We performed a comparison between AlienVault OSSIM and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"Log aggregation and data connectors are the most valuable features."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The initial setup is straightforward."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The solution is free to use."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"Better than other SIEM solutions because almost everything can be integrated."
"The scalability is good. It can be scaled easily in the production environment."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"It's very stable and reliable."
"It's open-source and free to use."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sentinel's reporting is complex and can be more user-friendly."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"The solution needs more integration with cyber intelligence systems."
"Sometimes technical issues take very long to get resolved."
"I don't like to work on OSSIM because it is unpredictable."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"We need more dashboards and we need more customization for dashboards."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"The solution's query building is not that intuitive compared to other solutions."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews. AlienVault OSSIM is rated 7.4, while Elastic Security is rated 7.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". AlienVault OSSIM is most compared with Wazuh, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and Graylog. See our AlienVault OSSIM vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.