular expressions. This prevents you from being limited by the SIEM vendors support.
- They are also good at keeping their installation updated. Updates are often issued on a monthly basis for the program itself, the same happens to the feeds about half as often.
- The support is actually quite good. Having received support from numerous vendors over the years I have found their support staff to be knowledgeable and helpful. An email receives a reasonably quick response without any hoops or interrogation whatsoever.
- Sometimes the modules don't work quite the way you want. Case in point would be the filtering of assets. There really should be more options when it comes to isolating certain operating systems and host name nomenclature.
- Quick log searching can be tedious and painful, although we use a physical and not a virtual instance so IOPs might be an issue. We find reports often time out unless very narrowly focused.
- Some actions come up over and over in security. One is tracking the log activity of a certain user. There should be a template or some sort of predefined mechanism, but unfortunately there isn't. User searching is ugly and tedious at the log level.