AlienVault. Your SIEM solution from another world.
October 29, 2019
AlienVault. Your SIEM solution from another world.
Score 10 out of 10
Vetted Review
Verified User
Software Version
USM Appliance (On-Premises)
Overall Satisfaction with AlienVault USM
AlienVault is used to monitor and assess corporate resources to help maintain system integrity and PCI compliance. We use it to monitor critical system files and resources and to help analyze multiple event logs in a single user easy to manage interface. It gives our administrators the ability to set up alerts so that we are notified of potential security vulnerabilities.
- PCI compliance scanning: AlienVault USM gives you the ability to scan assets using different variations of PCI policies.
- Event log management: AlienVault USM allows you to easily collect and search event log data across multiple systems of different variations.
- The event log filter rules are another strong feature of AlienVault USM. It allows for easy filtering of non-essential data.
- I would like to have the ability to restore a deleted sensor. I ran into an issue where a sensor was deleted and we had to rebuild our setup.
- A nice feature to have would be the ability to create read-only users with a custom view built for them.
- When a vulnerability is found, you are directed to an external site for (OTX and others) more information. Suggested fixes and patches should work directly in the USM interface.
We looked at Splunk and compared it to AlienVault USM,but their offerings weren't as friendly both in implementation and pricing. One of the biggest pluses of AlienVault USM is the offering of an on-premise virtual appliance. We are still a shop where we like to be hands-on with our tech, and the ability to choose between a full cloud and hybrid implementation was a big plus.