AlienVault OSSIM Review

A good, stable open-source solution for small environments

What is our primary use case?

I primarily use the solution for log collection.

What is most valuable?

AlienVault sometimes works like an appendix. It's not accurate in most cases, but we use an agent like WinCollect to collect logs. We collate the information. The solution is fast-acting when it comes to collecting the logs, and for all the inter-process work.

What needs improvement?

The log collection is okay, but tracing the logs or tracing the events is a bit difficult. It's not user-friendly. A user must be an expert and must know how to give the logs, how to configure the system, etc. He has to be an expert on this product.

The user interface needs to be friendlier across the board. Also, I would prefer if the kill chain scenario with every event was not stacked. I need to be able to do an SQL query and figure out where the event came from and tag to the source and destination. I cannot see this easily as it is right now.

For how long have I used the solution?

I've been using the solution for 1.5 years.

What do I think about the stability of the solution?

The solution is very stable. Compared to Qradar and Splunk, it's very stable.

How are customer service and technical support?

I've never had to use technical support.

Which solution did I use previously and why did I switch?

I previously used QRadar and Splunk.

How was the initial setup?

I'm not sure how difficult the initial setup was, but it did take a very long time to implement.

What's my experience with pricing, setup cost, and licensing?

The solution is open-source, so there are no licensing costs.

What other advice do I have?

I've used this for a small environment, and it was amazing. I'm currently converting to QRadar now because I am expanding. I am handling more than 30,000 events per second. I can't use Alien Vault, as it's too high a threshold.

I do recommend the solution, however, for those with small environments that don't handle as many events. It works great for anything under 1,000 events per second.

I would rate the solution eight out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More AlienVault OSSIM reviews from users
...who compared it with LogRhythm NextGen SIEM
Add a Comment