We performed a comparison between AlienVault OSSIM and Trellix Helix based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The UI-based analytics are excellent."
"It's pretty powerful and its performance is pretty good."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It has basic out-of-the-box integrations with multiple log sources."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"You can customize the dashboards as well as the reporting."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"Better than other SIEM solutions because almost everything can be integrated."
"The initial setup is straightforward."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The most valuable feature is the logging capability."
"The integration is very useful and very easy. You can have an API connection with any cloud and I'll be able to do both ways of communication with the help of APA."
"The product offers very strong automation. Our cyber security analysts don't have to correlate the information to detect problems. They only need to analyze problems that have been identified by the platform."
"The most valuable features include predefined use cases and threatening states."
"Trellix Helix helps prevent email attacks, like phishing and email spoofing attacks."
"It is kind of simple and very easily deployable. You can start working with it very fast."
"I like that it's easy. It's got the protection set up, and we can see whatever is required. We write our own rules and the rules that we can input. I think it is good."
"FireEye Helix's best features are its speed and use of an easy-to-understand language to send queries to the raw logs."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"I would like to see more AI used in processes."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"GUI could be improved."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"The price of this solution is very high and it could be cheaper."
"AlienVault OSSIM is costly."
"It's so hard to configure and explore something new on it."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"We have certain challenges with integrating the SOAR platform with multiple vendors."
"The graphical user interface could be improved. It's not easy to handle and it's not easy for a customer or end-user to learn how to manage the solution."
"Integrations could be improved, and the dashboard could be a little better."
"Trellix Helix's configuration and learning could be improved to identify normal traffic from abnormal and to identify trusted domains."
"It should have more cloud connectors. It could also be cheaper."
"FireEye Helix would be improved with the option of an on-prem version, which they don't currently offer."
"Sometimes the rules are disabled by FireEye, and we basically get it after the patch. I think there needs to be a better way of creating the application rules. I would like to see better pricing for our licensing."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Trellix Helix is ranked 31st in Security Information and Event Management (SIEM) with 7 reviews. AlienVault OSSIM is rated 7.4, while Trellix Helix is rated 8.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Trellix Helix writes "Helps prevent email attacks, like phishing and email spoofing attacks". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Trellix Helix is most compared with LogRhythm SIEM, Splunk Enterprise Security, Trellix ESM, IBM Security QRadar and USM Anywhere. See our AlienVault OSSIM vs. Trellix Helix report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.