Review for AlienVault USM Anywhere AWS and GCP Approaches
October 25, 2019
Review for AlienVault USM Anywhere AWS and GCP Approaches
Score 7 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
We have procured AlienVault USM Anywhere for Monitoring and Triggering alarms/notification on the suspicious traffic and attacks. It is being used within the infosec/infra department to take necessary actions on the security events. It majorly helps us to find the real-time attack and traffic events to our organisational assets and also it helps us on finding the vulnerabilities on a specific asset.
- AlienVault USM has the potential to identify the attack patterns by the traffic events through their sensors which is already built-in with their own correlation rules.
- USM Anywhere sensor reduces the load for SOC analyst on writing the new set of rules.
- And also provides an option for slack integration which myself felt very nice for an immediate action.
- When we talk about the forensics investigation the user interface and experience is not that great as expected, when we sent an alarm/event for investigation it doesn't provide any investigation results.
- The USM sensor doesn't have the capability of handling more jobs, It does restarts the sensor if certain limit of jobs are configured
- The log reports are not getting downloaded when we try to attempt via safari browser
No Idea, it is already bought by our company