We performed a comparison between AlienVault OSSIM and Snare based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The dashboard that allows me to view all the incidents is the most valuable feature."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"We have no complaints about the features or functionality."
"The product is easy to use."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"You can customize the dashboards as well as the reporting."
"The initial setup is straightforward."
"The paid version of the solution has reporting and better scalability options."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"There is room for improvement in entity behavior and the integration site."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"GUI could be improved."
"AlienVault OSSIM gives unwanted notifications."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"The incidence reporting could be better."
"I don't like to work on OSSIM because it is unpredictable."
"They can add more compliance templates."
"Users will initially find it difficult to identify the event types and installation in Snare."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Snare should modernize its GUI a little bit."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Snare is ranked 37th in Security Information and Event Management (SIEM) with 3 reviews. AlienVault OSSIM is rated 7.4, while Snare is rated 8.0. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Snare is most compared with syslog-ng, Splunk Enterprise Security, SolarWinds Kiwi Syslog Server, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our AlienVault OSSIM vs. Snare report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.