Not very customizable but provides a lot of value for less.
Cory Watson profile photo
October 14, 2019

Not very customizable but provides a lot of value for less.

Score 8 out of 10
Vetted Review
Verified User
Review Source

Software Version

USM Anywhere (SaaS)

Overall Satisfaction with AlienVault USM

We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
  • Correlate logs from different sources into actionable intelligence.
  • Provide an easy to use interface to interact with Alarms and Events.
  • Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
  • Being able to make custom plugins for internal tools.
  • Being able to have a webhook plugin to send logs directly to the cloud appliance.
  • Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
The tool works well compared with the two others. As I said previously, AlienVault USM gives you a lot of visibility right out of the box and with very little configuration.

However, I like the ability to customize pieces, such as log parsers and dashboards, as I see fit without having to have a feature implemented to do that for me.
It is really good at this. The NIDS detects threats sometimes faster than our anti-virus solution does. Once again, for how little configuration and tuning you have to do, you are very quickly able to see actionable results compared to some of the bigger tools out there. In a previous life, this would be a much harder thing to accomplish with our small team of 4.
I think that is my main pro. With very little configuration you are able to get off to the races. Configure your tools on-prem and cloud as well as asset scanning and the NIDS and then just wait. Soon you'll be tuning the rules you don't care about in the environment and you're good to go.
It is well suited for a small security team that does not have all the time in the world to set it up, tune it, and babysit it.

It is not appropriate if you are looking to easily be able to customize the tool. A lot of the options you have with tools like Splunk are just not here.