Anvilogic Reviews

It serves as the glue between all my vendor telemetry and gives us the capability to build our own detection capabilities in a very advanced way. We have moved off of single-based detections into threat scenarios, which gives us significantly higher fidelity detection capability.

There were no surprises about Anvilogic once I started using it. I knew the quality of the team that was building this tool and it has been a great partnership and collaboration, and they have just been fantastic partners.

It has been a journey that we have jointly been on together. As we are building our program, we are partnering very closely with Anvilogic and pushing the threshold of detection engineering capabilities.

We are on a continuous journey together, and we are continuously trying to push and innovate new ways to push the threshold of detection engineering. We are only able to do many of these capabilities due to the partnership that we have with Anvilogic, where they are meeting what we need to continually push new innovative solutions.

I appreciate all the features of Anvilogic. Our usage of Anvilogic has evolved since onboarding. We originally started soft and focused really on the ETL process to bring data in. As we started getting data in, we began using the detection and correlation engine. As we got more advanced, we started using the threat scenario engine, and we have built many custom processes from that.

Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap.

I have been using Anvilogic for just about three years.

I would assess the stability and reliability of Anvilogic as very good. There has been no downtime in the traditional sense, but it has all been scheduled downtime. We have had advanced notice, and there are no performance issues or crashes that we know of. Anytime we have been using the platform, it has been available.

Anvilogic scales effectively with the growing needs of my organization. We have not had any scaling issues thus far.

Just my team has access to Anvilogic, and that is by design.

I would evaluate their customer service and tech support as fantastic. We have had a great partnership. I would rate them a ten out of ten.

The need for something better first triggered when I joined the organization and started building the detection response program. I was familiar with the big name products, but I was looking to build something bleeding edge and next-gen. With Anvilogic, I knew the team, and I knew that it was a team of practitioners building this tool as opposed to one practitioner who hired software engineers to build the tool. I have experience consulting those types of products. I knew Anvilogic was being built by practitioners, which really motivated me to pursue the tool.

There has been a journey regarding how I justify things to leadership and how I convinced leadership to let me adopt Anvilogic. There was significant information and education that had to occur at the board level to get adoption and buy-in. As we have helped mature the education level of the board to embark on the journey, it became prevalent that we needed a solution and a partner that could keep up with the growing demand that we have in this particular space.

We are pure cloud based, and we run on top of Snowflake. The deployment was very simple. We were in the early phase for Snowflake, so there were a couple early implementation hiccups, but we partnered with Anvilogic on those, and that was kind of part of us being that early implementation partner. We paved the way for future Snowflake customers.

We started our journey with Anvilogic. I do not have the metrics to show in our current organization that could justify that, but the capability that we have on Anvilogic is unmatched to any other platform.

I considered Panther and Hunters before selecting Anvilogic. Originally, we would have considered Anvilogic, but they had not migrated or enabled the capability on Snowflake yet. We were actually in the 11th hour for signing a contract with Hunters when Anvilogic reached out to me and said they were testing a Snowflake capability and asked if we were willing to test it. We put together a time frame for a very quick POV. I knew the capability and the aptitude of this team and was very motivated to do so in a timely manner, and we were able to conclude our POV and determine it was a superior product before we signed the contract with Hunters.

If Anvilogic disappeared tomorrow, everything would break first. 

I would rate Anvilogic a ten out of ten.

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent. 

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side. 

We integrate Anvilogic directly with Splunk rather than using the Amplitude platform separately.  That has been helpful because we don't need to bring logs to a third-party source.

Anvilogic's AI assistant is pretty good. It helps us build out detections within your environment. It has improved our detection logic by a small amount and slightly reduced the time involved in detection writing. Generally, the detection builder is decent.

The drag-and-drop detection engine portal has been helpful because you don't need any programming experience. One area where the generative AI aspect has been helpful is when we are figuring out the specific threats about something that's triggered or similar campaigns. You can write in the latest from this type of detection that I'm looking at and get information back. 

We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.

I've been a full-time customer of Anvilogic for about two years now, and we did a proof of concept eight months or so before we became a customer.

We haven't had any issues with stability.

Anvilogic is as scalable as the environments you've integrated it with, whether it's Snowflake or Splunk.

We have a biweekly standing call with the Anvilogic team to talk through detections and updates, but I can't think of a case where we've had to contact them outside of that call.

The initial deployment was easy because we had it set up for our proof of concept, so it just took a little tuning, and we had it set up within a week. We had one person on our side working with somebody on their side. It's a cloud-based solution, but they push out updates on it. We haven't had any issues where it's broken on our systems, where we've had to lean in on the maintenance side.

We roughly broke even. If we had invested more or tuned our environment a little better, we might have come out on top.

Anvilogic's pricing has been highly competitive. 

We did an extensive proof of concept for Anvilogic, Panther, Devo, Google Chronicle, Splunk, and a few different SIEM/detection engines. We did a breakdown based on our criteria and scoring on various features. Anvilogic outperformed the other tools that we tested.

The price was right for the organization. They also offered a multiyear deal that kept the price down looking forward. We compared it to something like the Chronicle, which required us to export our data specifically to that. It required multiple areas for ingestion, bringing up operational costs on top of the licensing cost. It wasn't providing better detection support than Anvilogic because it was able to integrate with Splunk and our case. It was able to pull off of data that was already being ingested, when we needed to have it ingest in multiple locations.

I rate Anvilogic seven out of 10. To prepare for Anvilogic, I recommend leaning into it. Take advantage of the support team and get some additional training. Use the workshops and commit to using the product. It's a tool that's only as good as the time you put into it. If you bring in the detection engine but don't put any time into creating those detections, then there's not much point.