We compared Graylog and USM Anywhere based on our users' reviews in five categories. We reviewed all of the data and you can find the conclusion below.
Features: Graylog stands out with its exceptional search functions, seamless integration with Elasticsearch, and real-time data access. USM Anywhere is highly regarded for its extensive reporting capabilities, thorough vulnerability assessment, seamless file integration, and user-friendly management features. Graylog could benefit from additional customization options and an improved rule-creation process. USM Anywhere users have suggested improvements in self-service plugin management, database optimization, and third-party threat intelligence integration.
Service and Support: Graylog's customer service is generally well-regarded, with reviewers noting effective solutions and satisfactory experiences. While response times may differ, Graylog's support is considered superior compared to that of other products. Some users say that USM Anywhere's customer service is knowledgeable and responsive, while others have faced delays and incomplete answers.
Ease of Deployment: Some Graylog users said the setup was easy. Other reviewers faced challenges, but these were easily resolved with help from the vendor’s support staff. Graylog is easier to set up in smaller environments, but it could get complicated in large clusters. The initial setup for USM Anywhere is generally considered to be straightforward if the user has technical knowledge. Vendor assistance is also available during the deployment phase.
Pricing: Graylog offers an enterprise edition and an open-source option with a daily capacity restriction. Some users said that data costs can be expensive. USM Anywhere is seen as more cost-effective than premium solutions like IBM QRadar and Splunk, with pricing considered reasonable and relatively low.
ROI: Graylog can offer some cost savings. The precise ROI may vary depending on the organization’s size and use case. USM Anywhere has garnered favorable feedback regarding its ROI.
"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."
"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"Open source and user friendly."
"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"AT&T AlienVault USM is good for ELK Stack, the user experience is great because of its architecture. The ELK has a great performance and it has very good speed in the search and Kibana. Additionally, the visuals and dashboards and very nice and customizable."
"It has powerful threat detection, incident response, and compliance management."
"The asset management of nodes has been a large help in terms of being able to track applications with more detail and have changes made being monitored into one source."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"Using the communication within the security device, it is easier to create plugins."
"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient."
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"There should be some user groups and an auto sign-in feature."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Dashboards, stream alerts and parsing could be improved."
"The reporting module could be a little easier to handle, as it requires quite some trial and error until you get the reports you want. Also, it would be great to have a graphical interface for the Network Intrusion Detection System's rule management."
"Different functions to customize reports should be added."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"The UI and overall processes need a little bit more love. This shows in the error banners that come up when you select certain things. There isn't a day that goes by that the UI doesn't error out and I can't view events for an alarm."
"I've been using it just for my own personal upskilling in terms of how the product works. At the moment, it is pretty straightforward and simple, and it is working how it is supposed to. The feedback would come once it is deployed to customer sites. They'll be using it on a more frequent basis, and that's when the feedback would come in terms of the areas in which they're facing issues or are looking for simplicity."
"I'd like to see a dashboard that's a little more descriptive."
"It should be able to communicate with other security solutions to stop threats."
"The solution is a bit complicated. It could be simplified quite a bit."
Graylog is ranked 11th in Log Management with 18 reviews while USM Anywhere is ranked 15th in Log Management with 113 reviews. Graylog is rated 8.0, while USM Anywhere is rated 8.4. The top reviewer of Graylog writes "Great detailed search features and easy Java integration, but needs improvement in integration with Python". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". Graylog is most compared with Grafana Loki, Wazuh, syslog-ng, Splunk Enterprise Security and Fortinet FortiAnalyzer, whereas USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security and Microsoft Sentinel. See our Graylog vs. USM Anywhere report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
