Anvilogic Reviews

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent. 

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side. 

We integrate Anvilogic directly with Splunk rather than using the Amplitude platform separately.  That has been helpful because we don't need to bring logs to a third-party source.

Anvilogic's AI assistant is pretty good. It helps us build out detections within your environment. It has improved our detection logic by a small amount and slightly reduced the time involved in detection writing. Generally, the detection builder is decent.

The drag-and-drop detection engine portal has been helpful because you don't need any programming experience. One area where the generative AI aspect has been helpful is when we are figuring out the specific threats about something that's triggered or similar campaigns. You can write in the latest from this type of detection that I'm looking at and get information back. 

We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.

I've been a full-time customer of Anvilogic for about two years now, and we did a proof of concept eight months or so before we became a customer.

We haven't had any issues with stability.

Anvilogic is as scalable as the environments you've integrated it with, whether it's Snowflake or Splunk.

We have a biweekly standing call with the Anvilogic team to talk through detections and updates, but I can't think of a case where we've had to contact them outside of that call.

The initial deployment was easy because we had it set up for our proof of concept, so it just took a little tuning, and we had it set up within a week. We had one person on our side working with somebody on their side. It's a cloud-based solution, but they push out updates on it. We haven't had any issues where it's broken on our systems, where we've had to lean in on the maintenance side.

We roughly broke even. If we had invested more or tuned our environment a little better, we might have come out on top.

Anvilogic's pricing has been highly competitive. 

We did an extensive proof of concept for Anvilogic, Panther, Devo, Google Chronicle, Splunk, and a few different SIEM/detection engines. We did a breakdown based on our criteria and scoring on various features. Anvilogic outperformed the other tools that we tested.

The price was right for the organization. They also offered a multiyear deal that kept the price down looking forward. We compared it to something like the Chronicle, which required us to export our data specifically to that. It required multiple areas for ingestion, bringing up operational costs on top of the licensing cost. It wasn't providing better detection support than Anvilogic because it was able to integrate with Splunk and our case. It was able to pull off of data that was already being ingested, when we needed to have it ingest in multiple locations.

I rate Anvilogic seven out of 10. To prepare for Anvilogic, I recommend leaning into it. Take advantage of the support team and get some additional training. Use the workshops and commit to using the product. It's a tool that's only as good as the time you put into it. If you bring in the detection engine but don't put any time into creating those detections, then there's not much point. 

Anvilogic serves as my cybersecurity company's platform that provides detection, SIEM support, and SOC investigation, along with the implemented MITRE ATT&CK framework.

A specific example of how I use Anvilogic in my daily work is that it provides threat detection, reports, detailed reports, detection engineering, and threat hunting, which is quite good.

Anvilogic's threat hunting feature has made my work easier because it supports advanced threats and attack scenarios, analyzing across platforms to detect both known and unknown threats, which proves very useful for my organization.

Anvilogic has changed how my team thinks about detection by improving detection engineering, reducing false-positive alerts, and integrating hybrid SIEM and data lake architectures, and so far, it has been beneficial.

What surprised me the most about Anvilogic once I started using it is the automation capability, which automatically detects and investigates threats such as malware and provides us with reports, making the automation aspect very strong in this software.

Since onboarding, my usage has evolved. During the first 90 days, the software wasn't configured properly, and we were just understanding its basics. As use cases increased daily, we altered and modified some policies and rules to reduce false-positive reports.

Anvilogic's best features are detection, SIEM support that is logged into the SIEM, AI detection in the SOC workflow, as well as threat detection and correlation of that particular software.

Anvilogic's AI detection in the SOC workflow stands out compared to other solutions I've tried because the accuracy of the AI makes it the best software for my organization. The AI agent assists with detection and threat creation, analyzes behaviors, and triggers alerts if any suspicious behavior occurs, along with investigation and MITRE ATT&CK mapping, which helps me significantly.

Anvilogic has positively impacted my organization by helping with both known and unknown threats already present in the current threat landscape, detecting SIEM tools such as Splunk, Microsoft Sentinel, Snowflake, and Databricks, optimizing those tools, and strengthening my organization in the cybersecurity realm.

I have seen a reduction in response time as a specific outcome. Due to SIEM modernization and SOC automation, it has helped me significantly by reducing false-positive reports and alerts.

I chose a nine because, while Anvilogic is excellent, there is room for improvement in terms of the false-positive reports that have been presented and the AI pattern that can be improved.

I have been using Anvilogic for three years.

Anvilogic is quite stable.

On a scale of one to ten, I would rate Anvilogic's scalability as a nine.

The customer support of Anvilogic is good and quite responsive.

We did not previously use any different solution and directly switched to Anvilogic.

Before choosing Anvilogic, we did not evaluate other options and directly purchased it from a vendor who offered it to improve our organization's capabilities. After trying it for two years, it has been working well.

I am from the technical department, so I do not have details about pricing, setup cost, or licensing, as that was handled by my management team.

I am not certain about return on investment, but I can say it is meeting what I needed and what is necessary for the organization.

I am from the technical department, so I do not have details about pricing, setup cost, or licensing, as that was handled by my management team.

We did not previously use any different solution and directly switched to Anvilogic. Before choosing Anvilogic, we did not evaluate other options and directly purchased it from a vendor who offered it to improve our organization's capabilities. After trying it for two years, it has been working well.

My advice to others looking into using Anvilogic is that they should try it at least once by conducting a proof of concept, and if their use cases are met, they can proceed with confidence.

When other teams ask about Anvilogic, I tell them it has helped significantly and has reduced work in reporting and investigation within my organization since adoption.

I have not considered what would break first if Anvilogic disappeared, but I would say the automation capability and reporting would negatively impact my organization.

Looking 12 months ahead, I see Anvilogic playing a bigger role as features evolve rapidly. Any improvements in false-positive reports or new features would definitely enhance its role in my organization.

The need for something better was triggered by the various threats present in the world, which needed to be improved and detected. For that reason, we chose to purchase this software, and having worked on it for the past two years, it satisfies our organizational use cases.

I rate this review a nine overall.