AlienVault OSSIM vs NetWitness Platform comparison

AT&T and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. AT&T is ranked #8 with an average rating of 7.4, while NetWitness is ranked #29 with an average rating of 8.0. AT&T holds a 3.4% mindshare in SIEM, compared to NetWitness’s 0.6% mindshare. Additionally, 80% of AT&T users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

AlienVault OSSIM

Read 31 AlienVault OSSIM reviews

5,391 Views
5,283 Comparison Views

80% willing to recommend

NetWitness Platform

Read 37 NetWitness Platform reviews

1,551 Views
1,008 Comparison Views

75% willing to recommend

AlienVault OSSIM

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and AlienVault OSSIM are reputable cybersecurity solutions known for their advanced threat detection capabilities. While users prefer AlienVault OSSIM's support and pricing, NetWitness Platform's comprehensive features justify its cost.

Features: NetWitness Platform offers deep packet inspection, threat intelligence, and more advanced extensive features. AlienVault OSSIM is recognized for its simplicity and integration capabilities, making it user-friendly.

Room for Improvement: NetWitness needs better scalability and third-party tool integration. AlienVault OSSIM requires enhanced documentation and more frequent updates, focusing on support improvements.

Ease of Deployment and Customer Service: NetWitness Platform's deployment is complex but supported by strong customer service. AlienVault OSSIM provides a straightforward deployment process with reliable customer support.

Pricing and ROI: NetWitness Platform has higher setup costs but offers significant ROI through its enhanced capabilities. AlienVault OSSIM offers competitive pricing and reasonable ROI, being more cost-effective upfront.

To learn more, read our detailed AlienVault OSSIM vs. NetWitness Platform Report (Updated: July 2025).

Buyer's Guide

AlienVault OSSIM vs. NetWitness Platform

July 2025

Download the complete report

Helped 861,524 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

AlienVault OSSIM

Ranking in Security Information and Event Management (SIEM)

8th

Average Rating

7.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

No ranking in other categories

NetWitness Platform

Ranking in Security Information and Event Management (SIEM)

29th

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (37th)

Mindshare comparison

As of July 2025, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 3.4%, down from 4.1% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

HarshBhardiya

SOC Engineer at Just Dial Limited

An open-source solution that provide good detection and more visibility

The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup. We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities. Only one person is using the solution. It is the perfect solution for small businesses. I rate the solution’s scalability a three out of ten.

Read full review

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The product is easy to use."

"The solution is very stable. Compared to Qradar and Splunk, it's very stable."

"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."

"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."

"Better than other SIEM solutions because almost everything can be integrated."

"The paid version of the solution has reporting and better scalability options."

"The most valuable feature is the logging capability."

"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""

More AlienVault OSSIM pros

"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."

"Performance and reporting are very good."

"NetWitness Platform is valuable for creating rules that the solution must detect."

"The most valuable features are its ingestion of logs and raising of alerts based on those logs."

"The most valuable feature is the hunting ability to work in a CERT."

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."

More NetWitness Platform pros

Cons

"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."

"The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale."

"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."

"The correlation engine needs to be improved."

"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."

"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."

"There needs to be more support or some kind of training program so users can self-learn the system more effectively."

"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."

More AlienVault OSSIM cons

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"More customizability is required, which is something that they need to improve on."

"There is no support for this product in this country, so problems have to be resolved through global technical teams."

"An area for improvement would be better automation and more inbuilt use cases."

"Health monitoring of the event sources and devices."

"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

More NetWitness Platform cons

Pricing and Cost Advice

"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."

"AlienVault OSSIM is expensive compared to its competitors."

"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."

"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."

"AlienVault OSSIM is an open-source solution."

"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."

"AlienVault OSSIM is free."

"OSSIM is open source, and USM is the paid license. So, if you want, you can switch to USM. There you will have to buy a license, and they have a support team that helps you out on issues you face."

More AlienVault OSSIM pricing and cost advice

"This is a pricey solution; it's not cheap."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"We are on an annual license for the use of the solution."

"The product is expensive."

"Compared to the competition, the is price is not that high."

"The licenses are good but the cost is very expensive."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

861,524 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

16%

Comms Service Provider

10%

Financial Services Firm

University

Financial Services Firm

17%

Computer Software Company

17%

Manufacturing Company

Real Estate/Law Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about AlienVault OSSIM?

Asset discovery is good.

See all answers

What is your experience regarding pricing and costs for AlienVault OSSIM?

It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...

See all answers

What needs improvement with AlienVault OSSIM?

Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...

See all answers

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Comparisons

Wazuh vs AlienVault OSSIM

Compared 75% of the time

USM Anywhere vs AlienVault OSSIM

Compared 6% of the time

Elastic Security vs AlienVault OSSIM

Compared 4% of the time

Splunk Enterprise Security vs AlienVault OSSIM

Compared 3% of the time

Microsoft Defender XDR vs AlienVault OSSIM

Compared 2% of the time

More AlienVault OSSIM Competitors

Splunk Enterprise Security vs NetWitness Platform

Compared 23% of the time

IBM Security QRadar vs NetWitness Platform

Compared 21% of the time

Elastic Security vs NetWitness Platform

Compared 14% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 10% of the time

RSA enVision vs NetWitness Platform

Compared 9% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

AlienVault OSSIM

July 2025

Download AlienVault OSSIM product report

Buyer's Guide

NetWitness Platform

June 2025

Download NetWitness Platform product report

Also Known As

OSSIM

RSA Security Analytics

Overview

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

AT&T

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Sample Customers

Council Rock School District

Los Angeles World Airports, Reply

Buyer's Guide

AlienVault OSSIM vs. NetWitness Platform

July 2025

Free Report: AlienVault OSSIM vs. NetWitness Platform

Find out what your peers are saying about AlienVault OSSIM vs. NetWitness Platform and other solutions. Updated: July 2025.

DOWNLOAD NOW

861,524 professionals have used our research since 2012.

See our AlienVault OSSIM vs. NetWitness Platform report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.