We performed a comparison between AlienVault OSSIM and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The initial setup is straightforward."
"The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
"With AlienVault you get everything in one box."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"The most valuable feature is the logging capability."
"Better than other SIEM solutions because almost everything can be integrated."
"I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
"Expediting incident response is really great."
"The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"I think Netsurion scales well. We've gone from a small number of agents up to thousands. So I would imagine that it would continue to scale. I don't see any issue with that."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The solution could be more user-friendly; some query languages are required to operate it."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The AI capabilities must be improved."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"AlienVault OSSIM is costly."
"The user interface could be improved."
"It's so hard to configure and explore something new on it."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"The price of this solution is very high and it could be cheaper."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"The incidence reporting could be better."
"The solution needs more integration with cyber intelligence systems."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"I would like to see the dashboard come up more quickly."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Netsurion is ranked 15th in Security Information and Event Management (SIEM) with 24 reviews. AlienVault OSSIM is rated 7.4, while Netsurion is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh. See our AlienVault OSSIM vs. Netsurion report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.