AlienVault OSSIM Reviews

I use the solution in my company. The product is majorly used for threat detection of the agents on servers and endpoints. We use Elasticsearch's dashboard. Whenever we check the traffic routing, events, alarms and notification, we also have the dashboard from Elasticsearch that helps us put them in a mode category.

Honestly, I don't know what can be improved in the product. I am trying to get a comparison between AlienVault OSSIM and the other solutions in the market. AlienVault OSSIM failed to provide our company a full insight, while also giving out a lot of false positives. The tool has certain areas where improvements are required.

I have been using AlienVault OSSIM for two years. I am a user of the solution.

Stability-wise, I rate the solution a three to four out of ten.

I did not use the solution's technical support.

I work with Wazuh and Nutanix, but before AlienVault OSSIM, I have not worked with other products.

I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log.

I am checking out to see if there are other better solutions in the market that can give me what I want because I need to sell them to other customers. I work with Wazuh myself, but I am looking at other products to figure out which ones are better if I want to start out with something new. I am making a comparison of SIEM, SOAR, and SOC solutions to see which one is better and what the advantages or the pros and cons of each of the tools in the market are. If the customer says that the price is his or her problem, I know which product to offer them.

I have not had a good experience with AlienVault OSSIM.

To be able to support our company's compliance efforts, I got to add Elasticsearch to ensure that we get the maximum results from the solution. We have broken down AlienVault and Elasticsearch and moved to Securonix.

I have used the tool's SIEM component.

I have not really used the product's integration capabilities, especially since I remember that we had faced some challenges with them in the past.

I rate the tool a five out of ten.

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture. 

We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.

The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.

The pricing of the solution needs to be improved.

There needs to be more support or some kind of training program so users can self-learn the system more effectively.

I've been using the solution for three years.

The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.

The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.

There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.

We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.

We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.

We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.

The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.

Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise. 

The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.

We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.

We had one internal consultant who did the entire implementation for us.

I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.

We're just customers. We don't have a business relationship with the product.

We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.

Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.

I'd rate the solution overall at eight out of ten.

I use the solution for my project.

The solution is free to use. 

However, I have found a lot of issues in general that have given me problems. For example, their stability is not great. 

There is no alarm in my system, so I don't know if that's something right, or if there is nothing attached to my system. It's like there is no alarm in my system.

It's so hard to configure and explore something new on it.

It is not easy to find the steps we need to follow in order to use the solution effectively. 

We've been using this solution for one month. We might use it for three months or so. 

I have not found the stability to be very good. It's not, for example, showing any alarms. 

I cannot speak to technical support. I've never used them.

We did not previously use a different version of the solution. 

The solution is complex to set up. It is not straightforward. 

I set up the solution myself without the help of outside assistance. 

We are using the free version of the solution. 

I'm an end-user of the product. 

I'd rate the solution five out of ten. 

I primarily use the solution for log collection.

AlienVault sometimes works like an appendix. It's not accurate in most cases, but we use an agent like WinCollect to collect logs. We collate the information. The solution is fast-acting when it comes to collecting the logs, and for all the inter-process work.

The log collection is okay, but tracing the logs or tracing the events is a bit difficult. It's not user-friendly. A user must be an expert and must know how to give the logs, how to configure the system, etc. He has to be an expert on this product.

The user interface needs to be friendlier across the board. Also, I would prefer if the kill chain scenario with every event was not stacked. I need to be able to do an SQL query and figure out where the event came from and tag to the source and destination. I cannot see this easily as it is right now.

The solution is very stable. Compared to Qradar and Splunk, it's very stable.

I've never had to use technical support.

I previously used QRadar and Splunk.

I'm not sure how difficult the initial setup was, but it did take a very long time to implement.

The solution is open-source, so there are no licensing costs.

I've used this for a small environment, and it was amazing. I'm currently converting to QRadar now because I am expanding. I am handling more than 30,000 events per second. I can't use Alien Vault, as it's too high a threshold.

I do recommend the solution, however, for those with small environments that don't handle as many events. It works great for anything under 1,000 events per second.

I would rate the solution eight out of ten.

Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant. 

A very good feature of AlienVault OSSIM is that it has many domains that can be integrated from different solutions. For example, if we have a firewall and I want to connect it with the AlienVault OSSIM, there is already a grid affecting that. From that perspective, it's a very good solution in that almost everything can be integrated and that makes it better than other SIEM solutions.

The great thing is that the networking configuration features are good and integrations don't need to be done manually. Of course it's possible but there's an automatic option for configuring networks and there's a plug in for different kinds of solutions. Network security firewalls, IDS, and the like are things that already exist. 

The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable.

The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool. 

I've been using this solution for one year. 

I'd say the stability of the solution is moderate. 

The documentation provided was not sufficient, so we worked it out by ourselves. 

The initial setup was not so easy, partly because the documentation was not up to date. You end up learning from your mistakes. Deployment took us more than six months.  We have an open source intrusion detection system which is connected to it and endpoint systems. We implemented by ourselves, there are two people in the company with expertise in this area. 

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. 

If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective.

I would rate this solution a six out of 10. 

We primarily use the solution just to analyze events that occur based on security events.

I can't really discuss how this helps my organization. I'm running this from my home, so this is not a business I'm using it for. What I do is I log in infrequently to the device or to the service and I check and see if there's anything that's anomalous or anything that is of concern. 

The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on."

The solution works well and allows me to have visibility into anomalous events.

I'm not sure if there's anything on the solution that needs improvement.

I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.

I've only been using the solution for about a year.

The solution is very stable. It runs well and there are no issues that I can see that would make me concerned about its stability. I haven't faced any bugs or crashes that would make me worry.

The solution is largely scalable. I'd rate it at about a seven out of ten in terms of how well you can expand it. 

There is room for improvement, but that's only because it depends upon the data that's feeding in. You have to understand that it's a collector. It collects data, it analyzes data. It's only going to be as good as the data you give it.

The solution is free to use and therefore doesn't offer technical support.

I didn't previously use a different solution, at least not at my house.

The initial setup was very straightforward. I didn't run into any problems or complexities at all.

I maintain the solution myself. It doesn't require a lot of maintenance or man-hours to keep it running properly.

I didn't use a reseller or integrator to assist me. I was able to handle the process from beginning to end on my own.

The solution is free to use.

I didn't evaluate any other options. I already knew enough about them, and this was the only free solution, which is why I chose it.

I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment.

I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.

The solution needs more integration with cyber intelligence systems. 

Our customers want to use a single tool for managing cybersecurity. We want integration with existing tools and integration with newer tools that offer the ability to manage or to identify security vulnerabilities in a gateway system or firewall. Basically, we want the solution to offer configuration management. 

I would want it to be integrated with lasting search, in terms that it could gather a lot of intelligence and dump it into the database. Also, it would be useful if we were able to run analytics on the solution. If they can integrate it with an analytic function it would be better.

I haven't had time to compare the stability to other solutions, but for our purposes it's okay.

You need to pay for technical support, but I didn't pay for it, so I can't say much about it. The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online.

The initial setup was straightforward. 

There wasn't any complexity. The only issue we had was when we installed it on a virtual layer. We found a way around it, however. It was the open-source virtualization that gave us trouble. There was a workaround and we applied it and it was okay.

The solution is open-source. You need to pay for support if you want it.

We use the on-premises deployment model.

We have a small setup. It's an environment that supports only about 20 users, so, it's not really a complex setup.

I would give the solution a rating of seven out of ten. I believe if I paid for the support I'd get a higher quality of software and other additional functionalities.

We use the product for user analysis and network visibility. 

AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations. 

AlienVault OSSIM is costly. 

I have been working with the solution for more than a year. 

The solution is stable. 

The product is scalable. 

The tool's installation is straightforward. 

The tool's licensing costs are yearly. 

I rate AlienVault OSSIM an eight out of ten.