AlienVault OSSIM Overview

AlienVault OSSIM is the #10 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to AT&T AlienVault USM: AlienVault OSSIM vs AT&T AlienVault USM

What is AlienVault OSSIM?

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

AlienVault OSSIM is also known as OSSIM.

AlienVault OSSIM Buyer's Guide

Download the AlienVault OSSIM Buyer's Guide including reviews and more. Updated: July 2021

AlienVault OSSIM Customers

Council Rock School District

AlienVault OSSIM Video

Pricing Advice

What users are saying about AlienVault OSSIM pricing:
  • "OSSIM is free."
  • "The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
  • "The solution is open source, so it's free to use."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Denis L
Sales Solutions Engineer at a tech services company with 51-200 employees
Reseller
Top 10
Integration with OTX enables us to see which IPs are malicious

What is our primary use case?

The primary use case is local action, vulnerability scanning, and usage of Network IDS. We use some process and correlation rules for our business our customers' businesses.

Pros and Cons

  • "OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
  • "We need more dashboards and we need more customization for dashboards."

What other advice do I have?

I used this product for about a year. It was on-premise. My advice is to just read the manual. OSSIM is very simple. If you know why you need to use it, you will be happy. The biggest lesson is that the logs are "power." In these logs, with a good normalization engine, you can find so much very useful information about your infrastructure, sometimes about your employees, and about your business-critical processes. I would rate the solution at ten out of ten. It's really the best open-source CM on the market. It's simple, it has OTX integration. OTX, the Open Threat Exchange, is also a great…
RJ
Director at a tech services company with 51-200 employees
Real User
Top 20
Very good out-of-the-box, pre-integrated features, which save us time

What is our primary use case?

This product would typically be used by a client who would be looking at dipping his feet into the SIEM space and understanding how to go about setting up an SOC without putting in a large up-front investment. I'm the director of our company and we are partners with AlienVault.

Pros and Cons

  • "Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
  • "Lacking in depth of reporting."

What other advice do I have?

Most of the SOC or SIEM enterprise class products are very expensive, whereas with OSSIM you can start out with a smaller setup and then expand as you wish. It's great because you get a pre-integrated, ready to run platform, which you can deploy. You don't have to bother about the integrations too much. This platform provides an adequate level of experience for that kind of an integrated intelligence gathering in any IT setup at a reasonable cost. It makes the entry easier for somebody who's not so well versed in these technologies and so on. I think that's the principal use case for…
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,189 professionals have used our research since 2012.
Sharad Agrawal
Co-Founder and Director - Information Technology at Techneow
Real User
Top 5
Good architecture, excellent threat policies, and very stable

What is our primary use case?

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture.

Pros and Cons

  • "The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
  • "There needs to be more support or some kind of training program so users can self-learn the system more effectively."

What other advice do I have?

We're just customers. We don't have a business relationship with the product. We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on. Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences. I'd rate the solution overall at eight out of ten.
MohamedMohsen
Founder & CEO at MnZ Technology Solutions
Reseller
Top 20
Full fledged solution where everything comes in one box

What is our primary use case?

Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service.

Pros and Cons

  • "With AlienVault you get everything in one box."
  • "Sometimes technical issues take very long to get resolved."

What other advice do I have?

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money. With AlienVault you get everything in one box. I will rate this product an eight out of ten.
Jim Poehlman
Chief Wealth Cybersecurity Architect at PWcyber
Real User
Top 20
Free to use but doesn't offer many integrations and doesn't have technical support

What is our primary use case?

We primarily use the solution just to analyze events that occur based on security events.

Pros and Cons

  • "The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
  • "I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."

What other advice do I have?

I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment. I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.
FJ
Research Assistant at a tech services company with 51-200 employees
Real User
Top 20
Integrates more easily than other SIEM solutions, however the GUI needs improvement

What is our primary use case?

Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant.

Pros and Cons

  • "Better than other SIEM solutions because almost everything can be integrated."
  • "GUI could be improved."

What other advice do I have?

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my…
Tamer Serag Ahmed
User at Besafe-tech
Consultant
Top 20
Data correlation and vulnerability assessment help protect our customers against malicious activity

What is our primary use case?

We are a solution provider and this is one of the products that we implement for our clients. Our clients use this SIEM solution to collect and analyze logs that are generated by different appliances or different machines. It is a correlation tool for event management that gathers all of the events in your environment. This includes different hardware and different operating systems. There are rules in AlienVault that might be triggered based on the logs, and you can tell when there is a security attack or something else that is malicious that comes to your network. These types of events raise… more »

Pros and Cons

  • "The most valuable features of this solution are the data correlation and vulnerability assessment."
  • "The price of this solution is very high and it could be cheaper."

What other advice do I have?

There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises. The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's…
BonganiMkwananzi
Owner & Cyber Security Consultant at Sekurisor
Consultant
Top 20
Great solution for checking vulnerabilities, and it's free to use, but the initial setup is a bit tricky

What is our primary use case?

We primarily use the solution just to check on devices. OSSIM does a lot of different things to help with this, including a bit of analytics, vulnerability testing, assessment, etc.

Pros and Cons

  • "The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
  • "The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."

What other advice do I have?

We use the cloud deployment model. I have a server that I subscribe people to. I would advise others to consider, if they get more customers, to do the commercial version the OSSIM from AlienVault. It's now part of AT&T, so there's a lot of support. I would rate the solution seven out of ten.
See 7 more AlienVault OSSIM Reviews
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros sharing their opinions.