What is our primary use case?
I'm a re-seller of AlienVault SIEM in Sri Lanka. We have deployed AlienVault SIEM in one of the bank in Sri Lanka three months back. Currently we are working on the fine tuning. It took me two weeks to complete the basic deployment and integration of devices up-to 50 with the clients technical team.
How has it helped my organization?
Since we are re-seller, AlienVault helped us because of their cheaper price compared to other SIEM solutions and the addition of FIM in the solution. Implementation took few days and it's easy to complete the task within the given project time line.
What is most valuable?
Raw logs: Clients require to store their raw logs in a data-store rather than keep it in the actual device.
Alarm section: It's very easy to see the Alarms for any incidents rather than going through all the logs.
Security events: Categorization of Security events helps our SOC analyst for further analysis.
What needs improvement?
User friendly interface could be an advantage. Sometimes we may face trouble when we were going through the settings of AlienVault SIEM.
For how long have I used the solution?
Less than one year.
Which version of this solution are you currently using?