Anvilogic Reviews

The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.

We enjoy a good partnership with the Anvilogic product and engineering teams. We could put many features that were not available in their pipeline, and they are quick to deliver key features for us. Deploying Anvilogic required training our team to adopt it, but during the evaluation, we planned our success criteria, which included training. The Anvilogic team has been with us since the beginning of the evaluation until now, maintaining the same cadence of meetings to review progress and areas for improvement, which is very helpful as a customer because we know they are not just after the next sale.

We were one of the first customers of Anvilogic, so many of its features were still under development when we began our journey with them. During the first 90 days, our primary focus was on migrating our detection content from the previous platform to Anvilogic. We concentrated on ensuring that this migration was done correctly. As we got more familiar with the platform, we discovered that Anvilogic has a highly robust detection library, with over 3,000 detections available. Their research team plays a crucial role in building these detections. Initially, we only deployed our custom detections that we had migrated, but over time, we began utilizing the detections from the library as well.

With each new feature that was released, we found our experience improved significantly. For instance, we appreciated the option to automatically deploy recommended detections. The insights capability was particularly impactful for us, as it automatically identified recommendations for tuning our use cases and fixing issues that needed attention. It also helped us discover areas we weren't actively monitoring. These differentiating features made a significant difference in our operations. Although it took us nearly a year to fully adopt Anvilogic, we are now at a point where all key stakeholders on the security operations team love the product and the user experience. Most importantly, we value the level of support we receive from Anvilogic.

From a maturity perspective, it has been very easy to measure our detection maturity over time. By using this detection engineering platform, we can manage the entire detection engineering lifecycle. Therefore, it’s simple to show executives our progress: where we started, where we currently are, and what remains to be done. We can also demonstrate how our maturity is evolving as new threats are identified and how we respond to them. All of this information is easy to justify thanks to the maturity dashboards available within the platform.

The features of Anvilogic that I prefer the most include having a holistic approach, from identifying the concept of analyzing maturity, doing it similarly to how we were doing it, looking at data maturity, data timeliness, data availability, and then into our detection maturity, and not only looking at prioritized detections needed for our specific area or domain, which was very important for us. From that point, deploying any recommended content is very simple. 

Another important feature is the concept of a multistage threat scenario. After we started subscribing to Anvilogic, in future releases, they built out new features around automated threat detections and insights, such as health insights, hunt insights, and tuning insights, which are all neat features that allow my team to be more efficient.

I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward.

Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.

We started looking at Anvilogic in late 2021, and then we started evaluating them in early 2022. By late 2022, we were already subscribed to Anvilogic.

Other than scheduled downtimes, I have not experienced any outages.

Anvilogic scales effectively with the growing needs of our organization, and we don't have issues when onboarding our primary stakeholders into the platform. They can use it and receive necessary training and coaching, while the most important part is that we can meet with the Anvilogic customer success team almost weekly to review our adoption and share feedback.

They are top-notch. They are always available. The customer service team is always available to us. The product management and the product engineering team are available to us if we need to review something with them.

Like many companies in this field, we utilize the MITRE ATT&CK framework to benchmark our current capabilities and build detections. Each year, at the beginning of the year, we download the latest version of the MITRE ATT&CK framework and assess our current detections. We tag and benchmark them, prioritize threats, and identify which use cases require new detection capabilities. Previously, this process took my team about two to three weeks, and we only performed it annually. However, around 2021, MITRE introduced the concept of sub-techniques. Initially, we were analyzing around 300 techniques, but now we have to analyze over 600. This effectively doubled the time that my team needed to complete the analysis. The work became repetitive and monotonous. As a result, I began searching for a solution that could streamline this process.

When Anvilogic reached out, we discussed our detection processes, and they explained the capabilities of their platform. It felt like a meeting of the minds because what we were doing manually, they could automate. We realized this solution could save us a significant amount of time and make us more agile. By automating the processes of prioritization, identifying gaps, and deploying recommended detections, we could conduct threat prioritization exercises whenever necessary. Given that the threat landscape evolves almost daily, completing these exercises only once a year would put us at a disadvantage. When we recognized Anvilogic’s capabilities, we knew we had to consider their solution.

In early to mid-2021, Anvilogic was the only one doing it this way. We were doing it manually while they were building it, and now there are many similar companies emerging, but we are happy with the success we have had with Anvilogic, choosing to partner with them and providing feedback and feature requests they can incorporate into subsequent releases.

Since Anvilogic was a new concept and product, we needed to invest a lot of time in training our team to adopt it. Fortunately, during the evaluation phase, we established clear success criteria, one of which was training on Anvilogic. The Anvilogic team has been with us from the very beginning of this process and continues to support us today. 

We have detections in multiple places. Most of our detections are on-prem, but there are some that are in the cloud. We use their integration pipelines to bring all of them together.

It was fair. All of us like to deal with vendors who have a certain level of integrity, and the people who run Anvilogic have the highest level of integrity, which makes those sorts of negotiations much easier.

During our evaluation, we encountered many products making various promises. However, when it came to Anvilogic, they were able to identify key aspects of our processes during the evaluation period, which was impressive. This demonstrated that the Anvilogic product was engineered effectively and was functioning as intended. As a result, we started to trust both the team and the platform more.

Since then, we have enjoyed a strong partnership with the Anvilogic product and engineering teams. There were times when features we needed were not initially available, but we were able to communicate our requests, and they were quick to prioritize and deliver those key features for us.

If Anvilogic were to disappear tomorrow, my heart would break. My advice to Anvilogic is to prioritize my request. 

I would rate Anvilogic a nine out of ten.

It serves as the glue between all my vendor telemetry and gives us the capability to build our own detection capabilities in a very advanced way. We have moved off of single-based detections into threat scenarios, which gives us significantly higher fidelity detection capability.

There were no surprises about Anvilogic once I started using it. I knew the quality of the team that was building this tool and it has been a great partnership and collaboration, and they have just been fantastic partners.

It has been a journey that we have jointly been on together. As we are building our program, we are partnering very closely with Anvilogic and pushing the threshold of detection engineering capabilities.

We are on a continuous journey together, and we are continuously trying to push and innovate new ways to push the threshold of detection engineering. We are only able to do many of these capabilities due to the partnership that we have with Anvilogic, where they are meeting what we need to continually push new innovative solutions.

I appreciate all the features of Anvilogic. Our usage of Anvilogic has evolved since onboarding. We originally started soft and focused really on the ETL process to bring data in. As we started getting data in, we began using the detection and correlation engine. As we got more advanced, we started using the threat scenario engine, and we have built many custom processes from that.

Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap.

I have been using Anvilogic for just about three years.

I would assess the stability and reliability of Anvilogic as very good. There has been no downtime in the traditional sense, but it has all been scheduled downtime. We have had advanced notice, and there are no performance issues or crashes that we know of. Anytime we have been using the platform, it has been available.

Anvilogic scales effectively with the growing needs of my organization. We have not had any scaling issues thus far.

Just my team has access to Anvilogic, and that is by design.

I would evaluate their customer service and tech support as fantastic. We have had a great partnership. I would rate them a ten out of ten.

The need for something better first triggered when I joined the organization and started building the detection response program. I was familiar with the big name products, but I was looking to build something bleeding edge and next-gen. With Anvilogic, I knew the team, and I knew that it was a team of practitioners building this tool as opposed to one practitioner who hired software engineers to build the tool. I have experience consulting those types of products. I knew Anvilogic was being built by practitioners, which really motivated me to pursue the tool.

There has been a journey regarding how I justify things to leadership and how I convinced leadership to let me adopt Anvilogic. There was significant information and education that had to occur at the board level to get adoption and buy-in. As we have helped mature the education level of the board to embark on the journey, it became prevalent that we needed a solution and a partner that could keep up with the growing demand that we have in this particular space.

We are pure cloud based, and we run on top of Snowflake. The deployment was very simple. We were in the early phase for Snowflake, so there were a couple early implementation hiccups, but we partnered with Anvilogic on those, and that was kind of part of us being that early implementation partner. We paved the way for future Snowflake customers.

We started our journey with Anvilogic. I do not have the metrics to show in our current organization that could justify that, but the capability that we have on Anvilogic is unmatched to any other platform.

I considered Panther and Hunters before selecting Anvilogic. Originally, we would have considered Anvilogic, but they had not migrated or enabled the capability on Snowflake yet. We were actually in the 11th hour for signing a contract with Hunters when Anvilogic reached out to me and said they were testing a Snowflake capability and asked if we were willing to test it. We put together a time frame for a very quick POV. I knew the capability and the aptitude of this team and was very motivated to do so in a timely manner, and we were able to conclude our POV and determine it was a superior product before we signed the contract with Hunters.

If Anvilogic disappeared tomorrow, everything would break first. 

I would rate Anvilogic a ten out of ten.

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent. 

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side. 

We integrate Anvilogic directly with Splunk rather than using the Amplitude platform separately.  That has been helpful because we don't need to bring logs to a third-party source.

Anvilogic's AI assistant is pretty good. It helps us build out detections within your environment. It has improved our detection logic by a small amount and slightly reduced the time involved in detection writing. Generally, the detection builder is decent.

The drag-and-drop detection engine portal has been helpful because you don't need any programming experience. One area where the generative AI aspect has been helpful is when we are figuring out the specific threats about something that's triggered or similar campaigns. You can write in the latest from this type of detection that I'm looking at and get information back. 

We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.

I've been a full-time customer of Anvilogic for about two years now, and we did a proof of concept eight months or so before we became a customer.

We haven't had any issues with stability.

Anvilogic is as scalable as the environments you've integrated it with, whether it's Snowflake or Splunk.

We have a biweekly standing call with the Anvilogic team to talk through detections and updates, but I can't think of a case where we've had to contact them outside of that call.

The initial deployment was easy because we had it set up for our proof of concept, so it just took a little tuning, and we had it set up within a week. We had one person on our side working with somebody on their side. It's a cloud-based solution, but they push out updates on it. We haven't had any issues where it's broken on our systems, where we've had to lean in on the maintenance side.

We roughly broke even. If we had invested more or tuned our environment a little better, we might have come out on top.

Anvilogic's pricing has been highly competitive. 

We did an extensive proof of concept for Anvilogic, Panther, Devo, Google Chronicle, Splunk, and a few different SIEM/detection engines. We did a breakdown based on our criteria and scoring on various features. Anvilogic outperformed the other tools that we tested.

The price was right for the organization. They also offered a multiyear deal that kept the price down looking forward. We compared it to something like the Chronicle, which required us to export our data specifically to that. It required multiple areas for ingestion, bringing up operational costs on top of the licensing cost. It wasn't providing better detection support than Anvilogic because it was able to integrate with Splunk and our case. It was able to pull off of data that was already being ingested, when we needed to have it ingest in multiple locations.

I rate Anvilogic seven out of 10. To prepare for Anvilogic, I recommend leaning into it. Take advantage of the support team and get some additional training. Use the workshops and commit to using the product. It's a tool that's only as good as the time you put into it. If you bring in the detection engine but don't put any time into creating those detections, then there's not much point.