My main use case for Anvilogic is security incident event management. A quick specific example of how I use Anvilogic for security incident event management is triaging or correlation of security events from multiple security platforms and log sources.

I currently utilize multiple of Anvilogic's AI features, both for fine-tuning and developing new content, as well as the threat intelligence feeds that it provides.

In my opinion, the best features Anvilogic offers are the AI features, which are great, and their common language rule tuning and modeling is much simpler than those other vendors that require query building skills.

The common language rule tuning and modeling have made things easier for my team because it is broken down into multiple smaller chunks rather than one large chunk of code. Multiple smaller, pre-processed data points are basically visible and editable in those smaller chunks without having to actually code at all.

Anvilogic has impacted my organization positively because it is native for cloud-type infrastructures and they have a significant proactive approach to cost licensing. Rather than having to import all data, it actually sits on top of Snowflake, which reduces overall cost for data storage itself. Since implementing Anvilogic, our overall costs have been reduced.

Anvilogic can be improved further by maturing certain intelligence aspects outside of articles. This is an aspect that lacks in most SIEM and secure analytics tools, but personally the framework or "barebone" is in Anvilogic, it just needs further maturing

I have been using Anvilogic for six months.

Anvilogic is stable.

Anvilogic's scalability is good and it scales properly.

I have not directly worked with customer support since I am a manager, but I have not heard any complaints from my employees.

I previously used top tier SIEM's. I switched to Anvilogic because it looked overall better and proved to be a better fit for our type of architecture.

I have seen a return on investment in the form of time saved developing new content.

My experience with pricing, setup cost, and licensing was straightforward. They provide estimates because obviously every business is different, but they provided reasonable estimates that were fairly accurate based on other customers from a similar type of background or size.

Before choosing Anvilogic, I evaluated other options. including vendors in the top quadrant

Anvilogic has changed how my team thinks about detection and data usage because it makes it easier to follow than other tool sets. Since a lot of the content is dynamic, you can follow the trail in the threat hunt perspective compared to other tools where you have to manually recreate a new query to investigate the action further.

The moment that led me to choose Anvilogic was triggered because we normally evaluate vendors every so often to make sure we have a proper solution in place.

My usage of Anvilogic has evolved since onboarding and it is a bit more mature now, which certainly does help.

When other teams ask about Anvilogic, I tell them that it is fairly good.

There has not been anything that has become easier to justify or explain to leadership since adopting Anvilogic.

My advice to others looking into using Anvilogic is to conduct a test or proof of concept based on your actual future stance so that you feel the proper controls and everything is adequate to where you want to go.

I am looking forward to seeing how the tool will evolve and grow, especially with the AI features. I would rate this product overall as a 9 out of 10.

My main use case for Anvilogic is coordinating and tracking indicators of compromise and detection rules. I use Anvilogic for coordinating and tracking indicators of compromise or detection rules by feeding detection rules into Splunk, our Splunk environment, and these are turned into actionable alerts for our security operations center.

Anvilogic has positively impacted my organization by being a force multiplier for our security operations center and has allowed us to coordinate and distribute work more efficiently and provide consistency among the multiple SIEM environments.

I was able to create 90 detection scenarios in the first two weeks of using Anvilogic, which showcases how it improved efficiency and consistency for my team.

The best features Anvilogic offers are consistent recording and tracking of detection engine detection rules as they adapt over time to adversary's behaviors, and the ability to operate in multiple security SIEM environments.

Anvilogic works for my team by providing a single point of contact to put detection engineering rules that then get distributed to all of the various event management engines, as we have multiple SIEM environments in our company, including Microsoft Defender, Splunk, Elastic, and others.

Anvilogic has changed how my team thinks about detection by allowing us to no longer apply the same configurations and correlation rules in multiple Splunk environments and can transparently search across multiple SIEMS platforms.

What surprised me the most about Anvilogic once I started using it is the ease of creating and maintaining custom threat intel and threat scenarios.

Anvilogic can be improved with more support for cross-platform and native detection languages such as Sigma and Yara rules.

I have been using Anvilogic for about six months.

Anvilogic has been very stable and reliable.

Anvilogic's scalability has been great as it has been able to scale and perform well, better than the available resources we have to throw at it, and we have not run into any issues with our analysts not being able to access Anvilogic and perform their activities efficiently.

Anvilogic customer support has been very productive to work with.

I have seen a return on investment in that Anvilogic has been more of a fundamental enablement technology than a return on investment, but it has definitely allowed us to move more quickly with integrating our corporate acquisitions as well as with our corporate colleagues who use other SIEM technologies.

When other teams ask about Anvilogic, I tell them it makes detection engineering into a process rather than a one-time operation.

I convinced my leadership to adopt Anvilogic by comparing it to the manual operations and the overhead of repeated detection engineering processes.

My advice for others looking into using Anvilogic is to start with the configurations and detection rules that come prepackaged, and then reach out and create your own to expand your capabilities; once you start using this system, it becomes much easier and more efficient than manually maintaining detection rules.

I provide this review with a rating of 10.

I primarily use Anvilogic as a wrapper over SIM, mainly Splunk, but it can also be applied to other SIM platforms like Kibana. I utilize it for versioning the rules and detection logic I write, which can get stale or require enhancement. For example, if I wrote a detection rule for detecting script execution that needed additional logic, I used Anvilogic to maintain those versions or to build behavioral detection patterns, which is complicated in Splunk alone.

Anvilogic allows me to extract a plethora of information, including mapping TTPs assigned for detection logic, which effectively helps in setting quarterly coverage agendas, thus illustrating its vital role in detection strategy and management presentations. The first thing that would break without Anvilogic is the complex detection logic involved in creating behavioral patterns, which yield high-fidelity alerts. Additionally, losing the control over Splunk SPL queries, due to lack of version control provided by Anvilogic, would pose a nightmare for any detection engineering team.

The deployment model for Anvilogic was private.

The best features of Anvilogic include easy usability for beginner analysts, good version control, though it could be enhanced, and the need for improved access controls and better training notifications for users. The quick responses regarding new threats and the thorough curation of detection rules were also positives. However, hiring customization based on customer environments and reducing noise from detections is critical.

I was surprised by the effective version control capabilities and how easily one can configure complex behavioral patterns. The learning curve is not steep, allowing even those with basic knowledge in writing detection rules to adapt quickly. However, after a year, I noticed limitations, especially concerning issue resolution timeframes.

My experience with Anvilogic is still in detection engineering, but writing detection logic in scripting languages, like the Splunk processing language, has limitations compared to programming languages. Anvilogic does provide some flexibility but has limitations when baseline detection rules or complex behavioral patterns are involved. I found it very efficient for version control with Splunk, although it lacked a robust CI/CD pipeline, which is crucial for comprehensive testing before changes go into production. The API documentation was also limited, affecting data analytics capabilities regarding detection logic. Nonetheless, Anvilogic's support team was responsive and provided good support when I raised issues.

One suggestion I have for Anvilogic is improving the whitelisting process, as maintaining a CSV for that can become cumbersome when it reaches 10,000 lines. Additionally, the separation for customer-specific detection rules and suppressions could be better defined so the changes can be made without needing customer support every time.

I was informed about the AI SOC solutions Anvilogic was working on; however, they were not functional at the time, and I cannot comment on their effectiveness since I lacked access to those features. The version controlling and behavioral patterns are strong suits of Anvilogic, but there needs to be stronger access control and CI/CD pipeline integration. Additionally, customer support could be more prompt, and custom detections should be tailored more effectively.

It has been almost eight months since I last worked with Anvilogic because I switched companies, so I have not worked with it since.

I generally handle scalability through Splunk admin team support, and I did not face significant downtime or reliability issues with Anvilogic. It felt stable and sufficiently reliable throughout my time using it.

In 12 months, I do not believe Anvilogic will be replaced since it is deeply integrated into the detection framework at Rakuten, and the time taken to stabilize integrations is considerable. Even with its shortcomings, the value Anvilogic brings in detection and threat investigation is hard to replicate quickly.

Anvilogic will not be replaced at Rakuten, as its integration is extensive, and the time to build stable detection solutions is significant. Even small companies face challenges transitioning expertise, which makes Anvilogic a viable long-term solution.

The rating for the technical support of Anvilogic would depend on factors like who handles the request, but on a scale of 1 to 10, I would rate it around 6.5 to 7. Requests are typically addressed within 45 to 60 days, which I consider a reasonable timeframe given the number of customers.

Anvilogic was introduced at my last company before I joined the detection engineering team, and I know it is mainly used by that team. I am unsure if they have switched back to any other MSSP or whether they have switched back from Anvilogic to any other product.

The deployment process took place before my arrival at the company.

Based on the context of the environment, I find Anvilogic is highly beneficial for smaller cybersecurity teams needing an efficient detection tool. Larger organizations may explore alternatives, but for small to intermediate teams, Anvilogic fits well in their detection processes.

Regarding triage, I usually perform analysis directly through Splunk, so I do not find Anvilogic enhances my triaging process significantly. However, it does provide useful triggered rules, but Splunk remains my primary tool for queries and triage.

My overall review rating for Anvilogic is 6.5 out of 10.

My main use case for Anvilogic is for triage in the SOC. That's the primary use case.

The 'we need something better' moment was triggered when we were trying to roll out custom alerts with Splunk Enterprise Security; it was atrocious to do that. You would have to clone things and then reuse alerts you made. Just making new alerts, the process was not very good, and there was no versioning for all the alerts we create. So we had to trust Splunk for what they created. Rolling out new alerts was a pain since you had to load them up in a new app and things similar to that.

With Anvilogic, they made it super simple. I can describe a process where they have something they refer to as the Armory. You just go to the Armory, click all the things you want. It automatically pushes it down to your Splunk Enterprise with their app loaded up on there if you modify it as needed. It tends to just work, and you can customize it easily since it tells you the Splunk language plus the normal human language. So it makes modifying it simple with rollback versioning. They have groups based on known attackers coming for you, and you can group them together that way and deploy a whole set of alerts designed just for those specific use cases of those attackers and their IOCs.

Aside from the easy custom alerting with Anvilogic, the next feature I appreciate most is that they also standardized bringing in the logs. They set some macros that help standardize and make more sense than Splunk. They teach you and give you insights every morning or every week, saying, 'Hey, this is not working, so what do you want. You're getting one or two of these alerts per day. Do you want to squash them from error to warning?' They're always giving you tips on how to improve the efficiency of the system itself. Creating scenarios was amazing. In Anvilogic's case, you create scenarios based on MITRE ATT&CK framework. Every rule that fits that MITRE will get used.

My usage with Anvilogic has evolved since onboarding. After about two or three years, they started offering their cloud-based SOC where instead of just using Splunk as a data set, you could run your searches against Snowflake databases, Demisto, and others including Azure log storage. Their generative AI work has been fantastic as it's very specific in what you need to do. The route they've gone with the different types of AI agents aligns exactly with what I was hoping the market would do. Seeing them do the Tier Zero for SOC-type stuff with their playbooks has been impressive.

Since adopting Anvilogic, our team's quick SOC response has become essential. We have been known to respond within five to seven minutes to an attacker compromising an account.

Anvilogic could be better in areas of the triage dashboard as they're beholden to Splunk's functionality. I need to click three times to get to all the information I need. Enterprise Security did that better in the old version. Anvilogic requires three clicks to get the full set of information. More customization on the triage dashboard would be beneficial, however, there have been no limitations so far.

Anvilogic has been in use for just over three years.

Regarding stability and reliability of Anvilogic, I cannot recall an outage. There might be temporary issues with updates, yet they have a Slack chat where they respond really fast. I have never experienced a serious outage.

Anvilogic grows effectively with the needs of my organization. They see where the market and technology are going, and they can institute all the things they wish they had when they were SOC operators.

I would evaluate their customer and technical support as fantastic. Their support is excellent since they answer my questions. When I try to create new solutions within the scope, they work with me effectively.

I did not extensively consider alternatives before selecting Anvilogic. Enterprise Security was still the best SIEM available since we were a Splunk shop. Through my reseller consortium networks, I received personal introductions to people at the founder level. Within 30 minutes of talking to Anvilogic, I realized they addressed all the problems I had been experiencing.

I would describe my experience with deploying Anvilogic as simple.

I have seen a return on my investment with Anvilogic. We rolled out approximately 1,500 Armory alerts in three months, which would not have been possible with Splunk, and they were all fixed and modified as needed.

My experience with pricing, setup costs, and licensing of Anvilogic was the easiest experience I have ever had.

When other teams ask about Anvilogic, I tell them it is security only. There were no surprises about the Anvilogic solution once I started using it; they were honest from the beginning about what they do and where they are going. Their culture is fantastic, and the people care about what they are doing.

The deployment model for Anvilogic is hybrid. We use Azure for some machines and have a small AWS footprint.

I rate Anvilogic a 9 out of 10, as they work effectively and fix the problems that people have with other SOCs and SIEMs.

The main use cases for Anvilogic are around detections and detection engineering, trying to accomplish everything from identifying, prioritizing threats, baselining current capabilities, and, based on the threat prioritization, identifying the gaps and recommended use cases that we will have to deploy to bridge those gaps. These are the use cases that we have deployed.

We enjoy a good partnership with the Anvilogic product and engineering teams. We could put many features that were not available in their pipeline, and they are quick to deliver key features for us. Deploying Anvilogic required training our team to adopt it, but during the evaluation, we planned our success criteria, which included training. The Anvilogic team has been with us since the beginning of the evaluation until now, maintaining the same cadence of meetings to review progress and areas for improvement, which is very helpful as a customer because we know they are not just after the next sale.

We were one of the first customers of Anvilogic, so many of its features were still under development when we began our journey with them. During the first 90 days, our primary focus was on migrating our detection content from the previous platform to Anvilogic. We concentrated on ensuring that this migration was done correctly. As we got more familiar with the platform, we discovered that Anvilogic has a highly robust detection library, with over 3,000 detections available. Their research team plays a crucial role in building these detections. Initially, we only deployed our custom detections that we had migrated, but over time, we began utilizing the detections from the library as well.

With each new feature that was released, we found our experience improved significantly. For instance, we appreciated the option to automatically deploy recommended detections. The insights capability was particularly impactful for us, as it automatically identified recommendations for tuning our use cases and fixing issues that needed attention. It also helped us discover areas we weren't actively monitoring. These differentiating features made a significant difference in our operations. Although it took us nearly a year to fully adopt Anvilogic, we are now at a point where all key stakeholders on the security operations team love the product and the user experience. Most importantly, we value the level of support we receive from Anvilogic.

From a maturity perspective, it has been very easy to measure our detection maturity over time. By using this detection engineering platform, we can manage the entire detection engineering lifecycle. Therefore, it’s simple to show executives our progress: where we started, where we currently are, and what remains to be done. We can also demonstrate how our maturity is evolving as new threats are identified and how we respond to them. All of this information is easy to justify thanks to the maturity dashboards available within the platform.

The features of Anvilogic that I prefer the most include having a holistic approach, from identifying the concept of analyzing maturity, doing it similarly to how we were doing it, looking at data maturity, data timeliness, data availability, and then into our detection maturity, and not only looking at prioritized detections needed for our specific area or domain, which was very important for us. From that point, deploying any recommended content is very simple.

Another important feature is the concept of a multistage threat scenario. After we started subscribing to Anvilogic, in future releases, they built out new features around automated threat detections and insights, such as health insights, hunt insights, and tuning insights, which are all neat features that allow my team to be more efficient.

I believe the future is very exciting, especially regarding the agentic approaches that have gained popularity following the rise of generative AI and large language models. We fully expect that within a year, Anvilogic will incorporate some level of agentic workflow capabilities. We might adopt these features solely within Anvilogic, or we may choose to integrate them with our own homegrown agentic workflows. This is the direction I see for Anvilogic's adoption moving forward.

Anvilogic can be improved by focusing on the agentic way of doing things, similar to what we saw with Monte Copilot, which still needs work. The team is currently doing that work as seen in the roadmap, including having an agent for search, a detection agent, and a hunt agent, making those concepts come to fruition.

We started looking at Anvilogic in late 2021, and then we started evaluating them in early 2022. By late 2022, we were already subscribed to Anvilogic.

Other than scheduled downtimes, I have not experienced any outages.

Anvilogic scales effectively with the growing needs of our organization, and we don't have issues when onboarding our primary stakeholders into the platform. They can use it and receive necessary training and coaching, while the most important part is that we can meet with the Anvilogic customer success team almost weekly to review our adoption and share feedback.

They are top-notch. They are always available. The customer service team is always available to us. The product management and the product engineering team are available to us if we need to review something with them.

Like many companies in this field, we utilize the MITRE ATT&CK framework to benchmark our current capabilities and build detections. Each year, at the beginning of the year, we download the latest version of the MITRE ATT&CK framework and assess our current detections. We tag and benchmark them, prioritize threats, and identify which use cases require new detection capabilities. Previously, this process took my team about two to three weeks, and we only performed it annually. However, around 2021, MITRE introduced the concept of sub-techniques. Initially, we were analyzing around 300 techniques, but now we have to analyze over 600. This effectively doubled the time that my team needed to complete the analysis. The work became repetitive and monotonous. As a result, I began searching for a solution that could streamline this process.

When Anvilogic reached out, we discussed our detection processes, and they explained the capabilities of their platform. It felt like a meeting of the minds because what we were doing manually, they could automate. We realized this solution could save us a significant amount of time and make us more agile. By automating the processes of prioritization, identifying gaps, and deploying recommended detections, we could conduct threat prioritization exercises whenever necessary. Given that the threat landscape evolves almost daily, completing these exercises only once a year would put us at a disadvantage. When we recognized Anvilogic’s capabilities, we knew we had to consider their solution.

In early to mid-2021, Anvilogic was the only one doing it this way. We were doing it manually while they were building it, and now there are many similar companies emerging, but we are happy with the success we have had with Anvilogic, choosing to partner with them and providing feedback and feature requests they can incorporate into subsequent releases.

Since Anvilogic was a new concept and product, we needed to invest a lot of time in training our team to adopt it. Fortunately, during the evaluation phase, we established clear success criteria, one of which was training on Anvilogic. The Anvilogic team has been with us from the very beginning of this process and continues to support us today.

We have detections in multiple places. Most of our detections are on-prem, but there are some that are in the cloud. We use their integration pipelines to bring all of them together.

It was fair. All of us like to deal with vendors who have a certain level of integrity, and the people who run Anvilogic have the highest level of integrity, which makes those sorts of negotiations much easier.

During our evaluation, we encountered many products making various promises. However, when it came to Anvilogic, they were able to identify key aspects of our processes during the evaluation period, which was impressive. This demonstrated that the Anvilogic product was engineered effectively and was functioning as intended. As a result, we started to trust both the team and the platform more.

Since then, we have enjoyed a strong partnership with the Anvilogic product and engineering teams. There were times when features we needed were not initially available, but we were able to communicate our requests, and they were quick to prioritize and deliver those key features for us.

If Anvilogic were to disappear tomorrow, my heart would break. My advice to Anvilogic is to prioritize my request.

I would rate Anvilogic a nine out of ten.

It serves as the glue between all my vendor telemetry and gives us the capability to build our own detection capabilities in a very advanced way. We have moved off of single-based detections into threat scenarios, which gives us significantly higher fidelity detection capability.

There were no surprises about Anvilogic once I started using it. I knew the quality of the team that was building this tool and it has been a great partnership and collaboration, and they have just been fantastic partners.

It has been a journey that we have jointly been on together. As we are building our program, we are partnering very closely with Anvilogic and pushing the threshold of detection engineering capabilities.

We are on a continuous journey together, and we are continuously trying to push and innovate new ways to push the threshold of detection engineering. We are only able to do many of these capabilities due to the partnership that we have with Anvilogic, where they are meeting what we need to continually push new innovative solutions.

I appreciate all the features of Anvilogic. Our usage of Anvilogic has evolved since onboarding. We originally started soft and focused really on the ETL process to bring data in. As we started getting data in, we began using the detection and correlation engine. As we got more advanced, we started using the threat scenario engine, and we have built many custom processes from that.

Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap.

I have been using Anvilogic for just about three years.

I would assess the stability and reliability of Anvilogic as very good. There has been no downtime in the traditional sense, but it has all been scheduled downtime. We have had advanced notice, and there are no performance issues or crashes that we know of. Anytime we have been using the platform, it has been available.

Anvilogic scales effectively with the growing needs of my organization. We have not had any scaling issues thus far.

Just my team has access to Anvilogic, and that is by design.

I would evaluate their customer service and tech support as fantastic. We have had a great partnership. I would rate them a ten out of ten.

The need for something better first triggered when I joined the organization and started building the detection response program. I was familiar with the big name products, but I was looking to build something bleeding edge and next-gen. With Anvilogic, I knew the team, and I knew that it was a team of practitioners building this tool as opposed to one practitioner who hired software engineers to build the tool. I have experience consulting those types of products. I knew Anvilogic was being built by practitioners, which really motivated me to pursue the tool.

There has been a journey regarding how I justify things to leadership and how I convinced leadership to let me adopt Anvilogic. There was significant information and education that had to occur at the board level to get adoption and buy-in. As we have helped mature the education level of the board to embark on the journey, it became prevalent that we needed a solution and a partner that could keep up with the growing demand that we have in this particular space.

We are pure cloud based, and we run on top of Snowflake. The deployment was very simple. We were in the early phase for Snowflake, so there were a couple early implementation hiccups, but we partnered with Anvilogic on those, and that was kind of part of us being that early implementation partner. We paved the way for future Snowflake customers.

We started our journey with Anvilogic. I do not have the metrics to show in our current organization that could justify that, but the capability that we have on Anvilogic is unmatched to any other platform.

I considered Panther and Hunters before selecting Anvilogic. Originally, we would have considered Anvilogic, but they had not migrated or enabled the capability on Snowflake yet. We were actually in the 11th hour for signing a contract with Hunters when Anvilogic reached out to me and said they were testing a Snowflake capability and asked if we were willing to test it. We put together a time frame for a very quick POV. I knew the capability and the aptitude of this team and was very motivated to do so in a timely manner, and we were able to conclude our POV and determine it was a superior product before we signed the contract with Hunters.

If Anvilogic disappeared tomorrow, everything would break first.

I would rate Anvilogic a ten out of ten.

We use Anvilogic as an SOC detection engineering platform. In addition to that, we use it for hunting and investigation purposes.

We are a fairly small team with three people in total in the SOC. Their prebuilt configurations and all the detections and scenarios are the reason why we have good coverage today. We use them as a template to start off with. Of course, it needs a bit of customization for the organization it is being deployed for, but it works in our case. We use that, build it, and then fine-tune it for our scenario. We are then good to deploy it. Usually, what used to take us about a week's worth of detection development can be done in about an hour and a half or two at best by using these templates.

Anvilogic provides security analytics across multiple data platforms. It can integrate with different data platforms and provide the same kind of analytics.

We have been able to reduce the cost of having some of these analytics and capabilities deployed across different platforms because we route most of our alerts into Anvilogic. The analytics work on those, whether they are from endpoints, SaaS applications, Identity, or SIEM. We have been able to save costs by not having to deploy these across different platforms. There is also efficiency in terms of getting some of these done quickly and faster rather than jumping between different things.

Anvilogic enables us to break free from vendor lock-in. That was one of the key reasons why we chose Anvilogic. We have changed SIEM once since we moved to Anvilogic. In between, when we were looking at some other integrations, Anvilogic was ready to integrate easily with them. Vendor lock-in is a much lesser concern now.

Anvilogic's AI assistant has helped improve our detection logic. Prior to Anvilogic, somebody would do the investigation, come up with the results, go ahead with a review process, and implement the findings. Since we have had Anvilogic, it automatically does the assessment and gives us a daily report. The analyst just has to do the implementation after the review, so the investigation process from my analyst is no longer required. We feel that the outcome from Anvilogic is also reliable. We do not have to go back and get into the weeds to see specifically whether it is the right analysis.

It simplifies detection engineering and threat hunting across multiple search languages, although we do not fully leverage all the benefits. Most of our platforms are pulled in from the SIEM, and some of them are from the likes of CrowdStrike and other places. We leverage a standard taxonomy. If this were to be between two different SIEMs, the search capability would be very helpful. However, the AI capability for writing out a quick query by using things like regex or regular expressions and building out regular expressions helps. When an analyst is investigating something or building something, they quickly want to understand what a certain component means, so having that within the same pane helps. So, we use it in some capability, but those capabilities are very helpful so far.

Anvilogic has significantly reduced our end-to-end detection engineering time. Earlier, it used to take about a week and a half for someone to go in and check. With their templates and prebuilt scenarios and cases, it now takes just about a day or two where we have to look at it and then customize it for us.

Anvilogic has helped our organization reduce false positives. The tuning insights feature of Anvilogic comes up with proactive ways to reduce false positives. It gives the analyst a view of what is causing the false positives. Is it genuine or not? Is it malicious or not? They can then action items on those. They also maintain an ongoing allow list and deny list, which helps to suppress false positives temporarily, or in the longer run, makes the whole process both accountable with audit logs and quicker.

We were able to realize its benefits immediately. We did a proof of concept in 2021, and our coverage at that point was in the lower twenties. We got to about the upper eighties in two quarters, and it was very steep, quick growth.

Before Anvilogic, we had no visibility into our detection coverage. The ability to break it down by industry verticals, such as attackers and adversaries, is valuable.

Detection insights help us easily identify the most noisy ones, the effective ones, and what needs to be fixed to move the noisy ones to effective ones.

The hunting capabilities are very good. The AI components and hunting packages give us quick insights into what needs to be looked at.

The partnership has been very good. Their professional services and customer relationship have been very good. Our features and bugs have been fixed on time without a lot of follow-up, and their support has been excellent.

Finally, there is a feature within Anvilogic that provides the threat landscape or our effectiveness towards the threat landscape on an ongoing basis. That is another feature that we liked.

The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations.

The pricing is slightly edging towards being a bit much for smaller organizations.

We have used the solution for close to three years.

For the most part, Anvilogic has been performing well, but because they use a Splunk backend, there is sometimes a bit of slowness and Splunk-related issues. It is generally stable, however.

Anvilogic has worked well for us. We started with about 55 detections and scaled up to about 980 odd detections so far. It has scaled very well for us. We have been able to get to a good scale. We do not have a multi-SIEM environment, so I do not know how it is for customers with that kind of environment.

One of the best things about Anvilogic is the partnership, their knowledge, the depth of technical understanding, and the speed at which they respond. I would rate them the topmost, a ten out of ten.

We used SOC Prime long ago, but it was in a limited capability. We were just looking at certain detections and logic to use from there. Anvilogic definitely is far better for us.

The initial setup was quite easy for us. There was a bit of a learning curve, which involved just understanding how the platform worked, taking about a month, but integrating with our existing platforms was a piece of cake. They have APIs for most things and standard off-the-shelf solutions such as SIEMs, endpoints, firewalls, and identity providers. It was very easy to integrate. The technical integration was very easy. It took about a month of learning from my team to get comfortable with the product and how to use it. It is one of the easiest security tools to learn.

The platform does not require any maintenance on our end, but once we start building out the detections, it requires some maintenance on our side to see that everything is running properly. That is more like an operational aspect.

Anvilogic has saved us about 25% percent of what a detection engineering platform would be. It is difficult to put quantitative aspects like better operations and structure quality, but I would say efficiency increased by about 50%.

Anvilogic has not helped reduce our overall SOC or IR operations costs because we use the time we saved to do more. If we were not doing more and did not have Anvilogic, we would need one dedicated person to do this detection engineering. That cost has significantly been reduced.

We were an early adopter, so the pricing was definitely good. Because they do not completely replace a SIEM, their pricing is slowly edging towards being a little too much for a smaller organization like ours. It is almost on the border. That is a bit of a challenge on our side, but the value still speaks for it. If the price increases more than where it is now, it would be a tough place for us.

Overall, I would rate Anvilogic a nine out of ten, considering its capabilities, features, interactions, and pricing.

Our use cases for Anvilogic primarily revolve around detection engineering. We ingest the logs to figure out our cybersecurity score and improve detection.

Anvilogic provides security analytics across multiple data platforms. We integrate it with Splunk, but it also integrates with Snowflake and other data platforms. Overall, it's been good since many people aim to move away from Splunk to save on overall costs. The fact that it integrates with various data lakes, specifically Snowflake, the most popular, makes sense.

Using Anvilogic decreases your detection engineering time while helping you build out additional detections and increasing your assurance and protection. It has decreased the engineering time by at least 20 percent.

It's been decent in terms of false positives. It doesn't necessarily reduce them, but the new detections have been pretty well-tuned so they aren't producing additional false positives. Anvilogic has increased security coverage by building out some detections, specifically in areas like Active Directory and IAM-type rules. While it hasn't reduced the overall cost, it may have helped the optimization side.

We integrate Anvilogic directly with Splunk rather than using the Amplitude platform separately. That has been helpful because we don't need to bring logs to a third-party source.

Anvilogic's AI assistant is pretty good. It helps us build out detections within your environment. It has improved our detection logic by a small amount and slightly reduced the time involved in detection writing. Generally, the detection builder is decent.

The drag-and-drop detection engine portal has been helpful because you don't need any programming experience. One area where the generative AI aspect has been helpful is when we are figuring out the specific threats about something that's triggered or similar campaigns. You can write in the latest from this type of detection that I'm looking at and get information back.

We need more around case management. I know that's something on the road map. We would like a way to create a ticket that we can export into a third-party platform like Jira. Anvilogic's prebuilt rules and threat scenarios didn't work the best for us because many of the rules were geared toward a Windows environment, whereas we're more of a Mac environment, so many of them didn't necessarily fit with what we have. I know a few other people who use them, and they've worked out well there.

I've been a full-time customer of Anvilogic for about two years now, and we did a proof of concept eight months or so before we became a customer.

We haven't had any issues with stability.

Anvilogic is as scalable as the environments you've integrated it with, whether it's Snowflake or Splunk.

We have a biweekly standing call with the Anvilogic team to talk through detections and updates, but I can't think of a case where we've had to contact them outside of that call.

The initial deployment was easy because we had it set up for our proof of concept, so it just took a little tuning, and we had it set up within a week. We had one person on our side working with somebody on their side. It's a cloud-based solution, but they push out updates on it. We haven't had any issues where it's broken on our systems, where we've had to lean in on the maintenance side.

We roughly broke even. If we had invested more or tuned our environment a little better, we might have come out on top.

Anvilogic's pricing has been highly competitive.

We did an extensive proof of concept for Anvilogic, Panther, Devo, Google Chronicle, Splunk, and a few different SIEM/detection engines. We did a breakdown based on our criteria and scoring on various features. Anvilogic outperformed the other tools that we tested.

The price was right for the organization. They also offered a multiyear deal that kept the price down looking forward. We compared it to something like the Chronicle, which required us to export our data specifically to that. It required multiple areas for ingestion, bringing up operational costs on top of the licensing cost. It wasn't providing better detection support than Anvilogic because it was able to integrate with Splunk and our case. It was able to pull off of data that was already being ingested, when we needed to have it ingest in multiple locations.

I rate Anvilogic seven out of 10. To prepare for Anvilogic, I recommend leaning into it. Take advantage of the support team and get some additional training. Use the workshops and commit to using the product. It's a tool that's only as good as the time you put into it. If you bring in the detection engine but don't put any time into creating those detections, then there's not much point.