• Home
  • AlienVault OSSIM vs. NetWitness Platform

AlienVault OSSIM vs NetWitness Platform comparison

Cancel
You must select at least 2 products to compare!
AT&T Logo
AlienVault OSSIM
Read 28 AlienVault OSSIM reviews
7,280 views|3,997 comparisons
78% willing to recommend
NetWitness Logo
NetWitness Platform
Read 36 NetWitness Platform reviews
1,932 views|1,200 comparisons
74% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
AlienVault OSSIM vs. NetWitness Platform
May 2024
Executive Summary

We performed a comparison between AlienVault OSSIM and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AlienVault OSSIM vs. NetWitness Platform Report (Updated: May 2024).
Download the complete report
772,679 professionals have used our research since 2012.
Featured Review
Aman Aijaz
An easy-to-scale open-source solution used for monitoring events on devices
This may not be a feature. It is something like how you configure and how you analyze it. But since it's open-source, I'm talking more about this.... Read more →
Salah Sabouni
Provides comprehensive network visibility, and has available helpful support
Prior to implementing the solution, the customers had no visibility of their assets. However, after adopting the solution, they have gained... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue.""The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation.""The solution is free to use.""The paid version of the solution has reporting and better scalability options.""OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system.""The solution is very stable. Compared to Qradar and Splunk, it's very stable.""There are a lot of people you will find using OSSIM since they are also offering OTX as a service""Better than other SIEM solutions because almost everything can be integrated."

More AlienVault OSSIM Pros →

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.""The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.""The most valuable feature is the correlation. It can report in real-time and monitor the management.""The most valuable features are the packet inspection and the automated incident response.""The most valuable feature is the security that it provides.""The most valuable features are the packet decoder, log decoder, and concentrator.""Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network""Performance and reporting are very good."

More NetWitness Platform Pros →

Cons
"I don't like to work on OSSIM because it is unpredictable.""GUI could be improved.""It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system.""I suggest more in-built rules based on modern threats and environments to make it a more competitive solution.""We need more dashboards and we need more customization for dashboards.""Lacking in depth of reporting.""AlienVault OSSIM gives unwanted notifications.""AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."

More AlienVault OSSIM Cons →

"It is not so easy to customize this product.""They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.""The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.""We have encountered issues with unresolved crashes.""The product's licensing models are complex to understand. This particular area needs improvement.""Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support.""There is no support for this product in this country, so problems have to be resolved through global technical teams.""Its technical support could be better."

More NetWitness Platform Cons →

Pricing and Cost Advice
  • "AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
  • "The solution is open source, so it's free to use."
  • "OSSIM is free."
  • "The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
  • "AlienVault OSSIM is free."
  • "We are using the community version, which can be used for free."
  • "We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
  • "The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."

    • More AlienVault OSSIM Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."

    • More NetWitness Platform Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    772,679 professionals have used our research since 2012.
    Comparison Review
    Vinod Shankar
    HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
    We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgradeMcAfee Nitro has strong product features & road map to challenge HP & IBM for leadershipHPArcSight The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments ArcSight Logger: Log storage and Search solution ArcSight IdentityView: User Identity tracking/User activity monitoring ArcSight Connectors: For data collection from a variety of data… Read more →
    Questions from the Community
    What do you like most about AlienVault OSSIM?
    Top Answer:Asset discovery is good.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for AlienVault OSSIM?
    Top Answer:The solution is free.
    Read all 21 answers   →
    What needs improvement with AlienVault OSSIM?
    Top Answer:The log management could be improved because of the open source. In the configuration of AlienVault OSSIM, users can determine backup frequency, retention policies, and other settings. There is a… more »
    Read all 26 answers   →
    What do you like most about NetWitness Platform?
    Top Answer:The product's initial setup phase was not at all difficult.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for NetWitness Platform?
    Top Answer:The product price was reasonable for my region and the market.
    Read all 16 answers   →
    What needs improvement with NetWitness Platform?
    Top Answer:From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a… more »
    Read all 25 answers   →
    Ranking
    11th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    7,280
    Comparisons
    3,997
    Reviews
    10
    Average Words per Review
    406
    Rating
    7.3
    15th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    1,932
    Comparisons
    1,200
    Reviews
    10
    Average Words per Review
    487
    Rating
    7.4
    Comparisons
    Also Known As
    OSSIM
    RSA Security Analytics
    Learn More
    AT&T
    NetWitness
    Video Not Available
    Overview

    AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    Sample Customers
    Council Rock School District
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Insurance Company14%
    Computer Software Company14%
    Recruiting/Hr Firm7%
    Transportation Company7%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm8%
    Government8%
    Comms Service Provider8%
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company24%
    Comms Service Provider24%
    Manufacturing Company10%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm15%
    Government10%
    Insurance Company6%
    Company Size
    REVIEWERS
    Small Business53%
    Midsize Enterprise28%
    Large Enterprise19%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise20%
    Large Enterprise51%
    REVIEWERS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise10%
    Large Enterprise67%
    Buyer's Guide
    AlienVault OSSIM vs. NetWitness Platform
    May 2024
    Free Report: AlienVault OSSIM vs. NetWitness Platform
    Find out what your peers are saying about AlienVault OSSIM vs. NetWitness Platform and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,679 professionals have used our research since 2012.

    AlienVault OSSIM is ranked 11th in Security Information and Event Management (SIEM) with 28 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. AlienVault OSSIM is rated 7.4, while NetWitness Platform is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Microsoft Sentinel, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel. See our AlienVault OSSIM vs. NetWitness Platform report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.