AlienVault hits our data log aggregation, recovery and threat detection sweet spot.
May 13, 2019
AlienVault hits our data log aggregation, recovery and threat detection sweet spot.
Score 8 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault is being used to aggregate error log information across the organization from servers, networking equipment and client machines. It then allows searching of that information, categorizing it and applying rules to notify engineering and department management should anomalies occur. These notifications can take a variety of forms and are then acted upon by the appropriate technical staff, thus meeting technical and processing needs.
- Data aggregation is reliable and relatively easy to set up.
- The product is flexible in the way it can be configured to record and aggregate activity.
- Alerts are easily configurable.
- It is easy to demonstrate the product to satisfy auditors.
- There are a plethora of possible rules configurations. These could be better categorized.
- More readily available examples for particular configurations, like comprehensive Exchange monitoring for example.
- Online at your own speed training would be an excellent addition.
We selected AlienVault over Splunk because Splunk would have required pretty much a full-time FTE to effectively manage it for our organization. AlienVault does require the same level of oversight, but provides 90% of the functionality. We also looked at some open source options, but these were cobbled together, were very version dependent on their individual components, and would have required even more babysitting.