We performed a comparison between AT&T AlienVault USM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The main difference between the two products is that Wazuh users say the product is missing threat intelligence. In addition, Wazuh users do not mention an ROI. For these reasons, AT&T AlienVault USM is the winner in this comparison.
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The initial setup is very simple and straightforward."
"Reports are customized, so you can present them to executives or engineers."
"We are able to get alerts perfectly with FIM and VA features."
"AlienVault provides a checklist answer when using SIEM."
"The most valuable feature in AT&T AlienVault USM is the reporting."
"The ease of implementation is the most valuable feature."
"The solution has all the features that we need, however they do not work correctly."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"The most valuable features are the modules and metrics."
"The configuration assessment and Pile integrity monitoring features are decent."
"If they support a solution, it is easy to do an integration."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"The product’s interface is intuitive."
"It is a stable solution."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The product can be improved by reducing the cost to use AI machine learning."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The AI capabilities must be improved."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The only complex area of the setup was writing the custom scripts."
"Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."
"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."
"Pay attention to false-positive event automatic correlations."
"The tool doesn't detect anomalies or new environments."
"Its configuration process is time-consuming."
"Integration with Vyara could be better."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"Some features, like alerting, are complex with Wazuh."
"A lack of certain features creates limitations."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
USM Anywhere is ranked 15th in Log Management with 113 reviews while Wazuh is ranked 3rd in Log Management with 38 reviews. USM Anywhere is rated 8.4, while Wazuh is rated 7.4. The top reviewer of USM Anywhere writes "Easy to use and affordable". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". USM Anywhere is most compared with AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Datadog. See our USM Anywhere vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.