Not very customizable but provides a lot of value for less.
Overall Satisfaction with AlienVault USM
We use it to monitor security logs across our various SaaS apps. It is the central hub for our security incident program. It is primarily being used by our Information Security Department. This tool addresses our need to be able to make actionable decisions, across various SaaS platforms, from a single pane of glass.
Pros
- Correlate logs from different sources into actionable intelligence.
- Provide an easy to use interface to interact with Alarms and Events.
- Integrate with our alerting tools to make sure when an incident is happening, the right people know about it quickly.
Cons
- Being able to make custom plugins for internal tools.
- Being able to have a webhook plugin to send logs directly to the cloud appliance.
- Make the management of suppression rules better. Maybe include a suppression rule visualizer to make sure your suppression rule is doing exactly what you would like it to do.
The tool works well compared with the two others. As I said previously, AlienVault USM gives you a lot of visibility right out of the box and with very little configuration.
However, I like the ability to customize pieces, such as log parsers and dashboards, as I see fit without having to have a feature implemented to do that for me.
However, I like the ability to customize pieces, such as log parsers and dashboards, as I see fit without having to have a feature implemented to do that for me.
Comments
Please log in to join the conversation