We performed a comparison between AlienVault OSSIM and LogRhythm SIEM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It's pretty powerful and its performance is pretty good."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"You can customize the dashboards as well as the reporting."
"The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
"The solution is free to use."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
"The initial setup was straightforward. I didn't have any problems."
"The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"AlienVault OSSIM gives unwanted notifications."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"Sometimes technical issues take very long to get resolved."
"It's so hard to configure and explore something new on it."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The user interface needs to be friendlier across the board."
"I would like to see case management become more independent from LogRhythm itself."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"Sometimes the Platform Manager crashes because it's built around Windows."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"The customer support system is time-consuming."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. AlienVault OSSIM is rated 7.4, while LogRhythm SIEM is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and ManageEngine EventLog Analyzer, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon. See our AlienVault OSSIM vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.