We compared AlienVault OSSIM and Wazuh based on our user's reviews in several parameters.
According to user reviews, AlienVault OSSIM is praised for its comprehensive threat detection, real-time monitoring, and strong asset management capabilities, while Wazuh is highlighted for its advanced threat detection, seamless integration with other tools, and easy installation process. AlienVault OSSIM users appreciate the customer service and pricing structure, while Wazuh users value the customer support and flexible licensing options. However, AlienVault OSSIM users desire improvements in the user interface and documentation, while Wazuh users suggest enhancements in system resource consumption. Overall, both products offer positive ROI and efficient security monitoring capabilities.
Features: AlienVault OSSIM stands out for its comprehensive threat detection and strong asset management capabilities. On the other hand, Wazuh is known for its advanced threat detection, efficient log analysis, and flexibility in tailoring the solution to specific needs.
Pricing and ROI: AlienVault OSSIM has been positively evaluated for its pricing, setup cost, and licensing. Users find the pricing structure reasonable and affordable. The setup process is straightforward and requires minimal effort. AlienVault OSSIM offers flexible licensing options. In comparison, Wazuh is also considered cost-effective with reasonable pricing options. The setup cost is hassle-free and the licensing is customizable., AlienVault OSSIM has been praised for its valuable and efficient security monitoring capabilities, cost-effectiveness, and ability to address security threats effectively. On the other hand, Wazuh users have reported various benefits and advantages from using the product.
Room for Improvement: Users have identified room for improvement in both AlienVault OSSIM and Wazuh. AlienVault OSSIM needs enhancements in user interface, documentation, support, customization, and integration capabilities. Wazuh could benefit from improvements in interface, documentation, configuration options, and system resource consumption.
Deployment and customer support: The reviews for AlienVault OSSIM highlight varying timeframes for the different phases of establishing a new tech solution. Some users took three months for deployment and an additional week for setup, while others only needed a week for both. In contrast, the reviews for Wazuh emphasize the importance of considering both deployment and setup timeframes. Some users spent three months on deployment and a week on setup, while others required a week for both., Customers have expressed positive feedback about the customer service provided by both AlienVault OSSIM and Wazuh. Users appreciate the helpful and responsive team of AlienVault OSSIM, while Wazuh's customer service is commended for their knowledge, efficiency, and helpfulness.
The summary above is based on 41 interviews we conducted recently with AlienVault OSSIM and Wazuh users. To access the review's full transcripts, download our report.
"The product can integrate with any device."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The initial setup is straightforward."
"With AlienVault you get everything in one box."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"You can customize the dashboards as well as the reporting."
"The solution is free to use."
"Asset discovery is good."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The main thing I like about it is that it has an EDR."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"There is room for improvement in entity behavior and the integration site."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"AlienVault OSSIM is costly."
"The price of this solution is very high and it could be cheaper."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"They can add more compliance templates."
"The solution is not scalable."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"The user interface needs to be friendlier across the board."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"The implementation is very complex."
"Since it's an open-source tool, scalability is the main issue."
"We would like to see more improvements on the cloud."
"Some features, like alerting, are complex with Wazuh."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. AlienVault OSSIM is rated 7.4, while Wazuh is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". AlienVault OSSIM is most compared with Elastic Security, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, Graylog and CrowdStrike Falcon. See our AlienVault OSSIM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.