We performed a comparison between AlienVault OSSIM and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The paid version of the solution has reporting and better scalability options."
"The solution is free to use."
"AlienVault OSSIM's GUI is very user-friendly."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"Microsoft 365 Defender is simple to upgrade."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature is the network security."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The solution is well integrated with applications. It is easy to maintain and administer."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"AlienVault OSSIM gives unwanted notifications."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"We need more dashboards and we need more customization for dashboards."
"They can add more compliance templates."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"The user interface could be improved."
"I don't like to work on OSSIM because it is unpredictable."
"The documentation could be improved."
"Sometimes, configurations take much longer than expected."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"There could be a way to proactively monitor unusual activity ."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. AlienVault OSSIM is rated 7.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and ManageEngine EventLog Analyzer, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One. See our AlienVault OSSIM vs. Microsoft Defender XDR report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
