Into the mind of a programmer
May 15, 2017
Into the mind of a programmer
Score 8 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
We use it to track all calls to our WebAPI application. We use this to stay compliant with HiTrust. We designed a plugin to use with AlienVault to track all of these calls with custom attributes. It works great. It also had the added benefit of monitoring our network which yielded surprising results (such as an outside penetration attempt which allowed us to take action). As much as I love this tool, it does have its caveats: It is not easy to maintain and has a steep learning curve. Once you pick it up, it would be easy to maintain thereafter and rarely has any hiccups.
- Monitors the network for various attack vectors. We were notified of an attack vector via Remote Desktop where we were able to take action and close up those ports.
- It was able to handle the thousands of messages (syslog) it was receiving from both our API web servers.
- The search needs to be better polished as it makes it difficult to search by multiple parameters (i.e. we have custom user fields and we wanted to search by two fields, and it does not allow us to do so).
- The steep learning curve is a big stumbling block. The UI needs to be more polished and easier to use. Perhaps having a basic and advanced screens.
- There should be an easier way to bump up the mysql connection pool without having to jailbreak to the command prompt and modify the configurations. We initially were constantly getting a "Too many connections" error, but once I bumped up the connection pool limit, the problem went away. It would've been nice if we could do this from the UI.
We chose this mainly for price reasons. The only other "big fish" competitor would be splunk and the price was night and day different.