The primary use case is local action, vulnerability scanning, and usage of Network IDS. We use some process and correlation rules for our business our customers' businesses.
Integration with OTX enables us to see which IPs are malicious
Pros and Cons
- "OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
- "We need more dashboards and we need more customization for dashboards."
What is our primary use case?
How has it helped my organization?
When we forward in-traffic from our one interface to Network IDS in OSSIM, we can see all of the requests that we have to and from that interface. Because of integration with Open Threat Exchange from AlienVault, we see which IPs from these requests are malicious and we can use these IPs to block them on our firewall.
What needs improvement?
We need more dashboards and we need more customization for dashboards. It would be great if they would improve in this area.
What do I think about the stability of the solution?
The stability of OSSIM is not bad. Because it is an open-source version of a commercial product, it has some restrictions on the size of infrastructure that you can integrate with it. But if you don't go beyond these restrictions, it has great stability.
Buyer's Guide
AlienVault OSSIM
November 2024
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The server is the "brain" of the system, and there are the sensors. They are like collectors of information for the server. It depends on the size of the business and on geographical issues connected to the business. You can install sensors in all of your branch offices and the server in your main office and it works well in this type of deployment.
How are customer service and support?
Great guys. They work fast and they have great experience with their solutions and give great support.
Which solution did I use previously and why did I switch?
OSSIM was the first solution that I used in this area.
I started to work with its commercial brother, AlienVault USM. When I started to use that, I received some question from my customers about comparing USM and OSSIM. So at the time, I started to use OSSIM, to learn it and compare it with USM. I needed to answer the question, "Why do we need to pay AlienVault money to use their commercial product when they have open-source?" I needed to know the differences.
How was the initial setup?
The initial setup is really straightforward. It's like a Windows program: "Next, next, next, and finish." I don't remember if it was in the open-source versions or the commercial, but it may be that in OSSIM you also have results that can help you with the initial configuration. But overall, the initial setup and configuration are really easy.
In terms of how long the setup took, it's a more complex question. We need to integrate modules such as Network IDS, we need to install agents, we need to perform the initial configuration of OSSIM. For example, we need to configure the SPAN port and send traffic from some of our network devices to AlienVault OSSIM. It can take one hour or one day. It depends on the environment and the size of infrastructure and the size of the business. You may have one firewall or 100 firewalls. It doesn't take a lot of time, but depending on the size of the business, it may take from one hour to a day or two.
When it comes to maintenance of the solution, it also depends on the size of the business. In some companies, where there are 100 users and a small room with servers, you need only one administrator for this system, for maintenance and deployment and everything. But when there is a big company with a big number of employees, 1,000-plus, we may need some more people for deployment and for maintenance.
What about the implementation team?
I've done the setup by myself. In some types of deployments, when I have questions, I also include guys from the AlienVault team, but I haven't had to use them many times.
What's my experience with pricing, setup cost, and licensing?
OSSIM is free.
Which other solutions did I evaluate?
I didn't look at other options. OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system. The solution also provides us with a correlation engine for our logs. This is the best option on the market and I didn't see any similar solutions.
What other advice do I have?
I used this product for about a year. It was on-premise.
My advice is to just read the manual. OSSIM is very simple. If you know why you need to use it, you will be happy.
The biggest lesson is that the logs are "power." In these logs, with a good normalization engine, you can find so much very useful information about your infrastructure, sometimes about your employees, and about your business-critical processes.
I would rate the solution at ten out of ten. It's really the best open-source CM on the market. It's simple, it has OTX integration. OTX, the Open Threat Exchange, is also a great product from AlienVault. It's like Facebook for indicators of compromises.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Founder & CEO at MnZ Technology Solutions
Full fledged solution where everything comes in one box
Pros and Cons
- "With AlienVault you get everything in one box."
- "Sometimes technical issues take very long to get resolved."
What is our primary use case?
Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service.
What is most valuable?
What I like about this product, is that it is a fully-fledged solution. I don't need to buy any complementary products, everything comes in one box.
What needs improvement?
I would like to see an improvement in their threat exchange database because the OTX is not the best thing in the marketplace. There are better solutions. So if they could enhance our feature development, it would make the product much better.
For me, the user interface is very important, because the simpler the user interface is, the easier it is to find candidates to run the operation. If the user interface is very complicated, you need to expose your technical people to very intensive training in order to understand the system and to get the output right. So, from a user perspective, I would say the simpler the user interface, the better the product, especially for security issues. You need to let your tech people concentrate on the incident rather than on how to use the software to get the answer.
Lastly, if technical issues could be resolved faster, it would be a huge improvement.
For how long have I used the solution?
We've been using this solution for two years now.
What do I think about the stability of the solution?
This solution is about 90% stable. I do have a problem with vulnerability.
What do I think about the scalability of the solution?
It's a very scalable product. I will say it is 100% scalable. It is currently managing the entire security of the firm, but it's managed by four members of our staff because it's a 24/7 operation. Three of them work shifts, and one of them is the supervisor.
How are customer service and technical support?
I will give their technical support 80%. Although I am not completely satisfied, their response is good. I give their response 100% because whenever you open a ticket, you get communication on the spot. But sometimes it takes very long for your issue to get resolved. And that's why I'm only giving them 80%.
Which solution did I use previously and why did I switch?
We also used IBM QRadar before, but we did not get proper support and that's why we switched to AlienVault.
How was the initial setup?
The initial setup was rather complex and it took us about a day to finalize everything. When we did the deployment, we had some support from AlienVault. And eventually, when we installed it for our customers, our technical team did it by themselves. They didn't require any kind of support from AlienVault.
What's my experience with pricing, setup cost, and licensing?
The price was good and it matched out budget at that stage.
Which other solutions did I evaluate?
We looked at ArcSight as an option at the beginning, but the pricing was not what we were looking for. And we don't have the proper channel to sell ArcSight in Egypt. That's why we decided to go to AlienVault.
What other advice do I have?
If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money.
With AlienVault you get everything in one box. I will rate this product an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
AlienVault OSSIM
November 2024
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,636 professionals have used our research since 2012.
Research Assistant at a tech services company with 51-200 employees
Integrates more easily than other SIEM solutions, however the GUI needs improvement
Pros and Cons
- "Better than other SIEM solutions because almost everything can be integrated."
- "GUI could be improved."
What is our primary use case?
Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant.
What is most valuable?
A very good feature of AlienVault OSSIM is that it has many domains that can be integrated from different solutions. For example, if we have a firewall and I want to connect it with the AlienVault OSSIM, there is already a grid affecting that. From that perspective, it's a very good solution in that almost everything can be integrated and that makes it better than other SIEM solutions.
The great thing is that the networking configuration features are good and integrations don't need to be done manually. Of course it's possible but there's an automatic option for configuring networks and there's a plug in for different kinds of solutions. Network security firewalls, IDS, and the like are things that already exist.
What needs improvement?
The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable.
The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool.
For how long have I used the solution?
I've been using this solution for one year.
What do I think about the stability of the solution?
I'd say the stability of the solution is moderate.
How are customer service and technical support?
The documentation provided was not sufficient, so we worked it out by ourselves.
How was the initial setup?
The initial setup was not so easy, partly because the documentation was not up to date. You end up learning from your mistakes. Deployment took us more than six months. We have an open source intrusion detection system which is connected to it and endpoint systems. We implemented by ourselves, there are two people in the company with expertise in this area.
What other advice do I have?
Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing.
If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective.
I would rate this solution a six out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
infrastructure and security Analyst at holmen consulting
Easy to set up with good training and helpful technical support
Pros and Cons
- "The initial setup is straightforward."
- "The incidence reporting could be better."
What is most valuable?
The self-paced training is pretty good.
The initial setup is straightforward.
We've found the solution to be very stable.
You can scale the solution.
Technical support is excellent. They are very helpful and responsive.
What needs improvement?
ArcSight works better than AlienVault right now.
The incidence reporting could be better. We'd like to be able to better privatize certain logs that handle certain detections. It's really important to us.
The integration capabilities could be improved.
For how long have I used the solution?
I've been using the solution for over three years at this point.
What do I think about the stability of the solution?
The solution has been quite stable for us. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
The product can scale. The only problem we have with it is the integration. For example, we were trying to integrate a solution in the server for retaining logs on AlienVault. We tried everything possible, however, it just wouldn't integrate. In contrast, when we move to ArcSight, we could do it one time and it was working just fine. There were no integration issues.
How are customer service and support?
When we have had to reach out to them, they were brilliant. They were prompt and very precise.
Which solution did I use previously and why did I switch?
We've used ArcSight as well. We used it on a particular project recently. It's easier to integrate items in it as compared to AlienVault. Aside from that, they are very similar products.
How was the initial setup?
The implementation process is pretty simple and straightforward. It's not difficult or complex at all. A company shouldn't have issues handling it.
The only issue that comes into play is when you want to integrate it with other vendors.
Overall, I'd rate the deployment process at a four out of five.
What other advice do I have?
I'm a consultant.
I'd rate the solution at an eight out of ten. For the most part, I am satisfied with its capabilities.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
HEAD OF ENGINEERING at a insurance company with 201-500 employees
A good open-source solution for small setups, but needs more analytic functionality
Pros and Cons
- "The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
- "The solution needs more integration with cyber intelligence systems."
What needs improvement?
The solution needs more integration with cyber intelligence systems.
Our customers want to use a single tool for managing cybersecurity. We want integration with existing tools and integration with newer tools that offer the ability to manage or to identify security vulnerabilities in a gateway system or firewall. Basically, we want the solution to offer configuration management.
I would want it to be integrated with lasting search, in terms that it could gather a lot of intelligence and dump it into the database. Also, it would be useful if we were able to run analytics on the solution. If they can integrate it with an analytic function it would be better.
For how long have I used the solution?
I've been using the solution for four years.
What do I think about the stability of the solution?
I haven't had time to compare the stability to other solutions, but for our purposes it's okay.
How are customer service and technical support?
You need to pay for technical support, but I didn't pay for it, so I can't say much about it. The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online.
How was the initial setup?
The initial setup was straightforward.
There wasn't any complexity. The only issue we had was when we installed it on a virtual layer. We found a way around it, however. It was the open-source virtualization that gave us trouble. There was a workaround and we applied it and it was okay.
What's my experience with pricing, setup cost, and licensing?
The solution is open-source. You need to pay for support if you want it.
What other advice do I have?
We use the on-premises deployment model.
We have a small setup. It's an environment that supports only about 20 users, so, it's not really a complex setup.
I would give the solution a rating of seven out of ten. I believe if I paid for the support I'd get a higher quality of software and other additional functionalities.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Specialist at AEC
A good, stable open-source solution for small environments
Pros and Cons
- "The solution is very stable. Compared to Qradar and Splunk, it's very stable."
- "The user interface needs to be friendlier across the board."
What is our primary use case?
I primarily use the solution for log collection.
What is most valuable?
AlienVault sometimes works like an appendix. It's not accurate in most cases, but we use an agent like WinCollect to collect logs. We collate the information. The solution is fast-acting when it comes to collecting the logs, and for all the inter-process work.
What needs improvement?
The log collection is okay, but tracing the logs or tracing the events is a bit difficult. It's not user-friendly. A user must be an expert and must know how to give the logs, how to configure the system, etc. He has to be an expert on this product.
The user interface needs to be friendlier across the board. Also, I would prefer if the kill chain scenario with every event was not stacked. I need to be able to do an SQL query and figure out where the event came from and tag to the source and destination. I cannot see this easily as it is right now.
For how long have I used the solution?
I've been using the solution for 1.5 years.
What do I think about the stability of the solution?
The solution is very stable. Compared to Qradar and Splunk, it's very stable.
How are customer service and technical support?
I've never had to use technical support.
Which solution did I use previously and why did I switch?
I previously used QRadar and Splunk.
How was the initial setup?
I'm not sure how difficult the initial setup was, but it did take a very long time to implement.
What's my experience with pricing, setup cost, and licensing?
The solution is open-source, so there are no licensing costs.
What other advice do I have?
I've used this for a small environment, and it was amazing. I'm currently converting to QRadar now because I am expanding. I am handling more than 30,000 events per second. I can't use Alien Vault, as it's too high a threshold.
I do recommend the solution, however, for those with small environments that don't handle as many events. It works great for anything under 1,000 events per second.
I would rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Wealth Cybersecurity Architect at PWcyber
Free to use but doesn't offer many integrations and doesn't have technical support
Pros and Cons
- "The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
- "I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
What is our primary use case?
We primarily use the solution just to analyze events that occur based on security events.
How has it helped my organization?
I can't really discuss how this helps my organization. I'm running this from my home, so this is not a business I'm using it for. What I do is I log in infrequently to the device or to the service and I check and see if there's anything that's anomalous or anything that is of concern.
What is most valuable?
The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on."
The solution works well and allows me to have visibility into anomalous events.
What needs improvement?
I'm not sure if there's anything on the solution that needs improvement.
I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.
For how long have I used the solution?
I've only been using the solution for about a year.
What do I think about the stability of the solution?
The solution is very stable. It runs well and there are no issues that I can see that would make me concerned about its stability. I haven't faced any bugs or crashes that would make me worry.
What do I think about the scalability of the solution?
The solution is largely scalable. I'd rate it at about a seven out of ten in terms of how well you can expand it.
There is room for improvement, but that's only because it depends upon the data that's feeding in. You have to understand that it's a collector. It collects data, it analyzes data. It's only going to be as good as the data you give it.
How are customer service and technical support?
The solution is free to use and therefore doesn't offer technical support.
Which solution did I use previously and why did I switch?
I didn't previously use a different solution, at least not at my house.
How was the initial setup?
The initial setup was very straightforward. I didn't run into any problems or complexities at all.
I maintain the solution myself. It doesn't require a lot of maintenance or man-hours to keep it running properly.
What about the implementation team?
I didn't use a reseller or integrator to assist me. I was able to handle the process from beginning to end on my own.
What's my experience with pricing, setup cost, and licensing?
The solution is free to use.
Which other solutions did I evaluate?
I didn't evaluate any other options. I already knew enough about them, and this was the only free solution, which is why I chose it.
What other advice do I have?
I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment.
I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Relationship Manager at Snapnet Ltd
An enterprise solution that is rated highly by organizations
Pros and Cons
- "AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
- "AlienVault OSSIM is costly."
What is our primary use case?
We use the product for user analysis and network visibility.
What is most valuable?
AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations.
What needs improvement?
AlienVault OSSIM is costly.
For how long have I used the solution?
I have been working with the solution for more than a year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The product is scalable.
Which solution did I use previously and why did I switch?
The tool's installation is straightforward.
What's my experience with pricing, setup cost, and licensing?
The tool's licensing costs are yearly.
What other advice do I have?
I rate AlienVault OSSIM an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Fortinet FortiSIEM
Securonix Next-Gen SIEM
USM Anywhere
ManageEngine Log360
Google Chronicle Suite
ManageEngine EventLog Analyzer
ArcSight Enterprise Security Manager (ESM)
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region