AlienVault USM gives more visibility than I have ever had in one pane of glass.
June 01, 2019

AlienVault USM gives more visibility than I have ever had in one pane of glass.

Stephen Squires | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

AlienVault is deployed across the corporate infrastructure to centrally manage security logs on all servers via the agent. Sensors are deployed in the corporate network to monitor and scan workstations and servers for vulnerabilities and perform discovery scans for new systems on the network. The firewalls also supply syslogs to the sensors. Office 365 is monitored via an Azure sensor, along with Azure infrastructure.
Production systems are monitored using agents and a sensor.
  • Effective correlation of various log sources to provide useful alerts.
  • An agent provides detailed logs of events on every system, be it Windows, Linux, or MacOS, to the point you do not have to log in to each machine to review security logs.
  • Provides auto detection of log sources and effective mapping of the log data to key fields.
  • Pre-built alerts allow AlienVault to be effective right away. There's no need to spend days creating alerts for it to be usable.
  • Has powerful search capabilities once the logs are in AlienVault.
  • Has the ability to run queries on agent systems based on an alert trigger (eg. list of logged on users).
  • The biggest challenge is the deployment of the Agent. It requires logging onto each system and running the install script manually. You need a GPO or a scriptable way to push the agent.
  • We would like the ability to limit access to specific sensors for users that have been given access to AlienVault. Currently, if an analyst has access to AlienVault, they can see all data sources and logs.
  • We saw a lot of false positive results in the beginning, requiring a bit of tuning to suppress some rules.
  • There's no ability to suppress Vulnerabilities identified in the vulnerability scanning component.
We chose AlienVault based on cost and features, and that the scope was only security logging, this was the best option. Logrhythm was a bit pricier. Splunk had some decent features, but for the amount of log data we process, it was a lot more expensive.
AlienVault is constantly improving and adding features, for example, some forensic & investigation options.
The Office365 log management & searching is terrible using native Microsoft tools, plus you are limited to 90 days of logs retention in O365. AlienVault has great integration with Palo Alto FWs. The biggest point to note is that AlienVault is only designed for security logging. It is not designed to capture & search application logs, for example. It is not Splunk.