We performed a comparison between AlienVault OSSIM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Free ingestion for Azure logs (with E5 licence)"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"With AlienVault you get everything in one box."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"Better than other SIEM solutions because almost everything can be integrated."
"Asset discovery is good."
"The initial setup was straightforward. I didn't have any problems."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"It provides a single pane of glass view, coupled with a whole security ecosystem. The ability to manage everything from a central point, including vulnerability assessments, asset management - including the services provided by the various hosts, NIDS, HIDS, etc. - provides a very efficient way of dealing with things."
"The vulnerability manager and the file integration are very good."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"This solution can identify many threats inside the organization (compromised endpoints, configuration issues), as well as "outside" threats (botnets, network scanners, web-attacks, etc)."
"The USM is a work horse, no matter what devices or the number of logs we throw at it, the system processes them in real time, correlates the events, and alerts on only events that need human review."
"We're using it more for reporting, that's all. We're using it to help our customers to pass any kind of audits that they receive."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The solution is not scalable."
"The price of this solution is very high and it could be cheaper."
"The incidence reporting could be better."
"GUI could be improved."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"The user interface could be improved."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"The price of AT&T AlienVault USM could be reduced."
"Windows log collection works with HIDS, but documentation is sparse and confusing."
"We would like more plugins. This being the main point of improvement which would benefit the users."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"The vulnerability reporting needs to have options to be able to sort or customize the output."
"The dashboard could be improved as well as the level of customization."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. AlienVault OSSIM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". AlienVault OSSIM is most compared with Wazuh, Elastic Security, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas USM Anywhere is most compared with Wazuh, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM. See our AlienVault OSSIM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
