Overall Satisfaction with AlienVault USM
We are utilizing USM Anywhere as SIEM system for a logs aggregation and further analysis by creating correlation rules, manual monitoring of events and alerts sent through notifications to e-mail and Slack channel.
- Deployment and Integration pretty easy and straightforward whether in AWS (Cloud) or the on-prem environment.
- Log aggregation, collection rules/Jobs easy to create.
- Notification s component working very well
- AWS Integration: in particular, monitoring of AWS resources is far away from ideal
- Vulnerabilities scanner requires root and administrative privilege in localhost, which is not acceptable.
- The sensors themselves generate millions of requests, which creates a lot of unnecessary noise to the systems and eventually "eating" traffic and expensive storage space
- LogRhythm, Splunk Cloud and Arcsight Enterprise Security Manager (formerly HP Arcsight)
Easy to deploy, competitive pricing model.