AlienVault working reliably to protect your office network.
October 29, 2019
AlienVault working reliably to protect your office network.
Score 6 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault is used to monitor traffic in our offices and the VPN for suspicious activity. Additionally, deployed agents monitor event-logs and several streams from our Syslog to ensure we can see any bad-auths. AlienVault helps to identify bad traffic, suspicious user behavior and outdated software on those hosts with the agent deployed.
- Through the open threat exchange, I get the latest indicators of bad actors and can, on the other hand, add my own indicators if I feel something is missing.
- Filter-/Alarm-rules are easy to set up, so I can distinguish the important bits from noise in the logs
- Deploying the agents is very easy through the provided PowerShell scripts.
- Setting up a working stream of the windows-event-log (not using local agents) seems impossible, and AlienVault's support wasn't very helpful in this matter. We finally decided to drop this (it ran for a while, then stopped for no apparent reason, seemingly a problem with certificates) and use local agents instead.
- Sometimes agents don't update themselves, and it's hard to diagnose what causes this.
- Also, the updater of the sensor-appliances doesn't seem to run very reliably. From time to time I have to re-install the sensor-appliance, as it doesn't want to update itself.
Mostly a price matter. In terms of the free version of AlienVault, it's just too much work to set it up properly.