Try our new research platform with insights from 80,000+ expert users
Anvilogic Logo

Anvilogic Reviews

Vendor: Anvilogic
4.0 out of 5
Start review

What is Anvilogic?

Anvilogic breaks the SIEM lock-in that drives detection gaps and high costs for enterprise SOCs. It enables detection engineers and threat hunters to keep using their existing SIEM while seamlessly adopting a scalable and cost-effective data lake for high-volume data sources and advanced analytics use cases. 

Get the AI-SOC Buyer's Guide and find out what your peers are saying about Anvilogic and more!
Buyer's Guide
Security Information and Event Management (SIEM)
March 2025
Get the category report
Helped 841,099 peers since 2012
 
 
Key learnings from peers

Valuable Features

  • "One of the best things about Anvilogic is the partnership, their knowledge, the depth of technical understanding, and the speed at which they respond."
  • "Before Anvilogic, we had no visibility into our detection coverage. The ability to break it down by industry verticals, such as attackers and adversaries, is valuable."

Room for Improvement

  • "The pricing is slightly edging towards being a bit much for smaller organizations."
  • "The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations."

Pricing

  • "We were an early adopter, so the pricing was definitely good. Because they do not completely replace a SIEM, their pricing is slowly edging towards being a little too much for a smaller organization like ours. It is almost on the border."
  • "Anvilogic's pricing has been highly competitive."
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our AI-SOC Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
17%
Manufacturing Company
12%
Retailer
9%
Real Estate/Law Firm
6%
Healthcare Company
5%
Government
4%
Comms Service Provider
4%
Wholesaler/Distributor
3%
Non Profit
3%
University
3%
Insurance Company
2%
Recreational Facilities/Services Company
2%
Energy/Utilities Company
2%
Hospitality Company
2%
Outsourcing Company
2%
Venture Capital & Private Equity Firm
1%
Media Company
1%
Security Firm
1%
Engineering Company
1%
Transportation Company
1%
Educational Organization
1%

Learn more about Anvilogic

By eliminating the need for rip-and-replace, Anvilogic allows security leaders to confidently join the rest of the enterprise on the modern data stack without disrupting existing processes. Security operations teams at banks, airlines, and large tech companies use Anvilogic’s modular detection engine, thousands of curated threat scenarios, and AI security copilot to improve detection coverage and save millions of dollars.

Related questions

  • 2
When evaluating AI-SOC, what aspect do you think is the most important to look for?
  • 2
Why is AI-SOC important for companies?

Product Categories

Product Categories
AI-SOC
Security Information and Event Management (SIEM)
 

Anvilogic reviews

Sort by:
PeerSpot user
Sr. Manager, SOC, NOC, and Corporate Security at a computer software company with 1,001-5,000 employees
Verified user of Anvilogic
Jul 30, 2024
The solution provides security analytics across multiple data platforms

What is our primary use case?

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

How has it helped my organization?

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent. 

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side. 

*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Read full review (919 words)
AJ
Head of Information Security at a tech vendor with 1,001-5,000 employees
Verified user of Anvilogic
Mar 4, 2025
Comprehensive coverage, no vendor lock-in, and best customer relationship

Pros

"Before Anvilogic, we had no visibility into our detection coverage. The ability to break it down by industry verticals, such as attackers and adversaries, is valuable."

Cons

"The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations."

What is our primary use case?

We use Anvilogic as an SOC detection engineering platform. In addition to that, we use it for hunting and investigation purposes.

How has it helped my organization?

We are a fairly small team with three people in total in the SOC. Their prebuilt configurations and all the detections and scenarios are the reason why we have good coverage today. We use them as a template to start off with. Of course, it needs a bit of customization for the organization it is being deployed for, but it works in our case. We use that, build it, and then fine-tune it for our scenario. We are then good to deploy it. Usually, what used to take us about a week's worth of detection development can be done in about an hour and a half or two at best by using these templates.

Anvilogic provides security analytics across multiple data platforms. It can integrate with different data platforms and provide the same kind of analytics.

We have been able to reduce the cost of having some of these analytics and capabilities deployed across different platforms because we route most of our alerts into Anvilogic. The analytics work on those, whether they are from endpoints, SaaS applications, Identity, or SIEM. We have been able to save costs by not having to deploy these across different platforms. There is also efficiency in terms of getting some of these done quickly and faster rather than jumping between different things.

Anvilogic enables us to break free from vendor lock-in. That was one of the key reasons why we chose Anvilogic. We have changed SIEM once since we moved to Anvilogic. In between, when we were looking at some other integrations, Anvilogic was ready to integrate easily with them. Vendor lock-in is a much lesser concern now.

Anvilogic's AI assistant has helped improve our detection logic. Prior to Anvilogic, somebody would do the investigation, come up with the results, go ahead with a review process, and implement the findings. Since we have had Anvilogic, it automatically does the assessment and gives us a daily report. The analyst just has to do the implementation after the review, so the investigation process from my analyst is no longer required. We feel that the outcome from Anvilogic is also reliable. We do not have to go back and get into the weeds to see specifically whether it is the right analysis.

It simplifies detection engineering and threat hunting across multiple search languages, although we do not fully leverage all the benefits. Most of our platforms are pulled in from the SIEM, and some of them are from the likes of CrowdStrike and other places. We leverage a standard taxonomy. If this were to be between two different SIEMs, the search capability would be very helpful. However, the AI capability for writing out a quick query by using things like regex or regular expressions and building out regular expressions helps. When an analyst is investigating something or building something, they quickly want to understand what a certain component means, so having that within the same pane helps. So, we use it in some capability, but those capabilities are very helpful so far.

Anvilogic has significantly reduced our end-to-end detection engineering time. Earlier, it used to take about a week and a half for someone to go in and check. With their templates and prebuilt scenarios and cases, it now takes just about a day or two where we have to look at it and then customize it for us.

Anvilogic has helped our organization reduce false positives. The tuning insights feature of Anvilogic comes up with proactive ways to reduce false positives. It gives the analyst a view of what is causing the false positives. Is it genuine or not? Is it malicious or not? They can then action items on those. They also maintain an ongoing allow list and deny list, which helps to suppress false positives temporarily, or in the longer run, makes the whole process both accountable with audit logs and quicker.

We were able to realize its benefits immediately. We did a proof of concept in 2021, and our coverage at that point was in the lower twenties. We got to about the upper eighties in two quarters, and it was very steep, quick growth.

*Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Read full review (1509 words)