Overall Satisfaction with AlienVault USM
AlienVault was used as a SEIM for logs and also threat analysis. The vulnerability scanner was also a very nice feature. I used it to scan my server and core network environment. It provided a nice report similar to when I had a professional pen test done, so it was a nice list of known vulnerabilities. The core features (the threats) provide a lot of value over just a regular log SEIM.
- Crowdsource along with source-based threat feeds
- Very nicely laid out web-based GUI
- Very easy asset discovery
- Maybe some better NetFlow integration to get data at the network and application level.
Splunk - you have to build out all of your add-on features and build custom dashboards. Also, the built-in vulnerability assessment is a great feature.