USM AlienVault Review
May 16, 2019
USM AlienVault Review
Score 10 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
USM is being used by our new Information Security department to identify and investigate potential security issues across our corporate network and all of our branches. The major problems it is helping us address is identifying potential system compromises, account manipulations, malicious traffic, and other forms of attack against our corporate computers, accounts, and other network devices.
- USM is very good at detecting suspicious activity/traffic and generating alarms for these events. Even though many times they end up being false positives, it is still better to know and investigate rather than not be made aware of the potentially malicious activity at all.
- Eliminating false positives is very easy with suppression and filtering rules.
- The breakdown of logs from events in easy to read format really helps with quickly investigating an issue and figuring out the source.
- When creating an alarm or notification rule I think the "Event name" should be one of the default fields instead of having to add the condition every time.