We compared AlienVault OSSIM and Wazuh based on our user's reviews in several parameters.
According to user reviews, AlienVault OSSIM is praised for its comprehensive threat detection, real-time monitoring, and strong asset management capabilities, while Wazuh is highlighted for its advanced threat detection, seamless integration with other tools, and easy installation process. AlienVault OSSIM users appreciate the customer service and pricing structure, while Wazuh users value the customer support and flexible licensing options. However, AlienVault OSSIM users desire improvements in the user interface and documentation, while Wazuh users suggest enhancements in system resource consumption. Overall, both products offer positive ROI and efficient security monitoring capabilities.
Features: AlienVault OSSIM stands out for its comprehensive threat detection and strong asset management capabilities. On the other hand, Wazuh is known for its advanced threat detection, efficient log analysis, and flexibility in tailoring the solution to specific needs.
Pricing and ROI: AlienVault OSSIM has been positively evaluated for its pricing, setup cost, and licensing. Users find the pricing structure reasonable and affordable. The setup process is straightforward and requires minimal effort. AlienVault OSSIM offers flexible licensing options. In comparison, Wazuh is also considered cost-effective with reasonable pricing options. The setup cost is hassle-free and the licensing is customizable., AlienVault OSSIM has been praised for its valuable and efficient security monitoring capabilities, cost-effectiveness, and ability to address security threats effectively. On the other hand, Wazuh users have reported various benefits and advantages from using the product.
Room for Improvement: Users have identified room for improvement in both AlienVault OSSIM and Wazuh. AlienVault OSSIM needs enhancements in user interface, documentation, support, customization, and integration capabilities. Wazuh could benefit from improvements in interface, documentation, configuration options, and system resource consumption.
Deployment and customer support: The reviews for AlienVault OSSIM highlight varying timeframes for the different phases of establishing a new tech solution. Some users took three months for deployment and an additional week for setup, while others only needed a week for both. In contrast, the reviews for Wazuh emphasize the importance of considering both deployment and setup timeframes. Some users spent three months on deployment and a week on setup, while others required a week for both., Customers have expressed positive feedback about the customer service provided by both AlienVault OSSIM and Wazuh. Users appreciate the helpful and responsive team of AlienVault OSSIM, while Wazuh's customer service is commended for their knowledge, efficiency, and helpfulness.
The summary above is based on 41 interviews we conducted recently with AlienVault OSSIM and Wazuh users. To access the review's full transcripts, download our report.
"Log aggregation and data connectors are the most valuable features."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The analytic rule is the most valuable feature."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It has a lot of great features."
"The product is easy to use."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"Better than other SIEM solutions because almost everything can be integrated."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"AlienVault OSSIM's GUI is very user-friendly."
"It offers built-in modules for file integrity and vulnerability management."
"The main thing I like about it is that it has an EDR."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"It's stable."
"The configuration assessment and Pile integrity monitoring features are decent."
"The tool is stable."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The troubleshooting has room for improvement."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"The price of this solution is very high and it could be cheaper."
"The incidence reporting could be better."
"AlienVault OSSIM gives unwanted notifications."
"Lacking in depth of reporting."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"It's so hard to configure and explore something new on it."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"We would like to see more improvements on the cloud."
"Some features, like alerting, are complex with Wazuh."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. AlienVault OSSIM is rated 7.4, while Wazuh is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". AlienVault OSSIM is most compared with Elastic Security, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, Graylog and Fortinet FortiAnalyzer. See our AlienVault OSSIM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.