AlienVault USM Review
January 27, 2020
AlienVault USM Review
Score 9 out of 10
Vetted Review
Verified User
Software Version
USM Anywhere (SaaS)
Overall Satisfaction with AlienVault USM
AlienVault is used as a SIEM with ATT managed security services assisting with monitoring and creating alerts for potential incidents.
Pros
- Easy to use rules, events will pre-populate fields for alarm rules allowing for quick creation
- Friendly interface with logical layout of settings and options
Cons
- Some room to improve the scaling of sensors. Sensors struggle to handle millions or events which results in dropped events in large environments
- USM is upgraded automatically and there is no way to control when your instance is upgraded. This can result in bugs in features without any way to test and control
AlienVault is cloud based and offers more functionality than OSSIM such as cloud service monitoring like Office 365 and AWS, deployment of sensors for efficient deployment, and event integrations with the MITRE ATT&CK framework. USM also has a much improved GUI and allows for dashboard customization. Both use open source tools like Suricata, OpenVAS, etc.
Comments
Please log in to join the conversation