We performed a comparison between AlienVault OSSIM and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"With AlienVault you get everything in one box."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"Asset discovery is good."
"The initial setup is straightforward."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"The performance is good and it is faster than IBM QRadar."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"The visualization is very good."
"The scalability is good. It can be scaled easily in the production environment."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The feature that we have found the most valuable is scalability."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"AlienVault OSSIM is costly."
"The user interface needs to be friendlier across the board."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"It's so hard to configure and explore something new on it."
"The incidence reporting could be better."
"The correlation engine needs to be improved."
"We need more dashboards and we need more customization for dashboards."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The solution could offer better reporting features."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"There isn't really a very good user experience. You need a lot of training."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews. AlienVault OSSIM is rated 7.4, while Elastic Security is rated 7.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". AlienVault OSSIM is most compared with Wazuh, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and Graylog. See our AlienVault OSSIM vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.