We performed a comparison between AlienVault OSSIM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have no complaints about the features or functionality."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The machine learning and artificial intelligence on offer are great."
"Log aggregation and data connectors are the most valuable features."
"With AlienVault you get everything in one box."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The initial setup is straightforward."
"The paid version of the solution has reporting and better scalability options."
"The product is easy to use."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"The product’s most valuable feature is log monitoring."
"I like the ease of deployment."
"The solution's technical support is great."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"The solution could improve the playbooks."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The on-prem log sources still require a lot of development."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"AlienVault OSSIM is costly."
"They can add more compliance templates."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"Lacking in depth of reporting."
"The documentation could be improved."
"AlienVault OSSIM gives unwanted notifications."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"The user interface could be more user-friendly."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"The product's stability is an area of concern where improvements are required."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. AlienVault OSSIM is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our AlienVault OSSIM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.