

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
We're taking these things that executives see on the news, cyber threats falling from the sky, and we're taking the timeline that would take weeks or sometimes even months to address, depending on what's required for the detection, and bringing that timeline down to hours and days.
We rolled out approximately 1,500 Armory alerts in three months, which would not have been possible with Splunk.
If we were not doing more and did not have Anvilogic, we would need one dedicated person to do this detection engineering.
The product management and the product engineering team are available to us if we need to review something with them.
One of the best things about Anvilogic is the partnership, their knowledge, the depth of technical understanding, and the speed at which they respond.
I would evaluate their customer service and tech support as fantastic.
I rate the customer support a nine out of ten because of their timely technical guidance and responsiveness during the deployment and troubleshooting periods.
We started with about 55 detections and scaled up to about 980 odd detections so far.
Anvilogic scales effectively with the growing needs of my organization.
Anvilogic is helping us identify what the needs of the business are, where in many cases, business processes just run off on their own.
Devo is a unified SIEM solution designed to handle growing log volumes and enterprise-scale monitoring requirements.
I have never experienced a serious outage.
I would assess the stability and reliability of Anvilogic as very good.
The biggest instability has been with the AI agent, which the team is not using fully due to inconsistent results.
It is stable and reliable for our security operations.
Flexibility is key for any enterprise platform to meet our unique business requirements.
It lacked a robust CI/CD pipeline, which is crucial for comprehensive testing before changes go into production.
It seems that it requires more growth in how you can navigate through it and see the overall maturity of it clearly for a specific actor versus the enterprise-wide visibility of the whole maturity of the program.
This is particularly evident when dealing with failed login attempts and determining true versus false positives.
UI improvements, a simplified dashboard, or an easier reporting workflow could further improve analyst productivity.
The cost is a little higher compared to other tools such as DataDog or Elasticsearch, so they could work on reducing costs.
Because they do not completely replace a SIEM, their pricing is slowly edging towards being a little too much for a smaller organization like ours.
Licensing is reasonably affordable and should be evaluated over time concerning the platform's value.
They provide estimates because obviously every business is different, but they provided reasonable estimates that were fairly accurate based on other customers from a similar type of background or size.
Detection insights help us easily identify the most noisy ones, the effective ones, and what needs to be fixed to move the noisy ones to effective ones.
The learning curve is not steep, allowing even those with basic knowledge in writing detection rules to adapt quickly.
Anvilogic plus Snowflake has vastly improved our total cost of ownership for the SIM platform; we went from a pretty expensive platform in Splunk that was not vertically scalable due to budget limitations to a platform now that is far more efficient per terabyte of data ingested and processed per day.
When they see a spike in a line chart for a failed login, which could be a true or false attempt, they can click that spike, and a table widget on the same active board instantly populates with raw logs of data for those specific failed logins.
When the analyst uses queries to search, it pulls the data quickly, in a second, which aids us greatly with the investigation.
It utilizes 400 days of hot data, allowing queries to run very fast and yield results quicker than other tools in terms of security and SIEM capability.
| Product | Mindshare (%) |
|---|---|
| Anvilogic | 0.6% |
| Devo | 1.2% |
| Other | 98.2% |
| Company Size | Count |
|---|---|
| Small Business | 2 |
| Large Enterprise | 12 |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 5 |
| Large Enterprise | 12 |
Anvilogic offers a no-code platform that enhances SOC efficiency by leveraging AI capabilities, providing detection coverage and industry-specific insights while integrating seamlessly with platforms like Snowflake.
Providing advanced visibility into detection coverage, Anvilogic delivers industry-specific insights through a powerful AI-driven, no-code environment. Users benefit from features like log normalization, the Armory for pre-built detections, and integration flexibility with platforms such as Snowflake. The platform significantly enhances SOC efficiency by reducing false positives and delivering quick insights. With integration into the MITRE framework and customizable alerts, Anvilogic improves detection logic and facilitates effective threat management, ensuring efficient detection across diverse environments.
What Are Anvilogic's Key Features?Anvilogic specializes in detection engineering for SOC teams, integrating data from tools like SentinelOne and Splunk. Its AI-driven capabilities streamline detection processes, reduce false positives, and extend to log ingestion, detection logic versioning, and threat prioritization. Industries use Anvilogic to enhance security operations through advanced detection scenarios and coordinated alert efforts, enabling efficient detection of behavioral patterns and management of security incidents.
Devo offers powerful visual analytics, real-time data querying, and log integration capabilities within a cloud-native, multi-tenant architecture, supporting extended data retention ideal for long-term analysis and compliance.
Devo is recognized for its Activeboards, which facilitate visual analytics. High-speed search capabilities and real-time analytics enable efficient data manipulation and querying. Its multi-tenant architecture supports effective data segregation and customization tailored to distinct business needs, enhancing its value for handling complex log integrations. With extended data retention of 400 days and a cloud-native architecture, Devo is a robust platform for long-term analysis and compliance requirements. Though opportunities exist to improve browser stability on large searches, SOAR integrations, and its parser capabilities, Devo remains essential for incident response and security monitoring, offering centralized data storage and analysis.
What are Devo's most important features?Devo is extensively used in industries focused on incident response and digital forensics, centralizing data for security monitoring across hybrid environments. Organizations benefit from its ability to store and analyze aggregated logs, creating alerts and dashboards to enhance visibility for network and endpoint activities in multi-domain settings.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.