Graylog vs USM Anywhere comparison

Graylog and LevelBlue are both solutions in the Log Management category. Graylog is ranked #18 with an average rating of 6.5, while LevelBlue is ranked #38 with an average rating of 7.3. Graylog holds a 6.6% mindshare in Log Management, compared to LevelBlue’s 0.5% mindshare. Additionally, 94% of Graylog users are willing to recommend the solution, compared to 92% of LevelBlue users who would recommend it.

Graylog

Read 18 Graylog reviews

9,387 Views
8,255 Comparison Views

94% willing to recommend

USM Anywhere

Read 115 USM Anywhere reviews

2,085 Views
1,448 Comparison Views

92% willing to recommend

Graylog

USM Anywhere

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 12, 2025

USM Anywhere and Graylog compete in the security information and event management (SIEM) category. USM Anywhere offers a more comprehensive suite of features, providing users with a centralized, all-in-one solution that excels in security monitoring.

Features: USM Anywhere combines SIEM, vulnerability scanning, and asset management to efficiently track applications and system changes. It delivers real-time email alerts and event correlation with customization options requiring minimal setup. Graylog specializes in real-time logging and text-based searching with seamless integration with Elasticsearch, offering fast data retrieval. Its customization flexibility, supported by an open-source model, enhances user interaction.

Room for Improvement: USM Anywhere needs better plugin support, improved correlation features, and more intuitive configuration interfaces. Users also desire faster search capabilities and enhanced cloud integration. Graylog users point to the need for enhanced documentation, better Elasticsearch integration, and improved alerting flexibility, alongside advancements in visualization and log filtering.

Ease of Deployment and Customer Service: USM Anywhere supports various deployment models, including public, private, and hybrid clouds, and offers comprehensive support, despite some concerns about response times. Graylog supports on-premises deployment, known for its easy setup and responsive customer service, although the community edition's support is not as extensive as USM Anywhere's enterprise options.

Pricing and ROI: USM Anywhere is competitively priced, offering significant ROI with its comprehensive features, though there are concerns over subscription costs linked to data volume. Graylog is notable for its cost-effectiveness, largely due to its free open-source version, though enterprise costs may be steep for some.

To learn more, read our detailed Graylog vs. USM Anywhere Report (Updated: January 2025).

Buyer's Guide

Graylog vs. USM Anywhere

January 2025

Download the complete report

Helped 831,265 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Graylog

Ranking in Log Management

18th

Average Rating

8.0

Reviews Sentiment

7.0

Number of Reviews

Ranking in other categories

No ranking in other categories

USM Anywhere

Ranking in Log Management

38th

Average Rating

8.4

Reviews Sentiment

7.0

Number of Reviews

115

Ranking in other categories

Security Information and Event Management (SIEM) (30th), Endpoint Detection and Response (EDR) (52nd), Compliance Management (12th)

Mindshare comparison

As of January 2025, in the Log Management category, the mindshare of Graylog is 6.6%, up from 5.7% compared to the previous year. The mindshare of USM Anywhere is 0.5%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Andrey Mostovykh

Senior Data Architect at a comms service provider with 51-200 employees

Real-time analysis, easy setup, and open source

We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.

Read full review

Kris Nawani

Co-Founder/Director at Bangkok MSP Company Limited

Offers complete coverage without the need to install additional software

USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."

"This had increased productivity for the dev and support teams, because we are directly notifying them."

"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."

"Graylog's search functionality, alerting functionality, user management, and dashboards are useful."

"We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."

"The product is scalable. The solution is stable."

"The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed."

"The build is stable and requires little maintenance, even compared to some extremely expensive products."

More Graylog pros

"Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."

"AlienVault's reporting is good. I like that vulnerability assessment is part of the solution, and the UI is intuitive. Also, the overhead is low, which is to say we don't need a dedicated SOC team to manage and analyze things constantly. We're a small company that doesn't have those resources."

"Having everything in a central place has been helpful."

"This solution can completely detect and prevent incidents on your network."

"The most valuable feature in AT&T AlienVault USM is the reporting."

"OTX is a great module that lets staff maintain and monitor updates regarding events in the infrastructure and takes decision to improve the security perimeter."

"What I find the most valuable about USM Anywhere is its compliance. It shows a list of all the administrators logged on and does it quite well. There are no whistles and bells, it's reliable and simple to use."

"We had used previous products and found AlienVault centralized the logging for our security."

More USM Anywhere pros

Cons

"There should be some user groups and an auto sign-in feature."

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."

"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."

"More customization is always useful."

"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."

"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."

"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"

"Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest."

More Graylog cons

"It would be hard for any legitimate MSSP to use it."

"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."

"The lack of mature functionality and expertise in any of those areas is a strong negative."

"There are many reports included but would be nice to have better access to the data."

"Their threat intelligence platform needs to be broadened. They should integrate it with more threat intelligence platforms. For the threat feed that they get from open intelligence, I would like them to add a few premium threat intelligence platforms. They can provide a bundle in which AlienVault has the threat intelligence background of other premium products."

"It should be able to communicate with other security solutions to stop threats."

"The only complex area of the setup was writing the custom scripts."

"Source material on the forums to be more up-to-date with the changes happening within the product. Forums being out-of-date with information due to the changes makes troubleshooting a little more difficult - specific to the HIDS agents."

More USM Anywhere cons

Pricing and Cost Advice

"You get a lot out-of-the-box with the non-enterprise version, so give it a try first."

"Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license."

"It's an open-source solution that can be used free of charge."

"We're using the Community edition."

"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."

"I am using a community edition. I have not looked at the enterprise offering from Graylog."

"Consider Enterprise support if you have atypical needs or setup requirements."

"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."

More Graylog pricing and cost advice

"AlienVault is flexible on their pricing for unlimited licenses."

"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."

"The vulnerability management solution is worse than buying a Nessus Professional license."

"Its price is in the medium to upper range."

"QRadar, ArcSight and Splunk are some of the most expensive SIEM products out there in the market and not everyone has the budget to buy them. In such cases, AV USM is a very cost effective alternative."

"We checked out several competitors. For what it can do and the cost, it was the best option!"

"It's very reasonably priced. It was one of the lowest among the ones I looked at. Licensing is pretty flexible. They can do a two-year or a three-year, even a one-year, perhaps."

"It's affordable for most customers."

More USM Anywhere pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

831,265 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Comms Service Provider

Government

Educational Organization

Computer Software Company

19%

Educational Organization

Financial Services Firm

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Graylog?

The product is scalable. The solution is stable.

See all answers

What is your experience regarding pricing and costs for Graylog?

We are using the free version of the product. However, the paid version is expensive.

See all answers

What needs improvement with Graylog?

Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, ...

See all answers

What do you like most about AT&T AlienVault USM?

The most valuable feature of the solution is the ease of deployment that it provides to users. The integrations that the product has with third-party applications are useful.

See all answers

What is your experience regarding pricing and costs for AT&T AlienVault USM?

The pricing is amazing and really cheap.

See all answers

What needs improvement with AT&T AlienVault USM?

There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also limited when used with bigger products and has complex password requirements.

See all answers

Comparisons

Grafana Loki vs Graylog

Compared 44% of the time

Wazuh vs Graylog

Compared 21% of the time

syslog-ng vs Graylog

Compared 11% of the time

Security Onion vs Graylog

Compared 4% of the time

Fortinet FortiAnalyzer vs Graylog

Compared 3% of the time

More Graylog Competitors

AlienVault OSSIM vs USM Anywhere

Compared 21% of the time

Wazuh vs USM Anywhere

Compared 17% of the time

Splunk Enterprise Security vs USM Anywhere

Compared 11% of the time

IBM Security QRadar vs USM Anywhere

Compared 9% of the time

CrowdStrike Falcon vs USM Anywhere

Compared 9% of the time

More USM Anywhere Competitors

Product Reports

Buyer's Guide

Graylog

January 2025

Download Graylog product report

Buyer's Guide

USM Anywhere

December 2024

Download USM Anywhere product report

Also Known As

Graylog2

AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity

Learn More

Graylog

Video not available

LevelBlue

Overview

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Considerably faster analysis speeds.
More robust and easier-to-use analysis platform.
Simpler administration and infrastructure management.
Lower cost than alternatives.
Full-scale customer service.
No expensive training or tool experts required.

USM Anywhere centralizes security monitoring of networks and devices in the cloud, on premises, and in remote locations, helping you to detect threats virtually anywhere.

Discover

Network asset discovery
Software & services discovery
AWS asset discovery
Azure asset discovery
Google Cloud Platform asset discovery

Analyze

SIEM event correlation, auto-prioritized alarms
User activity monitoring
Up to 90-days of online, searchable events

Detect

Cloud intrusion detection (AWS, Azure, GCP)
Network intrusion detection (NIDS)
Host intrusion detection (HIDS)
Endpoint Detection and Response (EDR)

Respond

Forensics querying
Automate & orchestrate response
Notifications and ticketing

Assess

Vulnerability scanning
Cloud infrastructure assessment
User & asset configuration
Dark web monitoring

Report

Pre-built compliance reporting templates
Pre-built event reporting templates
Customizable views and dashboards
Log storage

Sample Customers

Blue Cross Blue Shield, eBay, Cisco, LinkedIn, SAP, King.com, Twilio, Deutsche Presse-Agentur

Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom

Buyer's Guide

Graylog vs. USM Anywhere

January 2025

Free Report: Graylog vs. USM Anywhere

Find out what your peers are saying about Graylog vs. USM Anywhere and other solutions. Updated: January 2025.

DOWNLOAD NOW

831,265 professionals have used our research since 2012.

See our Graylog vs. USM Anywhere report.

See our list of best Log Management vendors.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.