We performed a comparison between AlienVault OSSIM and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The product is easy to use."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The initial setup was straightforward. I didn't have any problems."
"With AlienVault you get everything in one box."
"The most valuable feature is the logging capability."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"Better than other SIEM solutions because almost everything can be integrated."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The initial setup is very simple and straightforward."
"The connectivity and analytics are great."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"We need more dashboards and we need more customization for dashboards."
"The solution needs more integration with cyber intelligence systems."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"The user interface needs to be friendlier across the board."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"Sometimes technical issues take very long to get resolved."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Sentinel's reporting is complex and can be more user-friendly."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. AlienVault OSSIM is rated 7.4, while Microsoft Sentinel is rated 8.2. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security. See our AlienVault OSSIM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.