Try our new research platform with insights from 80,000+ expert users

AlienVault OSSIM vs Rapid7 InsightIDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
10th
Average Rating
7.4
Reviews Sentiment
7.1
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
9th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (2nd), Endpoint Detection and Response (EDR) (18th), Threat Deception Platforms (5th), Extended Detection and Response (XDR) (14th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 3.9%, up from 3.6% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.5%, down from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Aman Aijaz - PeerSpot reviewer
An easy-to-scale open-source solution used for monitoring events on devices
The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.
Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"You can customize the dashboards as well as the reporting."
"The product is majorly used for threat detection of the agents on servers and endpoints."
"With AlienVault you get everything in one box."
"It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries."
"The solution is free to use."
"I recommend it due to the experience of the people running it."
"It improved my organization by building a security alerting program."
"Features for user behavior analytics and the rules for attack review are good."
"The solution is very stable and works very well for what I need it to do."
"I like that it's a cloud-based solution."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"It is a very stable solution."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"Log search allows us to dive deep into aggregated logs and query all event types at once.​"
 

Cons

"We need more dashboards and we need more customization for dashboards."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."
"GUI could be improved."
"The correlation engine needs to be improved."
"They can add more compliance templates."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"The main problem lies in the processes within the client's operating systems."
"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"InsightIDR is only available in a cloud version. Some of our customers prefer an on-prem solution because they want to manage the security within their environment."
 

Pricing and Cost Advice

"AlienVault OSSIM is an open-source solution."
"When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price structure. If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current pricing of Microsoft Sentinel."
"AlienVault OSSIM is free."
"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
"The solution is open source, so it's free to use."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"AlienVault OSSIM is expensive compared to its competitors."
"It is more reasonably priced than other vendors."
"The pricing and licensing are competitive."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"The solution has a mid-range price point in the market"
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"​Accurately predict your licensing counts as this is a subscription based product.​"
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
10%
Financial Services Firm
9%
University
8%
Computer Software Company
16%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for AlienVault OSSIM?
It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...
What needs improvement with AlienVault OSSIM?
Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
 

Also Known As

OSSIM
InsightIDR
 

Overview

 

Sample Customers

Council Rock School District
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about AlienVault OSSIM vs. Rapid7 InsightIDR and other solutions. Updated: April 2025.
848,716 professionals have used our research since 2012.