We performed a comparison between AlienVault OSSIM and ManageEngine Log360 based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"You can customize the dashboards as well as the reporting."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The solution could be improved by including XDR, remediation and Sandbox."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"The deployment is quite simple and pretty straightforward."
"The most valuable feature is that this solution is more secure than others, and there are more applications and features as well."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"ManageEngine Log360 is not difficult to deploy."
"It is nice to be able to monitor and to have notifications."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We'd like also a better ticketing system, which is older."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The solution needs more integration with cyber intelligence systems."
"The correlation engine needs to be improved."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"It's so hard to configure and explore something new on it."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The user interface needs to be friendlier across the board."
"I don't like to work on OSSIM because it is unpredictable."
"The documentation could be improved."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"The matter of the data retention needs to be addressed."
"The solution lacks some features when compared to other products."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"The support needs improvement."
"It takes a little bit of time for Log360 to actually learn your environment."
"Their technical support should be improved."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while ManageEngine Log360 is ranked 24th in Security Information and Event Management (SIEM) with 15 reviews. AlienVault OSSIM is rated 7.4, while ManageEngine Log360 is rated 7.2. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and SolarWinds Security Event Manager , whereas ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and SolarWinds Security Event Manager . See our AlienVault OSSIM vs. ManageEngine Log360 report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.