Try our new research platform with insights from 80,000+ expert users

AlienVault OSSIM vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 29, 2024
 

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
11th
Average Rating
7.4
Reviews Sentiment
7.2
Number of Reviews
30
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
301
Ranking in other categories
Log Management (1st), IT Operations Analytics (1st)
 

Mindshare comparison

As of December 2024, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 5.0%, up from 3.0% compared to the previous year. The mindshare of Splunk Enterprise Security is 11.2%, down from 15.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

HarshBhardiya - PeerSpot reviewer
An open-source solution that provide good detection and more visibility
The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup. We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities. Only one person is using the solution. It is the perfect solution for small businesses. I rate the solution’s scalability a three out of ten.
Avinash Gopu. - PeerSpot reviewer
Offers good visibility into multiple environments, significantly reduces our alert volume, and speeds up our security investigations
There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices. This is because Splunk relies on agents, which cannot access certain workstations. In these cases, we have to rely on application data. For example, with mainframes, manual reports are generated and sent to Splunk, limiting visibility to what's manually reported. This lack of automation for specific platforms needs improvement from Splunk. Additionally, API access is limited for other applications that rely on API calls and requests. This requires heavy customization on Splunk's end. These are the main challenges we've encountered. Monitoring multiple cloud platforms, like Azure, GCP, and AWS, with Splunk Enterprise Security presents some challenges. While Splunk provides different connectors for each provider, consolidating data from two domains across distinct cloud environments can be complex. However, leveraging pre-built templates and Splunk's data collation capabilities can help overcome these hurdles. Despite initial difficulties, I believe Splunk can effectively address this task, earning it an eight out of ten rating for its multi-cloud monitoring capabilities. While Splunk Enterprise Security offers insider threat detection capabilities, its effectiveness could be enhanced by integrating with additional tools, such as endpoint security solutions. This integrated approach is particularly crucial for financial institutions, which often require dedicated endpoint security teams. While using multiple tools is valuable, further improvements within Splunk itself are also necessary. Considering both external integration and internal development, I would rate its current insider threat detection capabilities as three out of ten. Threat detection is where Splunk falls behind. While it offers tools, other use cases require additional work. PAM is an enterprise tool that centralizes information about users, servers, and everything else. It needs real-time monitoring, which I haven't seen in any of the companies I've worked for. They only rely on Splunk for alerting, but real-time monitoring should be handled by the endpoint security team's tools. This means there's no detection or analysis at the machine or endpoint level. Additionally, threat analysis reporting is also absent.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"With AlienVault you get everything in one box."
"You can customize the dashboards as well as the reporting."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The solution is free to use."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The product is easy to use."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"It gives me notifications of notable events."
"If you want to understand how it can analyze or find out incidents, the visibility is good."
"It provides a lot of analytics with the underlying AI engine, and it is a lot easier than other solutions. There are some products that do automated AI-based detection and drawing up charts, but for network monitoring and all of the monitoring aspects, it is quite a nice tool. It is very convenient for business users because they get more or less a lot of data readily available. If you're familiar with the Splunk query language, you can pretty much do whatever you want."
"Splunk Enterprise Security quickly gives us a view of an endpoint or a user or identity. If I want to look for an identity or an asset, I just quickly go into Splunk Enterprise Security. I know where to go and get a quick analysis for a respective object."
"The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards."
"We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
"Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security."
 

Cons

"AlienVault OSSIM’s configuration and integration could be a little easier."
"The incidence reporting could be better."
"The solution is not scalable."
"The user interface could be improved."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"It's so hard to configure and explore something new on it."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"For on-premise, it's more about optimization. With such a heavy byte scale of data that we are operating on, the search for disparate data sometimes takes about a minute. This is understandable considering the amount of data that we are pumping into it. The only optimization that I recommend is better sharding, when it comes to Splunk, so that data retrieval can be faster."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"Professional support is great, but too expensive."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"I would like additional features in different programming models with the support for writing queries in SQL or other languages, such as C#, Java, or some other type of query definitions."
"While there aren't any major areas where the solution has to be improved, there are certain integrations that are still not available. I would specifically like to see legacy applications integrated."
"Sometimes, the data does not match what we're looking for, or the tool contains incorrect data."
 

Pricing and Cost Advice

"AlienVault OSSIM is an open-source solution."
"The solution is open source, so it's free to use."
"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."
"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
"OSSIM is open source, and USM is the paid license. So, if you want, you can switch to USM. There you will have to buy a license, and they have a support team that helps you out on issues you face."
"When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price structure. If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current pricing of Microsoft Sentinel."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
"You will eat up whatever you purchase quickly. The level of insights that Splunk empowers is addictive."
"It can be tough to determine if you are getting all of the value out of your investment at times."
"My experience with the solution's setup cost, pricing, and licensing was really good."
"This solution is costly. Splunk is obviously a great product, but you should only choose this product if you need all the features provided. Otherwise, if you don't need all the features to meet your requirements, there are probably other products that will be more cost-effective. It's cost versus the functionality requirement."
"I've heard Splunk is often preferred over other options, but the cost can be prohibitive for smaller organizations."
"Splunk Enterprise Security is expensive."
"The Splunk Enterprise Security license is expensive."
"Licensing is a yearly, one-time cost."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
824,053 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
9%
Comms Service Provider
8%
Educational Organization
8%
Financial Services Firm
15%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for AlienVault OSSIM?
I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log.
What needs improvement with AlienVault OSSIM?
There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly. The integration capabil...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

OSSIM
No data available
 

Learn More

Video not available
 

Overview

 

Sample Customers

Council Rock School District
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about AlienVault OSSIM vs. Splunk Enterprise Security and other solutions. Updated: December 2024.
824,053 professionals have used our research since 2012.