Security Data engineer at a tech vendor with 5,001-10,000 employees
Real User
Top 20
Feb 11, 2026
Anvilogic serves as our main SIEM and detection engineering platform. We use Anvilogic to create alerts based on our data, and the AI capability to detect alerts based on whatever data we are feeding into it is a feature that our team at Kroll particularly values. We have SentinelOne data, which is our EDR, and we have EDR data directly set up through Anvilogic input without using any third-party tool to get that data. Anvilogic has integrations directly in place, and we are using the SentinelOne input through Anvilogic. Since we uploaded or ingested that data, Anvilogic has started to give us suggestions about what alerts could be fired through that data. Anvilogic has flagged the threat identifiers through which we can build some use cases or modify them for our use. Anvilogic has also helped us understand what is a false positive and what could be a promising use case for our company in particular, providing valuable support. Regarding how Anvilogic supports our detection engineering, the uniqueness is about AI, which we did not have in Splunk earlier. This helps us not only to close the false positives but also features AI to write our queries. This capability lifts a lot of burden from the SOC team as they do not have to focus on how to write a query but can concentrate on investigating an alert or a use case, which has really caught my eye, and I am glad we have onboarded that feature.
Threat Researcher 2 at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Jan 28, 2026
I primarily use Anvilogic as a wrapper over SIM, mainly Splunk, but it can also be applied to other SIM platforms like Kibana. I utilize it for versioning the rules and detection logic I write, which can get stale or require enhancement. For example, if I wrote a detection rule for detecting script execution that needed additional logic, I used Anvilogic to maintain those versions or to build behavioral detection patterns, which is complicated in Splunk alone. Anvilogic allows me to extract a plethora of information, including mapping TTPs assigned for detection logic, which effectively helps in setting quarterly coverage agendas, thus illustrating its vital role in detection strategy and management presentations. The first thing that would break without Anvilogic is the complex detection logic involved in creating behavioral patterns, which yield high-fidelity alerts. Additionally, losing the control over Splunk SPL queries, due to lack of version control provided by Anvilogic, would pose a nightmare for any detection engineering team. The deployment model for Anvilogic was private.
The primary use case for Anvilogic is detection velocity and keeping version control of the detections. We're still not fully deployed, so it's not in production yet.
Director, Cybersecurity at a financial services firm with 10,001+ employees
Real User
Top 10
Jul 16, 2025
The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.
Senior Director | Detection Response at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Jul 16, 2025
It serves as the glue between all my vendor telemetry and gives us the capability to build our own detection capabilities in a very advanced way. We have moved off of single-based detections into threat scenarios, which gives us significantly higher fidelity detection capability.
Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.
Anvilogic offers a no-code platform that enhances SOC efficiency by leveraging AI capabilities, providing detection coverage and industry-specific insights while integrating seamlessly with platforms like Snowflake.Providing advanced visibility into detection coverage, Anvilogic delivers industry-specific insights through a powerful AI-driven, no-code environment. Users benefit from features like log normalization, the Armory for pre-built detections, and integration flexibility with...
Anvilogic serves as our main SIEM and detection engineering platform. We use Anvilogic to create alerts based on our data, and the AI capability to detect alerts based on whatever data we are feeding into it is a feature that our team at Kroll particularly values. We have SentinelOne data, which is our EDR, and we have EDR data directly set up through Anvilogic input without using any third-party tool to get that data. Anvilogic has integrations directly in place, and we are using the SentinelOne input through Anvilogic. Since we uploaded or ingested that data, Anvilogic has started to give us suggestions about what alerts could be fired through that data. Anvilogic has flagged the threat identifiers through which we can build some use cases or modify them for our use. Anvilogic has also helped us understand what is a false positive and what could be a promising use case for our company in particular, providing valuable support. Regarding how Anvilogic supports our detection engineering, the uniqueness is about AI, which we did not have in Splunk earlier. This helps us not only to close the false positives but also features AI to write our queries. This capability lifts a lot of burden from the SOC team as they do not have to focus on how to write a query but can concentrate on investigating an alert or a use case, which has really caught my eye, and I am glad we have onboarded that feature.
I primarily use Anvilogic as a wrapper over SIM, mainly Splunk, but it can also be applied to other SIM platforms like Kibana. I utilize it for versioning the rules and detection logic I write, which can get stale or require enhancement. For example, if I wrote a detection rule for detecting script execution that needed additional logic, I used Anvilogic to maintain those versions or to build behavioral detection patterns, which is complicated in Splunk alone. Anvilogic allows me to extract a plethora of information, including mapping TTPs assigned for detection logic, which effectively helps in setting quarterly coverage agendas, thus illustrating its vital role in detection strategy and management presentations. The first thing that would break without Anvilogic is the complex detection logic involved in creating behavioral patterns, which yield high-fidelity alerts. Additionally, losing the control over Splunk SPL queries, due to lack of version control provided by Anvilogic, would pose a nightmare for any detection engineering team. The deployment model for Anvilogic was private.
My main use case for Anvilogic is for triage in the SOC. That's the primary use case.
The primary use case for Anvilogic is detection velocity and keeping version control of the detections. We're still not fully deployed, so it's not in production yet.
The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.
It serves as the glue between all my vendor telemetry and gives us the capability to build our own detection capabilities in a very advanced way. We have moved off of single-based detections into threat scenarios, which gives us significantly higher fidelity detection capability.
We use Anvilogic as an SOC detection engineering platform. In addition to that, we use it for hunting and investigation purposes.
Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.