Security Data engineer at a tech vendor with 5,001-10,000 employees
Real User
Top 20
Feb 11, 2026
Currently, there is a limitation of 100 inputs in Anvilogic integrations, which is less than our needs, making it a challenge to fit all our inputs. Additionally, I believe the documentation should be publicly accessible. We work with different teams to get the data, but since the documentation is not available to everyone, we often have to explain how to make integrations. Also, there are features that do not work as expected; for example, we recently tried to ingest an AWS CloudTrail input to which Anvilogic could not accept any more data past a certain point, forcing us to look for alternatives. We have found that data mapping is sometimes not adequate, as it can only parse JSON data, contrary to the documentation suggesting that CSV or XML formats are acceptable, which has caused issues.
Threat Researcher 2 at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Jan 28, 2026
My experience with Anvilogic is still in detection engineering, but writing detection logic in scripting languages, like the Splunk processing language, has limitations compared to programming languages. Anvilogic does provide some flexibility but has limitations when baseline detection rules or complex behavioral patterns are involved. I found it very efficient for version control with Splunk, although it lacked a robust CI/CD pipeline, which is crucial for comprehensive testing before changes go into production. The API documentation was also limited, affecting data analytics capabilities regarding detection logic. Nonetheless, Anvilogic's support team was responsive and provided good support when I raised issues. One suggestion I have for Anvilogic is improving the whitelisting process, as maintaining a CSV for that can become cumbersome when it reaches 10,000 lines. Additionally, the separation for customer-specific detection rules and suppressions could be better defined so the changes can be made without needing customer support every time. I was informed about the AI SOC solutions Anvilogic was working on; however, they were not functional at the time, and I cannot comment on their effectiveness since I lacked access to those features. The version controlling and behavioral patterns are strong suits of Anvilogic, but there needs to be stronger access control and CI/CD pipeline integration. Additionally, customer support could be more prompt, and custom detections should be tailored more effectively.
Anvilogic could be better in areas of the triage dashboard as they're beholden to Splunk's functionality. I need to click three times to get to all the information I need. Enterprise Security did that better in the old version. Anvilogic requires three clicks to get the full set of information. More customization on the triage dashboard would be beneficial, however, there have been no limitations so far.
I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward. Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.
Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap.
The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations. The pricing is slightly edging towards being a bit much for smaller organizations.
We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.
Anvilogic breaks the SIEM lock-in that drives detection gaps and high costs for enterprise SOCs. It enables detection engineers and threat hunters to keep using their existing SIEM while seamlessly adopting a scalable and cost-effective data lake for high-volume data sources and advanced analytics use cases.
By eliminating the need for rip-and-replace, Anvilogic allows security leaders to confidently join the rest of the enterprise on the modern data stack without disrupting existing...
Currently, there is a limitation of 100 inputs in Anvilogic integrations, which is less than our needs, making it a challenge to fit all our inputs. Additionally, I believe the documentation should be publicly accessible. We work with different teams to get the data, but since the documentation is not available to everyone, we often have to explain how to make integrations. Also, there are features that do not work as expected; for example, we recently tried to ingest an AWS CloudTrail input to which Anvilogic could not accept any more data past a certain point, forcing us to look for alternatives. We have found that data mapping is sometimes not adequate, as it can only parse JSON data, contrary to the documentation suggesting that CSV or XML formats are acceptable, which has caused issues.
My experience with Anvilogic is still in detection engineering, but writing detection logic in scripting languages, like the Splunk processing language, has limitations compared to programming languages. Anvilogic does provide some flexibility but has limitations when baseline detection rules or complex behavioral patterns are involved. I found it very efficient for version control with Splunk, although it lacked a robust CI/CD pipeline, which is crucial for comprehensive testing before changes go into production. The API documentation was also limited, affecting data analytics capabilities regarding detection logic. Nonetheless, Anvilogic's support team was responsive and provided good support when I raised issues. One suggestion I have for Anvilogic is improving the whitelisting process, as maintaining a CSV for that can become cumbersome when it reaches 10,000 lines. Additionally, the separation for customer-specific detection rules and suppressions could be better defined so the changes can be made without needing customer support every time. I was informed about the AI SOC solutions Anvilogic was working on; however, they were not functional at the time, and I cannot comment on their effectiveness since I lacked access to those features. The version controlling and behavioral patterns are strong suits of Anvilogic, but there needs to be stronger access control and CI/CD pipeline integration. Additionally, customer support could be more prompt, and custom detections should be tailored more effectively.
Anvilogic could be better in areas of the triage dashboard as they're beholden to Splunk's functionality. I need to click three times to get to all the information I need. Enterprise Security did that better in the old version. Anvilogic requires three clicks to get the full set of information. More customization on the triage dashboard would be beneficial, however, there have been no limitations so far.
It is difficult for me to suggest improvements for Anvilogic after seeing the roadmap evolve with the improvements they're making.
I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward. Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.
Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap.
The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations. The pricing is slightly edging towards being a bit much for smaller organizations.
We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.