We performed a comparison between NNT Log Tracker Enterprise and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable feature is the predefined reports for PCI compliance."
"File integrity monitoring is a very important function."
"This is a very easy-to-use interface with a quick ramp-up time."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"The feature that I liked the most is that they have a vulnerability assessment package that comes along with the SIEM solution. So, whenever I find any threat or alert for any of the devices or servers, I could immediately initiate a vulnerability assessment scan on that machine. That is one of a kind. The price at which AlienVault operates is also valuable."
"The most valuable feature of this solution is security management for PCI DSS."
"The vulnerability scanning is helpful to identify the areas that need patching or fixes installed."
"Its powerful correlation engine helps reduce time in manually correlating events."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"We had used previous products and found AlienVault centralized the logging for our security."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"We are invoiced according to the amount of data generated within each log."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"The correlation suite needs to be improved."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"Plugins could be better utilized, as some of them do not recognize all logs."
"It would be hard for any legitimate MSSP to use it."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"We've had some stability problems, not a lot, but a few. Updates seem to be the worst. That seems to be when the stability problems come up."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"Pay attention to false-positive event automatic correlations."
"The AT&T AlienVault USM is okay, but the relational database is not very good for large amounts of data. For example, many logs cannot be processed. It has been very slow for the queries and some data which are large, it is not very good in this case."
NNT Log Tracker Enterprise is ranked 47th in Log Management with 4 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. NNT Log Tracker Enterprise is rated 8.2, while USM Anywhere is rated 8.4. The top reviewer of NNT Log Tracker Enterprise writes "Great for PCI compliance but issues with stability and large amounts of data". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". NNT Log Tracker Enterprise is most compared with , whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Rapid7 InsightIDR. See our NNT Log Tracker Enterprise vs. USM Anywhere report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
