We performed a comparison between USM Anywhere and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel pricing is good"
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Log aggregation and data connectors are the most valuable features."
"The main benefit is the ease of integration."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Ease of deployment across various environments."
"The setup is very easy and straightforward."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"The vulnerability manager and the file integration are very good."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"We had used previous products and found AlienVault centralized the logging for our security."
"We are able to do problem determination on runaway processes."
"Like other common Linux distributions, some of the most valuable features of this solution are the ease of use and deployment. It's simple and has a lot of packages and a lot of software."
"In terms of customization and integration, we have more flexibility. We can automate configurations, define deletion rules, and customize based on the needs. The client interface allows for further configuration, making it quite comprehensive."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"The level of discovery-based configuration that lets us auto-configure the monitoring for various systems is a valuable feature."
"The most valuable feature is the monitoring of virtual machines."
"It has good graphs of what is going on within the operating system."
"We value the auto-host discovery, template import, bulk import/export features. Newer versions also add nice features, such as multi-IP per host."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"We are invoiced according to the amount of data generated within each log."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We'd like to see more connectors."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
"It would be hard for any legitimate MSSP to use it."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"The reporting is mediocre and is something that needs to be improved."
"More complimentary training needs to be done for use with this tool. If you get into a bind, then it will cost you."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"Having a more customizable interface and dashboard would be an improvement."
"Zabbix isn't very good at automation just yet."
"The APM monitoring has room for improvement, although I hear that the new 5.2 version has some improvements in that area, and I'd like to give that a go. I would like to see a few more templates out there for different styles of monitoring. I use the Grafana interface for reporting. I would also like it to have an out-of-the-box ability to email reports. You can create reports, but to be able to email those reports would be really helpful. I've got users who are not interested in logging in and generating a report. They want it all pre-canned and sent to an email address. It would also be really handy if we could pin certain reports up onto platforms such as Teams or SharePoint. A GUI for the proxy server would be cool to have for debugging purposes and for the support teams to have a look at, but I don't know whether that's really feasible to do. I get enough from the log files themselves."
"The user web interface is a little bit too basic, we need to link Zabbix to Grafana to have more options, such as graphs and charts. The interface needs to be improved. Additionally, there could be better integration with Grafana API."
"If you want to use all of the features then you have to pay a licensing fee."
"Zabbix can use better documentation and support for troubleshooting."
"It could be more stable."
"Zabbix is not easy to configure, and upgrading is also an issue."
USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. USM Anywhere is rated 8.4, while Zabbix is rated 8.2. The top reviewer of USM Anywhere writes "Easy to use and affordable". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". USM Anywhere is most compared with Wazuh, AlienVault OSSIM, IBM Security QRadar and Splunk Enterprise Security, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and Nagios Core.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
