First time using AlienVault
August 15, 2019
First time using AlienVault
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault is being used to analyze network traffic and Windows Event Logs, but we are slowly integrating it to incorporate other things as well. It is being used across one organization currently, but will be deployed across several organizations eventually. This will help us monitor our customers and help keep them protected.
- Ease of filtering out noise (filtering logs) to be able to see what is going on in your network.
- Customizable views, and the ability switch between them quickly and easily. This way I am able to view network-related events, then switch over to Windows Event Logs.
- The training course for AlienVault USM, specifically ANYDC, was very informative and helped me get up to speed quickly on the product.
- Sometimes the HTML report generation can be slow.
- The ability to click on the graph and pull up the events that correspond to that. For example, a spike in events that happened 3 hours ago. I would just be able to click on the graph instead of using the custom date range located under "Created During."
- Some of the plug-ins don't parse everything correctly.
I have used Splunk before, and they are both good products. I generally like AlienVault more than Splunk, and one of the main reason is cost. For medium-sized managed service providers, cost is a big thing, and justifying that cost to customers is a hard thing to do. I also like that AlienVault offers an application, whereas Splunk does not.