We performed a comparison between AlienVault OSSIM and ClearSkies SaaS NG SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"The paid version of the solution has reporting and better scalability options."
"The initial setup is straightforward."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"The initial setup was straightforward. I didn't have any problems."
"The solution is free to use."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The correlation rules and the user platform are most valuable."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"The troubleshooting has room for improvement."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The solution could improve the playbooks."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sometimes technical issues take very long to get resolved."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"It's so hard to configure and explore something new on it."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The correlation engine needs to be improved."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"I don't like to work on OSSIM because it is unpredictable."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
Earn 20 points
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while ClearSkies SaaS NG SIEM is ranked 56th in Security Information and Event Management (SIEM). AlienVault OSSIM is rated 7.4, while ClearSkies SaaS NG SIEM is rated 8.0. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas ClearSkies SaaS NG SIEM is most compared with .
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.