AlienVault OSSIM Reviews

The primary use case is threat detection. We have configured various rules to monitor the environment for any suspicious activity.

Collecting logs can sometimes be tedious, especially compared to my experience with Microsoft Sentinel.

I suggest more in-built rules based on modern threats and environments to make it a more competitive solution.

I have been using AlienVault OSSIM for six months.

I find the overall threat intelligence feature robust and the asset grouping feature, allows us to correlate events with entire asset groups.

It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries.

The asset discovery functionality, once set up, automatically identifies all devices on the network. It aids compliance efforts and helps us understand the network's device landscape.

While integration is possible with other tools like EDR and Cisco Office 365 Defender ATP, it is not as fast or easy as integrating with Microsoft products.

I recommend it, particularly for medium to large companies with complex IT infrastructures.

Overall, I rate the product an eight out of ten. 

I primarily use the solution for securing my traffic and the SIEM.

The fact that it is free is the most valuable aspect of the solution.

It's under heavy traffic. If you have heavy traffic, the system is slow. 

The scalability of the solution is okay. We have about 100 users right now.

Technical support is fine, but if you have a problem, for example, if you have to decode or fix some bugs, you have to manage it yourself.

We did not previously use a different solution.

The initial setup was straightforward. I didn't have any problems.

I implemented the solution myself.

The solution is free to use.

We didn't evaluate other options before choosing this solution.

The installation is easy, but it's not very compatible with some of our other solutions. Still, it's okay, it's very good. It integrates well with ELK.

I would rate the solution six out of ten.

This product would typically be used by a client who would be looking at dipping his feet into the SIEM space and understanding how to go about setting up an SOC without putting in a large up-front investment. I'm the director of our company and we are partners with AlienVault. 

The solution offers great models with good integration and this is one of the out-of-the-box features which you're able to easily enable and get it up and running. It's a big plus for the product, because you don't have to bother your head about doing the integrations.

Other good features include an inbuilt IDS, an inbuilt integration with their own threat intelligence platform which is the OTX, and integration with the vulnerability assessment modules.

I believe this solution still has a way to go. From a management console perspective and the maturity of the dashboards, I would probably put it slightly behind some of the other players that have been in the market for ages. The leading vendors of SIEM already have a very mature user interface with evolved dashboards and reporting mechanisms. There is a lot of depth in that, but not everybody is looking for that. If your requirements are functional and you're looking for something that's easily deployable and simple to understand and manage, without the necessity of a very large team, I would choose this solution. 

An additional feature I'd like to see would be an increase in the depth of reporting. IBM has AI enabled dashboards which are supposed to be intuitive. They are difficult to configure and that's a problem, but they are very rich in terms of the information that they provide. There is a lot of granular detail and different ways in which you can slice and dice and present the same data. I would also like to see the product handle larger scale deployments and more third party integrations.

I've been using this solution for three years. 

This is a stable solution. 

It's scalable, but AlienVault is not an enterprise class solution in the sense that it cannot go beyond 15000 EPS, which limits the market that it can address. That's a drawback, but expansion might not be what the company wants and they're happy to remain in the 2000 to 3000 EPS range, in which case it's a great product for its market. 

We don't use the support very much as we manage to deal with most issues in-house. The technical support they provide is okay. We haven't had too many problems but my reference point might be slightly slanted, because we don't have such a large installed base.

The initial setup is relatively straightforward and doesn't take much time. AlienVault has its own vulnerability module and its own OTX feed. All of these are pre-integrated which makes for a speedy deployment. The issue is that these days nobody employs SIEM alone. It needs to be able to correlate information not only from its own data sources, but also from third-party data sources, like vulnerability tools, like threat intelligence feeds, like forensic data, and these third party integrations add to implementation time. Each situation is different and deployment time depends on the scale of the infrastructure. 

Most of the SOC or SIEM enterprise class products are very expensive, whereas with OSSIM you can start out with a smaller setup and then expand as you wish. It's great because you get a pre-integrated, ready to run platform, which you can deploy. You don't have to bother about the integrations too much. This platform provides an adequate level of experience for that kind of an integrated intelligence gathering in any IT setup at a reasonable cost. It makes the entry easier for somebody who's not so well versed in these technologies and so on. I think that's the principal use case for AlienVault's product line.

Make sure to choose the right partner to do the implementation. It's important that they know and understand the technology. They should have a very good understanding of the tool as well as an understanding of the security and operations space so that they are able to deliver on what you want to achieve as an outcome. 

I would rate this solution an eight out of 10. 

We are using this solution for collecting logs. We are not correlating or assessing any user behavior analytics (UBA). 

The most valuable feature is the logging capability.

The correlation engine needs to be improved.

The interface is not user-friendly, which is an area for improvement.

I have been using this solution for one year.

It's a stable solution.

This is certainly a scalable product.

The Community version does not have any technical support.

We have been able to resolve some issues through the community forums.

Previously, we did not use another similar product.

We are using the community version, which can be used for free.

We have decided to implement a fully-featured SIEM solution that has all of the features, including UBA.

Because we are using the community version, we were unable to explore features such as behavior analytics.

I would rate this solution a five out of ten.