We compared Graylog and USM Anywhere based on our users' reviews in five categories. We reviewed all of the data and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Graylog could benefit from additional customization options and an improved rule-creation process. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. USM Anywhere has garnered favorable feedback regarding its ROI.
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"Real-time UDP/GELF logging and full text-based searching."
"Message forwarding through the in-built module."
"The solution's most valuable feature is its new interface."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"UDP is a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"Allowed us to help our customers satisfy compliance needs around logging and monitoring."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"It has powerful threat detection, incident response, and compliance management."
"Easy to use, scalable, stable, and very intuitive platform that provides protection against security threats."
"Reports are customized, so you can present them to executives or engineers."
"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"More customization is always useful."
"Graylog can improve the index rotation as it's quite a complex solution."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"With technical support, you are on your own without an enterprise license."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"they seem to have bugs from time to time that go unfixed for a while and that is frustrating. I'm not saying the product needs to be bug-free, but they need to be responsive to bugs."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"The reporting and dashboards have room for improvement."
"The lack of mature functionality and expertise in any of those areas is a strong negative."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
Graylog is ranked 11th in Log Management with 18 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Graylog is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Fortinet FortiAnalyzer, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Microsoft Sentinel. See our Graylog vs. USM Anywhere report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
