We performed a comparison between AlienVault OSSIM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has a lot of great features."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The initial setup is very simple and straightforward."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The connectivity and analytics are great."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"You can customize the dashboards as well as the reporting."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"AlienVault OSSIM's GUI is very user-friendly."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The initial setup is straightforward."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The most valuable feature is vulnerability management because it gives you insight into your environment to know what systems need to be updated or patched."
"Log-monitoring and alerting enable us to know when things happen that we need to know about."
"We had used previous products and found AlienVault centralized the logging for our security."
"I can easily check (in one place) all the logs and data in relation to attacks. It also gives me an overview if a server is not configured properly."
"Vulnerability scanning helped out shortcomings of what was not patched in the past and what needed to be patched. This assisted with fine tuning the environment for compliance."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"Every activity on the firewall is recorded, and notifications are sent with this solution."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The reporting could be more structured."
"The product can be improved by reducing the cost to use AI machine learning."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"The user interface needs to be friendlier across the board."
"AlienVault OSSIM is costly."
"The documentation could be improved."
"GUI could be improved."
"The solution needs more integration with cyber intelligence systems."
"It should be able to communicate with other security solutions to stop threats."
"One area that has room for improvement is storage. AllienVault is a good place to put logs, but sometimes it's a tough place to go get logs... The logger can only hold so much data. If they improved that, that would help."
"This solution could be easier to use."
"The reporting aspect could be improved. While there are a lot of different options available, there are still pieces which are missing."
"Different functions to customize reports should be added."
"I want to see more compliance management capability. The quality of integrations seems to be a little bit low."
"Adding a parsing interface for the customers would make AT&T AlienVault USM better."
"The vulnerability scanning feature is one of the areas where the product has certain shortcomings and needs to improve. The tool has vulnerability scanning, but it is not that efficient."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. AlienVault OSSIM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". AlienVault OSSIM is most compared with Wazuh, Elastic Security, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas USM Anywhere is most compared with Wazuh, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM. See our AlienVault OSSIM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
