SIEM and Log Management Simplified

AlienVault Unified Security Management™(USM) delivers a complete SIEM with built-in, essential security controls and seamlessly integrated threat intelligence so you can accelerate your threat detection and compliance.

Watch a 90-Second Demo

Trusted by thousands of customers.

DaveyRegis UniversityLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass CellularBank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake ShackSubaruAmy'sHuluU.S. Air ForceeHarmonyOklahoma UniversityUbisoftTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings Inc

A Complete SIEM, And So Much More

Single-purpose SIEM software or log management tools provide valuable information, but often require expensive integration efforts to bring in log files from disparate sources such as asset management, vulnerability assessment, and IDS products. With the AlienVault USM™ platform, SIEM is built-in with other essential security tools for complete security visibility that simplifies and accelerates threat detection, incident response, and compliance management.

Fully Integrated SIEM Capabilities on Day 1

Drastically simplify SIEM deployment and gain valuable insight into your environment with an all-in-one platform that includes all the essential security capabilities you need, managed from a single pane of glass, working together to provide the most complete view of your security posture.

  • SIEM / event correlation
  • Asset discovery and inventory
  • Vulnerability assessment
  • Intrusion detection
  • NetFlow monitoring
  • Actionable, relevant threat intelligence from AlienVault Labs threat research team
  • Integrated global real-time view of emerging threats and bad actors from OTX, the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat intelligence

Day One Results

Deploy AlienVault USM and see
actionable threat insights on day one.
Download a Free Trial >

  • 3,000+ Correlation Directives
    Ships with over 3,000 pre-defined correlation directives so you don’t have to spend hours creating your own.
  • Always Vigilant
    Continuous updates from AlienVault Labs include new correlation directives, threat signatures, remediation guidance, and more.

Try AlienVault USM for Free!       Online Demo

More Than Just a SIEM

– It’s Unified Security Management™ (USM)!

Traditional SIEM solutions promise to provide what you need – but the path to get there is one most of us can’t afford. Traditional SIEM solutions integrate and analyze the data produced by other security technologies that are already deployed, but unfortunately most mid-market organizations don’t have those other technologies deployed yet! AlienVault USM provides a different path. In addition to all the functionality of a traditional SIEM, AlienVault USM also builds the essential security capabilities into a single platform with no additional feature charges. And AlienVault’s focus on ease of use and deployment makes it the perfect fit for mid-market enterprises and organizations with limited budget and few in-house resources.
Features: AlienVault USM Traditional SIEM
Management:
Log Management Yes Yes
Event Management Yes Yes
Event Correlation Yes Yes
Reporting Yes Yes
Trouble Ticketing Built-In $$
(3rd-party product that requires integration)
Security Monitoring Technologies:
Asset Discovery Built-In $$
(3rd-party product that requires integration)
Network IDS Built-In $$
(3rd-party product that requires integration)
Host IDS Built-In $$
(3rd-party product that requires integration)
Netflow Built-In $$
(3rd-party product that requires integration)
Full Packet Capture Built-In $$
(3rd-party product that requires integration)
File Integrity Monitoring Built-In $$
(3rd-party product that requires integration)
Vulnerability Assessment Built-In $$
(3rd-party product that requires integration)
Additional Capabilities:
Continuous Threat Intelligence Built-In Not Available
Unified Management Console for security monitoring technologies Built-In Not Available
Reviews of AlienVault Unified Security Management on  Software Reviews on TrustRadius
AlienVault is no Alien when it comes to Security
By Philip C. (Manager in Information Technology at an Insurance company with 201-500 employees) July 24, 2016

AlienVault Unified Security Management is being used across the whole organisation for event logging and monitoring, threat/vulnerability management and IDS.

Read full review
AlienVault USM, making available the capabilities of big systems for the small business
By Thomas V. (Professional in Corporate at a Computer & Network Security company with 1-10 employees) July 19, 2016

AlienVault Unified Security Management (USM) is suited for the small office/business that could never afford the high end systems, and it can scale to large networks. PCI regulated businesses and HIPAA doctor offices and medical suites can be mor…

Read full review
First try with AlienVault USM
By Anonymous (Professional in Information Technology at a Hospitality company with 1001-5000 employees) June 28, 2016

Alienvault is used to monitor security events in our entire organisation. It help us to keep an eye on security while saving time. This enables us to be more secure even if we desperately need more staff.

Read full review
Alienvault USM: Navigating the Infosec Universe
By Kevin G. (Administrator in Information Technology at a Recreational Facilities and Services company with 1001-5000 employees) May 10, 2016

AlienVault Unified Security Management (USM) is well suited for anyone who wants to turn on a device and get actionable intelligence right away. Given the proper configuration, I can’t think of a scenario where AlienVault USM wouldn’t be appropri…

Read full review
Alienvault – The Answer to Many of our Network Security Needs
By Dana H. (Technician in Information Technology at an Utilities company with 51-200 employees) May 4, 2016

AlienVault is used to provide visibility into our network traffic inbound and outbound from/to the Internet as well as traffic between our DMZ, corporate and extranet networks. Prior to AlienVault we configured a layered security design and it wa…

Read full review
TrustNet Managed Security With AlienVault
By Mike K. (C-Level Executive in Information Technology at an Information Technology and Services company with 11-50 employees) April 1, 2016

The AlienVault USM platform allows us to provide services to our clients that help them meet their compliance needs. It covers some of the major PCI compliance requirements, for example, Secure Log Management and storage, File Integrity Monitorin…

Read full review
AlienVault USM Implementation Review
By Anonymous (Project Manager in Information Technology at a Higher Education company with 201-500 employees) March 26, 2016

We use AlienVault USM to monitor our data center, network traffic, and key workstations. Our goal is to protect the systems from loss of PII, from malware, and from intrusion.

Read full review
AlienVault Unified Security Management System is a MUST have for all
By Anonymous (Technician in Information Technology at an Information Technology and Services company with 51-200 employees) March 24, 2016

Our organization currently uses AlienVault Unified Security Management in order to comply with the requirements made by the PCI DSS council. AlienVault USM is very easy to use, while gaining amazing feed back. The support given by the AlienVault…

Read full review
Alien Vault USM – one tool for simplified security compliance management
By Chris N. (C-Level Executive in Information Technology at an Information Technology and Services company with 1-10 employees) December 5, 2015

If you are looking for an easy, turn key all in one solution, this is your best option. Other products have many different solutions stitched together, but only Alien Vault Unified Security Management has been able to take the best of breed open …

Read full review
My AlienVault USM Experience
By Aleksandar Z. (C-Level Executive in Other at an Information Technology and Services company with 51-200 employees) November 29, 2015

AlienVault Unified Security Management is being used by the information security department of our company. It is helping us to quickly identify security incidents and to investigate and respond in a timely manner.

Read full review
Read all reviews

Centralized Threat Alerts

Prioritize with Kill Chain Taxonomy

The promise of SIEM software is particularly powerful—collecting data from disparate technologies, normalizing it, centralizing alerts, and correlating events to tell you exactly what to focus on. Unfortunately, achieving and maintaining the promise of SIEM is time-consuming, costly, and complex.

AlienVault USM builds in all the security capabilities you need plus a centralized alarm dashboard that utilizes the Kill Chain Taxonomy to focus your attention on the most important threats. It breaks attacks out into five threat categories that help you understand attack intent and threat severity, based on how they’re interacting with your network.

  • System Compromise – Behavior indicating a compromised system.
  • Exploitation & Installation – Behavior indicating a successful exploit of a vulnerability or backdoor/RAT being installed on a system.
  • Delivery & Attack – Behavior indicating an attempted delivery of an exploit.
  • Reconnaissance & Probing – Behavior indicating a bad actor attempting to discover information about your network.
  • Environmental Awareness – Behavior indicating policy violations, vulnerable software, or suspicious communications.

Identify Known Bad Actors Communicating with Your Systems

Indicated by the OTX™ ‘Atomic’ logo, alarms and events associated with known Indicators of Compromise (IoCs) are highlighted throughout USM. This allows you to prioritize and triage security events that contain data linked to malicious activity.

Reduced Noise

Correlate IDS data with multiple security tools to reduce false positives and increases accuracy of alarms.

Complete Threat Evidence

See attack type, number of events, duration, source and destination IP addresses, and more.

Automatic Notifications

Set up email notifications and implement phone messaging services such as SMS.

Workflow Management

Create tickets from any alarm, delegate to users, or integrate with an external ticketing system.

Drill Down and Analyze Consolidated Threat Details in One Console

Accelerate your response work by analyzing related threat details on one console. See the directive event, the individual event(s) that triggered the directive event, and the correlation level of the directive rule.

You can click on any event to examine details such as:

  • Normalized event
  • SIEM information
  • Reputation of source and destination IP addresses
  • Knowledge base about the event
  • Payload of the packet triggering the event

Search SIEM Events

See events stored in the database, filter for more granular data, and sort by event name, IP address and more.

Inspect Packet Captures

Use integrated packet capture functionality to capture interesting traffic for offline analysis.

Check Assets and Vulnerabilities

Identify whether an attack is relevant by correlating reported vulnerabilities with malicious traffic.

Examine Raw Logs

Search for any raw logs that are related to activity reported by an alarm. Raw logs are digitally signed for evidentiary purposes. You can also filter by time range and search pattern and export raw logs as a text file.

Detect the Latest Threats with
Weekly Threat Intelligence Updates

Researching threats and maintaining your SIEM software, IDS, and vulnerability assessment tools for the latest threat detection isn’t trivial. Let us do the heavy lifting for you.

AlienVault Labs threat research team fuels your USM platform with the latest threat intelligence, so you can focus on detecting and responding to the most critical issues in your network.

AlienVault Labs threat research team spends countless hours mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities, and exploits they uncover across the entire threat landscape. They leverage the power of OTX, the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors.

AlienVault Labs delivers eight coordinated rulesets:

  • Network IDS signatures
  • Host-based IDS signatures
  • Asset discovery signatures
  • Vulnerability assessment signatures
  • Correlation rules
  • Reporting modules
  • Dynamic incident response templates
  • Newly supported data source plug‐ins