No more typing reviews! Try our Samantha, our new voice AI agent.

Anomali vs Anvilogic comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 18, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.0
Anomali offers cost-effective solutions with significant ROI, reducing manual effort and enhancing efficiency through automation and AI-driven tasks.
Sentiment score
4.7
Anvilogic enhances efficiency and ROI with 25% cost savings, 50% operational efficiency boost, and improved detection coverage.
Analyst productivity has improved significantly, with hours saved because of automation and AI-driven work that Anomali performs.
Global Leadership Council at a tech company with 10,001+ employees
Anomali provides us with a very cost-effective value compared to the market, and I would rate it ten out of ten for return on investment metrics.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
There is a return on investment concerning time and effort saved by 40% after implementing Anomali.
Security Consultant at Deloitte
We're taking these things that executives see on the news, cyber threats falling from the sky, and we're taking the timeline that would take weeks or sometimes even months to address, depending on what's required for the detection, and bringing that timeline down to hours and days.
Director, Cybersecurity Operations at Labcorp
We rolled out approximately 1,500 Armory alerts in three months, which would not have been possible with Splunk.
Vice President, Information & Cyber Security at St. George's University
If we were not doing more and did not have Anvilogic, we would need one dedicated person to do this detection engineering.
Head of Information Security at a tech vendor with 1,001-5,000 employees
 

Customer Service

Sentiment score
5.0
Anomali offers excellent enterprise support with quick, reliable assistance, though smaller client attention and professionalism have recently declined.
Sentiment score
7.1
Anvilogic offers strong support with rapid response, expertise, and good communication, despite occasional delays or tracking issues.
They have strong onboarding and deployment assistance, provide a dedicated technical account manager for large customers, and engage in regular product updates and customer interaction.
Global Leadership Council at a tech company with 10,001+ employees
The technical support at Anomali is excellent.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
It doesn't seem very professional how they're handling support anymore.
Enterprise Security Architect V at FirstEnergy
The product management and the product engineering team are available to us if we need to review something with them.
Director, Cybersecurity at a financial services firm with 10,001+ employees
One of the best things about Anvilogic is the partnership, their knowledge, the depth of technical understanding, and the speed at which they respond.
Head of Information Security at a tech vendor with 1,001-5,000 employees
I would evaluate their customer service and tech support as fantastic.
Senior Director | Detection Response at a tech vendor with 1,001-5,000 employees
 

Scalability Issues

Sentiment score
8.0
Anomali offers scalable solutions by smoothly handling extensive threat data and integrating with security systems, supporting organizational growth.
Sentiment score
6.8
Anvilogic offers scalable solutions, managing detections, integrations, and business needs while ensuring seamless onboarding and cost efficiency.
The scalability is massive, allowing us to store millions of indicators.
Enterprise Security Architect V at FirstEnergy
I believe Anomali's scalability is good; whether it is an organization for ten people or one hundred thousand people, the job a threat intel platform has to do will be the same.
Sr. Threat Intelligence Analyst at a tech vendor with 10,001+ employees
Anomali's scalability is impressive as a mature platform capable of processing large amounts of threat intelligence and indicators of compromise data.
Global Leadership Council at a tech company with 10,001+ employees
We started with about 55 detections and scaled up to about 980 odd detections so far.
Head of Information Security at a tech vendor with 1,001-5,000 employees
Anvilogic scales effectively with the growing needs of my organization.
Senior Director | Detection Response at a tech vendor with 1,001-5,000 employees
Anvilogic is helping us identify what the needs of the business are, where in many cases, business processes just run off on their own.
Director, Cybersecurity Operations at Labcorp
 

Stability Issues

Sentiment score
8.4
Users praise Anomali's high stability and enterprise-grade reliability, noting consistent performance despite occasional platform function changes.
Sentiment score
6.7
Anvilogic is stable with minor AI agent issues, reliable performance, fast support, and no major downtime reported.
From a reliability perspective, Anomali consistently injects threat feeds, works on automation, performs reliable API integrations, and supports enterprise scale globally.
Global Leadership Council at a tech company with 10,001+ employees
For example, while Microsoft allows ample time for users to adapt to deprecated features, Anomali only gave us three weeks before switching, so they need to be more cognizant of customer use cases from their engineering side.
Enterprise Security Architect V at FirstEnergy
The good thing is that they have a health check page, and if any issues arise, they notify us.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
I have never experienced a serious outage.
Vice President, Information & Cyber Security at St. George's University
I would assess the stability and reliability of Anvilogic as very good.
Senior Director | Detection Response at a tech vendor with 1,001-5,000 employees
The biggest instability has been with the AI agent, which the team is not using fully due to inconsistent results.
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
 

Room For Improvement

Anomali needs enhanced AI, simplified interfaces, better integration, consistent tagging, flexible reporting, clearer pricing, and intuitive workflows.
Anvilogic needs better data integration, enhanced AI, improved workflow efficiency, and user-accessible documentation while addressing cost concerns for smaller entities.
Combining all aliases into a coherent solution would be beneficial, as we had to review each individual source ourselves.
Senior Cyber Threat Hunter at a financial services firm with 10,001+ employees
Anomali should increase their capability to fetch details from various dark web solutions where threat actors post compromised credentials.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Anomali's ability to correlate and integrate different Threat Intel platforms, such as Mandiant and PolySwarm, is another valuable feature, removing duplicacy and enabling the application of specific IOCs across various security controls.
Associate Consultant at a tech vendor with 1,001-5,000 employees
Flexibility is key for any enterprise platform to meet our unique business requirements.
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
It lacked a robust CI/CD pipeline, which is crucial for comprehensive testing before changes go into production.
Threat Researcher 2 at a tech vendor with 1,001-5,000 employees
It seems that it requires more growth in how you can navigate through it and see the overall maturity of it clearly for a specific actor versus the enterprise-wide visibility of the whole maturity of the program.
Manager, Threat Intel & Detection Operations at Zendesk
 

Setup Cost

Anomali pricing is medium to high, with contracts of one to two years, managed by senior staff in discussions.
Anvilogic offers fair pricing with tailored implementation costs, transparent negotiations, and strong support, ensuring a seamless adoption experience.
Pricing and licensing are good, but the costs for purchasing threat feeds are somewhat complicated and a bit on the higher side.
Associate Consultant at a tech vendor with 1,001-5,000 employees
My experience with Anomali's pricing is that it is higher compared to other open-source alternatives.
Senior Information Technology Security Consultant at Mideast Data Systems
My experience with pricing, setup cost, and licensing is that there are not many follow-ups, but once we interacted with the product team or the leadership of Anomali, they managed a lot with us, and it all paid off to reach a conclusion that we would continue with this product.
Solution Delivery Advisor at a tech vendor with 10,001+ employees
Because they do not completely replace a SIEM, their pricing is slowly edging towards being a little too much for a smaller organization like ours.
Head of Information Security at a tech vendor with 1,001-5,000 employees
Licensing is reasonably affordable and should be evaluated over time concerning the platform's value.
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
They provide estimates because obviously every business is different, but they provided reasonable estimates that were fairly accurate based on other customers from a similar type of background or size.
Manager, Threat Intel & Detection Operations at Zendesk
 

Valuable Features

Anomali excels in threat intelligence by efficiently automating data integration, improving response times, and reducing manual workloads.
Anvilogic enhances SOC efficiency with AI-driven detection, multi-SIEM integration, no-code usability, cost management, and seamless platform transitions.
Regarding integration, Anomali has capabilities to integrate with different downstream applications such as Palo Alto, allowing us to create playbooks to block domains, URLs, or IPs directly within the firewall.
Lead Cyber Threat Intelligence Incident Response Engineer & Security Engineer at a retailer with 10,001+ employees
Correlating IOCs with the telemetry data we are ingesting from our data sources allows us to pull monthly reports identifying how many assets and users interacted with malicious content, giving insight into whether communications failed or users accessed restricted content, providing complete visibility of the IOCs traveling throughout our environment.
Associate Consultant at a tech vendor with 1,001-5,000 employees
It aggregates intelligence from hundreds of sources, automatically de-duplicates, applies risk scoring, applies context, and reduces much manual effort.
Global Leadership Council at a tech company with 10,001+ employees
Detection insights help us easily identify the most noisy ones, the effective ones, and what needs to be fixed to move the noisy ones to effective ones.
Head of Information Security at a tech vendor with 1,001-5,000 employees
The learning curve is not steep, allowing even those with basic knowledge in writing detection rules to adapt quickly.
Threat Researcher 2 at a tech vendor with 1,001-5,000 employees
Anvilogic plus Snowflake has vastly improved our total cost of ownership for the SIM platform; we went from a pretty expensive platform in Splunk that was not vertically scalable due to budget limitations to a platform now that is far more efficient per terabyte of data ingested and processed per day.
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
 

Categories and Ranking

Anomali
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
8.0
Reviews Sentiment
6.2
Number of Reviews
13
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Advanced Threat Protection (ATP) (11th), Threat Intelligence Platforms (TIP) (3rd), Extended Detection and Response (XDR) (11th)
Anvilogic
Ranking in Security Information and Event Management (SIEM)
11th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
13
Ranking in other categories
AI-SOC (2nd)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anomali is 1.4%, up from 0.3% compared to the previous year. The mindshare of Anvilogic is 0.6%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Anomali1.4%
Anvilogic0.6%
Other98.0%
Security Information and Event Management (SIEM)
 

Featured Reviews

TarunKumar11 - PeerSpot reviewer
Global Leadership Council at a tech company with 10,001+ employees
Strategic threat intelligence has improved detection speed and consistently reduces analyst workload
Anomali can be improved in various aspects. Its AI-driven automation can further advance, and AI-powered investigation summaries can improve. User experience could be enhanced through simplification of workflows. Better board-level cyber risk dashboards could provide easier visualization. Additionally, Anomali could work on simplifying the pricing structure. Although it excels in threat intelligence aggregation and operationalization, stronger GenAI capability, improved executive reporting, and a more intuitive workflow for analysts would further increase SOC efficiency and add more business value. Regarding Anomali's AI capabilities, governance and security are quite good. Anomali has incorporated AI and machine learning primarily to improve correlation and prioritization. These capabilities are valuable but could be more mature. The platform could achieve better threat correlation, prioritization, more anomaly detection, and allow AI to accelerate intelligence analysis while further improving quality and relevance. The accuracy and reliability of Anomali's AI output are fairly reasonable and good. The AI engine works well, but this capability could be improved. Better threat correlation with threat actors, certain indicators of compromise, malware, and campaigns is possible. Threat prioritization could increase, and alert noise could be reduced through further de-duplication. While reasonable, this is not the best available, and other products possibly have more AI maturity, such as Recorded Future and CrowdStrike Falcon.
reviewer2800338 - PeerSpot reviewer
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
Modern threat detection has improved coverage and reduced costs but still needs better UX and flexibility
There is room for growth in the product platform; our detection engineers using Anvilogic every day encounter some frustrating UX experience issues where buttons are not logically placed, and workflows are not working as expected. There is also room for growth in integrating the platform with third parties, as we have encountered limitations in what can be executed via API and what is documented. We are a heavy automation integration team, so having this well documented is important for us. The enterprise capabilities within the platform also seem somewhat limited, as we run into limitations in managing detections at scale and making changes to those detections at scale. Especially at an enterprise level, if we need to add enrichment logic to every single detection deployed, it can be quite onerous; we had to develop custom scripts to manage that. Thus, enhancing enterprise-type features for managing the platform at scale rather than clicking through the GUI is important as we continue to grow. Additionally, the AI capabilities have been somewhat unstable and unintuitive to use, which is key for increasing adoption. One other thing is that the detection logic builder today is somewhat limited in flexibility regarding implementing detections, grouping detections together, and handling alerts when they fire. This might be partly due to our need to adjust to a different platform, but flexibility is key for any enterprise platform to meet our unique business requirements. Having the capability to build custom detection logic not tied to a specific structure would be helpful; although a lot can be done, it often requires working with our account team which is time-consuming and less intuitive.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
6%
Financial Services Firm
15%
Healthcare Company
8%
Manufacturing Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise14
By reviewers
Company SizeCount
Small Business2
Large Enterprise12
 

Questions from the Community

What is your experience regarding pricing and costs for Anomali Enterprise?
My experience with pricing involved a yearly, two-year contract; I can't specify the setup cost, but it was aligned with our budget, so I consider it good.
What needs improvement with Anomali ThreatStream?
I can mention one point regarding improvements for Anomali, which is more enhanced reporting flexibility. The reporting provided to us is not too detailed and could be more enhanced. Better filteri...
What is your primary use case for Anomali ThreatStream?
I was using Anomali primarily for threat intelligence operations, security monitoring, and threat detection initiatives. I was part of the SOC team, and my role and responsibilities involved workin...
What is your experience regarding pricing and costs for Anvilogic?
I am from the technical department, so I do not have details about pricing, setup cost, or licensing, as that was handled by my management team.
What needs improvement with Anvilogic?
I chose a nine because, while Anvilogic is excellent, there is room for improvement in terms of the false-positive reports that have been presented and the AI pattern that can be improved.
What is your primary use case for Anvilogic?
Anvilogic serves as my cybersecurity company's platform that provides detection, SIEM support, and SOC investigation, along with the implemented MITRE ATT&CK framework. A specific example of ho...
 

Also Known As

Match, Lens, ThreatStream, STAXX, Anomali Security Analytics
No data available
 

Overview

 

Sample Customers

Bank of England, First Energy, UBISOFT, Bank of Hope, Blackhawk Network
Information Not Available
Find out what your peers are saying about Anomali vs. Anvilogic and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.