Share your experience using Blackberry AtHoc

We use Panther for our SIEM solution. It is used for aggregating logs and analyzing user activities. We can filter down to individual roles inside of AWS through all the accounts and user activities.

I find Panther's detection capabilities and integrations to be highly valuable. It allows integration with anything as long as I am willing to write detections, and their team is very helpful. I find its log analysis capabilities valuable. It enables me to filter down to individual roles in AWS, and if I am skilled at SQL queries, I can query anything. The infrastructure as code feature allows me to use Git repositories to manage detections and import detections from other Git repositories.

The solution could be improved by providing more built-in integrations, which would reduce the need for me to build them myself.

I have had experience with Panther for two years.

The search is pretty good, and it builds SQL queries for me, allowing me to go through logs and click on elements to add filters, automatically building the query.

The support team is very helpful and supportive.

Neutral

Before Panther, we mainly relied on CloudWatch and did not have a dedicated SIEM solution. We are a cloud-only company, and Panther was a good fit for us.

Setting up Panther was straightforward and easy, worthy of an eight out of ten in terms of ease.

Our security team is quite small, consisting of fewer than five people, and we were able to deploy Panther. The same small team can maintain the solution and build integrations.

Panther does what is expected of a SIEM solution. It is used by engineers for troubleshooting issues and defining role-based controls for visibility between teams.

I find the pricing to be reasonable, although I can't recall the exact cost.

We evaluated Panther against Devo and Gurucul. Panther offered better hot storage for logs and was less expensive than Devo.

I would recommend Panther to other companies because of its ease of use. The infrastructure as code feature allows using Git repositories for secure detections. Overall, I would rate the solution eight out of ten.

Public Cloud

Other

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent. 

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side. 

We integrate Anvilogic directly with Splunk rather than using the Amplitude platform separately.  That has been helpful because we don't need to bring logs to a third-party source.

Anvilogic's AI assistant is pretty good. It helps us build out detections within your environment. It has improved our detection logic by a small amount and slightly reduced the time involved in detection writing. Generally, the detection builder is decent.

The drag-and-drop detection engine portal has been helpful because you don't need any programming experience. One area where the generative AI aspect has been helpful is when we are figuring out the specific threats about something that's triggered or similar campaigns. You can write in the latest from this type of detection that I'm looking at and get information back. 

We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.

I've been a full-time customer of Anvilogic for about two years now, and we did a proof of concept eight months or so before we became a customer.

We haven't had any issues with stability.

Anvilogic is as scalable as the environments you've integrated it with, whether it's Snowflake or Splunk.

We have a biweekly standing call with the Anvilogic team to talk through detections and updates, but I can't think of a case where we've had to contact them outside of that call.

The initial deployment was easy because we had it set up for our proof of concept, so it just took a little tuning, and we had it set up within a week. We had one person on our side working with somebody on their side. It's a cloud-based solution, but they push out updates on it. We haven't had any issues where it's broken on our systems, where we've had to lean in on the maintenance side.

We roughly broke even. If we had invested more or tuned our environment a little better, we might have come out on top.

Anvilogic's pricing has been highly competitive. 

We did an extensive proof of concept for Anvilogic, Panther, Devo, Google Chronicle, Splunk, and a few different SIEM/detection engines. We did a breakdown based on our criteria and scoring on various features. Anvilogic outperformed the other tools that we tested.

The price was right for the organization. They also offered a multiyear deal that kept the price down looking forward. We compared it to something like the Chronicle, which required us to export our data specifically to that. It required multiple areas for ingestion, bringing up operational costs on top of the licensing cost. It wasn't providing better detection support than Anvilogic because it was able to integrate with Splunk and our case. It was able to pull off of data that was already being ingested, when we needed to have it ingest in multiple locations.

I rate Anvilogic seven out of 10. To prepare for Anvilogic, I recommend leaning into it. Take advantage of the support team and get some additional training. Use the workshops and commit to using the product. It's a tool that's only as good as the time you put into it. If you bring in the detection engine but don't put any time into creating those detections, then there's not much point.