Compare AlienVault OSSIM vs. Rapid7 InsightIDR

AlienVault OSSIM is ranked 12th in Security Information and Event Management (SIEM) with 10 reviews while Rapid7 InsightIDR is ranked 15th in Security Information and Event Management (SIEM) with 3 reviews. AlienVault OSSIM is rated 7.4, while Rapid7 InsightIDR is rated 9.0. The top reviewer of AlienVault OSSIM writes "Provides threat alerts on harmful code in the network". On the other hand, the top reviewer of Rapid7 InsightIDR writes "Users/endpoints focus gives us more understanding of network events, allowing us to see behavior patterns". AlienVault OSSIM is most compared with Splunk, AT&T AlienVault USM and Fortinet FortiSIEM (AccelOps), whereas Rapid7 InsightIDR is most compared with Splunk, Darktrace and LogRhythm NextGen SIEM. See our AlienVault OSSIM vs. Rapid7 InsightIDR report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about AlienVault OSSIM vs. Rapid7 InsightIDR and other solutions. Updated: March 2020.
407,096 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on."The most valuable features of this solution are the data correlation and vulnerability assessment.OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system.The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it.You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio.The initial setup was straightforward. I didn't have any problems.With AlienVault you get everything in one box.The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online.

Read more »

The web interface is great — very useful and user-friendly.The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue.The alerting to drive investigations and remediation has been its most valuable feature.​It improved my organization by building a security alerting program.

Read more »

Cons
I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.The price of this solution is very high and it could be cheaper.We need more dashboards and we need more customization for dashboards.The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation.The user interface could be improved.It's under heavy traffic. If you have heavy traffic, the system is slow.Sometimes technical issues take very long to get resolved.The solution needs more integration with cyber intelligence systems.

Read more »

The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful.The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in.Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition.

Read more »

Pricing and Cost Advice
The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this.OSSIM is free.The solution is open source, so it's free to use.AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high.

Read more »

Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement.The pricing and licensing are competitive.

Read more »

report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
407,096 professionals have used our research since 2012.
Ranking
Views
1,148
Comparisons
444
Reviews
8
Average Words per Review
576
Avg. Rating
7.4
Views
6,766
Comparisons
3,233
Reviews
3
Average Words per Review
492
Avg. Rating
9.0
Top Comparisons
Compared 47% of the time.
Compared 20% of the time.
Compared 11% of the time.
Also Known As
OSSIMInsightIDR
Learn
AT&T
Rapid7
Overview

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Offer
Learn more about AlienVault OSSIM
Learn more about Rapid7 InsightIDR
Sample Customers
Council Rock School DistrictLiberty Wines, Pioneer Telephone, Visier
Top Industries
No Data Available
VISITORS READING REVIEWS
Software R&D Company35%
Comms Service Provider10%
Financial Services Firm6%
Manufacturing Company6%
Find out what your peers are saying about AlienVault OSSIM vs. Rapid7 InsightIDR and other solutions. Updated: March 2020.
407,096 professionals have used our research since 2012.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.