We performed a comparison between AlienVault OSSIM and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The initial setup was straightforward. I didn't have any problems."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The product is easy to use."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"It's simple and easy to use."
"The most valuable feature for me is Discover."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"ELK documentation is very good, so never needed to contact technical support."
"It's not very complicated to install Elastic."
"The incidence reporting could be better."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"Lacking in depth of reporting."
"I don't like to work on OSSIM because it is unpredictable."
"AlienVault OSSIM is costly."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"Technical support could respond faster."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"We'd like to see some more artificial intelligence capabilities."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
AlienVault OSSIM is ranked 11th in Security Information and Event Management (SIEM) with 28 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews. AlienVault OSSIM is rated 7.4, while Elastic Security is rated 7.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". AlienVault OSSIM is most compared with Wazuh, USM Anywhere, Splunk Enterprise Security, Microsoft Sentinel and Fortinet FortiSIEM, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Graylog. See our AlienVault OSSIM vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
