No, but that’s not really their fault, rather ours. I think this has a lot of valuable functions that really could be leveraged quite nicely.
They have the advantage of having a large community that uses the free version, and they really could use this as a sort of beta testing population for new releases. Yet, a lot of the releases break things that are used. I think they need to do more QA before releases. For example, I have custom rules written for the Suricata function. Some releases ago, there was a code change and now every single update requires that I reinstall the custom rules, and I am still waiting for the fix. They need to either stop allowing customization (which would be a mistake) or they need to embrace that a majority of their customer base does this and put in safe guards. I understand putting in limits to what’s supported, but simple things like this are part of the appeal of the product. Another example is that a few releases back, they broke the Nagios availability monitoring portion. All the functionality to watch your systems is there, and of course, I used it. When it broke, support told me it was really only meant to watch the AlienVault system itself, yet the entire interface is there, the options to enable the monitoring on hosts is there. I believe, first of all, that what I was told was wrong as availability monitoring is one of the core functions AlienVault touts, and secondly, that they need to be more careful with testing before releasing updates. It took like twp more updates before the functionality was restored.
I've used it for three years.
Some, but they are hard to pin down. This is a system that has a lot of things that can stop working, and unless you are paying close attention, to the background processes, you would never realize it.
Some people are excellent, and others not so much. They also seem to sometimes have conflicting information. I often rely more on the community for answers than I do on support, depending on the issue.
We didn't have anything in place previously.
We had a consultant that was provided by AlienVault, which was great. Otherwise, it would have been a little confusing and though they have made improvements in the documentation, it was horrible initially.
Fair for all of the capabilities it has.
We looked at some but I can't remember which ones.
It has a lot of capabilities, but make sure there’s someone that can devote daily time to it and that there is buy in from all segments, or a majority of the capabilities become pointless.