AlienVault OSSIM vs Microsoft Sentinel comparison

AT&T and Microsoft are both solutions in the Security Information and Event Management (SIEM) category. AT&T is ranked #11 with an average rating of 7.3, while Microsoft is ranked #3 with an average rating of 8.4. AT&T holds a 5.0% mindshare in SIEM, compared to Microsoft’s 8.7% mindshare. Additionally, 80% of AT&T users are willing to recommend the solution, compared to 93% of Microsoft users who would recommend it.

AlienVault OSSIM

Read 30 AlienVault OSSIM reviews

6,061 Views
3,812 Comparison Views

80% willing to recommend

Microsoft Sentinel

Read 89 Microsoft Sentinel reviews

16,740 Views
9,816 Comparison Views

93% willing to recommend

AlienVault OSSIM

Microsoft Sentinel

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

AlienVault OSSIM and Microsoft Sentinel are both prominent security information and event management (SIEM) tools. Users prefer AlienVault OSSIM for its affordability and support, but Microsoft Sentinel offers more comprehensive features, making it a better long-term investment.

Features: AlienVault OSSIM users value its robust open-source capabilities, good integration with other tools, and affordability. Microsoft Sentinel users appreciate its advanced analytics, scalability, and cloud-native design. Sentinel's more comprehensive feature set is better suited for large enterprises.

Room for Improvement: AlienVault OSSIM users often note the need for a more intuitive user experience, enhanced log management, and better documentation. Microsoft Sentinel users mention the high learning curve, complexity, and sometimes cumbersome setup process. Despite its complexity, Sentinel's extensive capabilities make it a strong tool.

Ease of Deployment and Customer Service: AlienVault OSSIM users find the deployment process straightforward with reliable customer support. Microsoft Sentinel, while praised for its flexible deployment options, gets mixed reviews on support due to some users experiencing longer resolution times. However, Sentinel's cloud integration is noted as a significant advantage.

Pricing and ROI: AlienVault OSSIM is favored for its lower setup costs and faster ROI. Microsoft Sentinel, despite higher initial costs, is viewed as delivering better long-term ROI because of its advanced features and scalability, justifying the higher price point.

To learn more, read our detailed AlienVault OSSIM vs. Microsoft Sentinel Report (Updated: December 2024).

Buyer's Guide

AlienVault OSSIM vs. Microsoft Sentinel

December 2024

Download the complete report

Helped 824,053 peers since 2012

Categories and Ranking

AlienVault OSSIM

Ranking in Security Information and Event Management (SIEM)

11th

Average Rating

7.4

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

3rd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (5th)

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 5.0%, up from 3.0% compared to the previous year. The mindshare of Microsoft Sentinel is 8.7%, down from 10.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

HarshBhardiya

SOC Engineer at Just Dial Limited

An open-source solution that provide good detection and more visibility

The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup. We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities. Only one person is using the solution. It is the perfect solution for small businesses. I rate the solution’s scalability a three out of ten.

Read full review

Nitin Arora

Security Delivery Senior Analyst at Accenture

Gives us one place to investigate and respond to threats, and automation eliminates manual work

They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries."

"The initial setup is straightforward."

"Network traffic analysis is highly efficient."

"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"

"The most valuable features of this solution are the data correlation and vulnerability assessment."

"The initial setup was straightforward. I didn't have any problems."

"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."

"The solution is very stable. Compared to Qradar and Splunk, it's very stable."

More AlienVault OSSIM pros

"The initial setup is very simple and straightforward."

"Log aggregation and data connectors are the most valuable features."

"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."

"The connectivity and analytics are great."

"Microsoft Sentinel stands out among SIEM tools for its user-friendliness and powerful built-in query language."

"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."

"The pricing of the product is excellent."

"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."

More Microsoft Sentinel pros

Cons

"AlienVault OSSIM is costly."

"The user interface needs to be friendlier across the board."

"The incidence reporting could be better."

"It's under heavy traffic. If you have heavy traffic, the system is slow."

"The correlation engine needs to be improved."

"It's so hard to configure and explore something new on it."

"There needs to be more support or some kind of training program so users can self-learn the system more effectively."

"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."

More AlienVault OSSIM cons

"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."

"Microsoft Sentinel's search efficiency can be improved, especially for queries spanning large datasets or long timeframes like 90 days compared to competitors like Splunk."

"The on-prem log sources still require a lot of development."

"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

"There is room for improvement in terms of integrations. We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel. We lack integration for Syslogs into Sentinel."

"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."

"Microsoft Sentinel is relatively expensive, and its cost should be improved."

"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."

More Microsoft Sentinel cons

Pricing and Cost Advice

"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."

"The tool's licensing costs are yearly."

"When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price structure. If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current pricing of Microsoft Sentinel."

"OSSIM is free."

"AlienVault OSSIM is free."

"AlienVault OSSIM is expensive compared to its competitors."

"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."

"We are using the community version, which can be used for free."

More AlienVault OSSIM pricing and cost advice

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."

"Microsoft Sentinel requires an E5 license."

"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."

"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."

"Microsoft Sentinel is expensive."

"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."

"There are no additional costs other than the initial costs of Sentinel."

"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."

More Microsoft Sentinel pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

824,053 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

Comms Service Provider

Educational Organization

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about AlienVault OSSIM?

Asset discovery is good.

See all answers

What is your experience regarding pricing and costs for AlienVault OSSIM?

I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log.

See all answers

What needs improvement with AlienVault OSSIM?

There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly. The integration capabil...

See all answers

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

Comparisons

Wazuh vs AlienVault OSSIM

Compared 82% of the time

Elastic Security vs AlienVault OSSIM

Compared 5% of the time

USM Anywhere vs AlienVault OSSIM

Compared 4% of the time

Splunk Enterprise Security vs AlienVault OSSIM

Compared 2% of the time

Fortinet FortiSIEM vs AlienVault OSSIM

Compared 1% of the time

More AlienVault OSSIM Competitors

AWS Security Hub vs Microsoft Sentinel

Compared 21% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 10% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 7% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Google Chronicle Suite vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Product Reports

Buyer's Guide

AlienVault OSSIM

December 2024

Download AlienVault OSSIM product report

Buyer's Guide

Microsoft Sentinel

November 2024

Download Microsoft Sentinel product report

Also Known As

OSSIM

Azure Sentinel

Learn More

Video not available

AT&T

Microsoft

Overview

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Sample Customers

Council Rock School District

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Buyer's Guide

AlienVault OSSIM vs. Microsoft Sentinel

December 2024

Free Report: AlienVault OSSIM vs. Microsoft Sentinel

Find out what your peers are saying about AlienVault OSSIM vs. Microsoft Sentinel and other solutions. Updated: December 2024.

DOWNLOAD NOW

824,053 professionals have used our research since 2012.

See our AlienVault OSSIM vs. Microsoft Sentinel report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.