We compared Graylog and USM Anywhere based on our users' reviews in five categories. We reviewed all of the data and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Graylog could benefit from additional customization options and an improved rule-creation process. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. USM Anywhere has garnered favorable feedback regarding its ROI.
"The solution's most valuable feature is its new interface."
"The product is scalable. The solution is stable."
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"It has powerful threat detection, incident response, and compliance management."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"This solution can completely detect and prevent incidents on your network."
"AlientVault has helped us in improving our visualization and incident response during cybersecurity situations."
"AlienVault provides a checklist answer when using SIEM."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Graylog can improve the index rotation as it's quite a complex solution."
"I would like to see some kind of visualization included in Graylog."
"More customization is always useful."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"I feel that some areas of improvement would be vulnerability scanning. We use a separate product that seems to do a much better job."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The reporting tools are a bit lacking for building reports to give directly to customers, but support has been helpful in giving our requests for new features to the development team and following up with us."
Graylog is ranked 11th in Log Management with 18 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Graylog is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Fortinet FortiAnalyzer and Splunk Enterprise Security, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Microsoft Sentinel. See our Graylog vs. USM Anywhere report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.