We performed a comparison between AlienVault OSSIM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The analytic rule is the most valuable feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The initial setup was straightforward. I didn't have any problems."
"Better than other SIEM solutions because almost everything can be integrated."
"OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The most valuable feature is threat intelligence."
"The Event Correlation and vulnerability scans have been the most useful. As a 24/7 SOC, we use the incoming alarms to give an overview of suspicious traffic going through the network. It's easy to look at the correlated events and see the broad picture of traffic for that customer. Vulnerability scans are good for providing patch and remediation guidelines to keep customer systems secure."
"The vulnerability manager and the file integration are very good."
"It allows for a lot of out-of-the-box features: vuln scanning, HIDS/HIPS, and IDS."
"The solution has all the features that we need, however they do not work correctly."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"Using the communication within the security device, it is easier to create plugins."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"They can add more compliance templates."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"The solution is not scalable."
"The user interface needs to be friendlier across the board."
"AlienVault OSSIM is costly."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"The only room for improvement I can mention is the initial installation procedures. I found that the online installation instructions for the product were missing important details, they lacked necessary steps."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The solution is a bit complicated. It could be simplified quite a bit."
"The reporting and dashboards have room for improvement."
"For creating new rules, you have to be familiar with regular expressions. I feel there could be something built-in to make sure that process is easier."
"We develop additional rules and scripts to make it more usable."
"The other thing is the agent is OSSEC. They needed to create its own agent to help to find threats on the devices that it happens to be installed."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. AlienVault OSSIM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". AlienVault OSSIM is most compared with Wazuh, Elastic Security, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas USM Anywhere is most compared with Wazuh, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM. See our AlienVault OSSIM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.