What advice do you have for others considering AlienVault OSSIM?

I have not had a good experience with AlienVault OSSIM. To be able to support our company's compliance efforts, I got to add Elasticsearch to ensure that we get the maximum results from the solution. We have broken down AlienVault and Elasticsearch and moved to Securonix. I have used the tool's SIEM component. I have not really used the product's integration capabilities, especially since I remember that we had faced some challenges with them in the past. I rate the tool a five out of ten.

I find the overall threat intelligence feature robust and the asset grouping feature, allows us to correlate events with entire asset groups. It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries. The asset discovery functionality, once set up, automatically identifies all devices on the network. It aids compliance efforts and helps us understand the network's device landscape. While integration is possible with other tools like EDR and Cisco Office 365 Defender ATP, it is not as fast or easy as integrating with Microsoft products. I recommend it, particularly for medium to large companies with complex IT infrastructures. Overall, I rate the product an eight out of ten.

Asset discovery is good. You give the IP range, and it'll scan everything in the network. You can select it and onboard it. If you're new to AlienVault OSSIM, dive in and start configuring it. Experiment, play around with its features, and get comfortable with it. If it meets your needs and you feel confident using it, you can continue using it. However, if you encounter issues with scalability or log management that you can't resolve, it may be necessary to explore alternative solutions. Overall, I rate the solution an eight out of ten.

All components, including cloud integration, Microsoft Office 365, local servers, and domain controllers, are integrated into the system. Deploying three servers across various locations allows for the collection of data, which is then uploaded to generate reports. I rate the overall product a six out of ten.

I rate AlienVault OSSIM a nine out of ten.

I rate AlienVault OSSIM an eight out of ten.

I am using the latest version of AlienVault OSSIM. The people who work with AlienVault OSSIM have just a few tutorials on YouTube where they teach people to use it. I totally recommend AlienVault OSSIM to other users. Overall, I rate AlienVault OSSIM a seven out of ten.

I would definitely recommend anyone to get on this tool if they are starting a career in cybersecurity since there are not many tools available in the market which help you get an experience as a SIEM tool. The other ones are paid ones, where you need to buy a license, and then you can try it. So, if you're just starting your own lab, then this thing can provide you with a very great edge because you can experience many attacks and see how the logs are there on the system. So this kind of provides you with that. Overall, I would rate it an eight out of ten.

My advice to others would be to do the webinars and stay as standard as possible. It is simple to configure and use this system as it calculates all the necessary components. Looking ahead, it is crucial for Microsoft to maintain its position in the top quadrant, as determined by Gartner, considering the investments made by both Google and Microsoft in this space. I rate AlienVault OSSIM a seven out of ten.

We have two people that do the maintenance for the solution. I rate AlienVault OSSIM an eight out of ten.

I'm a consultant. I'd rate the solution at an eight out of ten. For the most part, I am satisfied with its capabilities.

I rate AlienVault OSSIM an eight out of ten.

Because we are using the community version, we were unable to explore features such as behavior analytics. I would rate this solution a five out of ten.

It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability. I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware. AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good. I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.

My advice to anybody who is considering AlienVault is to implement a proof of concept to ensure that it meets their requirements. A PoC should be done before settling on any product. I would rate this solution a nine out of ten.

We're just customers. We don't have a business relationship with the product. We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on. Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences. I'd rate the solution overall at eight out of ten.

Most of the SOC or SIEM enterprise class products are very expensive, whereas with OSSIM you can start out with a smaller setup and then expand as you wish. It's great because you get a pre-integrated, ready to run platform, which you can deploy. You don't have to bother about the integrations too much. This platform provides an adequate level of experience for that kind of an integrated intelligence gathering in any IT setup at a reasonable cost. It makes the entry easier for somebody who's not so well versed in these technologies and so on. I think that's the principal use case for AlienVault's product line. Make sure to choose the right partner to do the implementation. It's important that they know and understand the technology. They should have a very good understanding of the tool as well as an understanding of the security and operations space so that they are able to deliver on what you want to achieve as an outcome. I would rate this solution an eight out of 10.

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective. I would rate this solution a six out of 10.

I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment. I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.

I used this product for about a year. It was on-premise. My advice is to just read the manual. OSSIM is very simple. If you know why you need to use it, you will be happy. The biggest lesson is that the logs are "power." In these logs, with a good normalization engine, you can find so much very useful information about your infrastructure, sometimes about your employees, and about your business-critical processes. I would rate the solution at ten out of ten. It's really the best open-source CM on the market. It's simple, it has OTX integration. OTX, the Open Threat Exchange, is also a great product from AlienVault. It's like Facebook for indicators of compromises.

There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises. The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's almost free. As long as you can handle problems, such as when it stops working, that you can fix over a couple of days or during the weekend, then it is fine. I would rate this solution a ten out of ten.

We use the cloud deployment model. I have a server that I subscribe people to. I would advise others to consider, if they get more customers, to do the commercial version the OSSIM from AlienVault. It's now part of AT&T, so there's a lot of support. I would rate the solution seven out of ten.

We use the on-premises deployment model. I would rate the solution nine out of ten.

The installation is easy, but it's not very compatible with some of our other solutions. Still, it's okay, it's very good. It integrates well with ELK. I would rate the solution six out of ten.

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money. With AlienVault you get everything in one box. I will rate this product an eight out of ten.

I've used this for a small environment, and it was amazing. I'm currently converting to QRadar now because I am expanding. I am handling more than 30,000 events per second. I can't use Alien Vault, as it's too high a threshold. I do recommend the solution, however, for those with small environments that don't handle as many events. It works great for anything under 1,000 events per second. I would rate the solution eight out of ten.

We use the on-premises deployment model. We have a small setup. It's an environment that supports only about 20 users, so, it's not really a complex setup. I would give the solution a rating of seven out of ten. I believe if I paid for the support I'd get a higher quality of software and other additional functionalities.

If your network is flat, if it is not that complicated, then you should go for it. I'm using it free of cost, so I'm very happy with AlienVault. I'm the only one who's controlling it. I have a team of five. They are my soft team. They monitor all the alerts 24/7. It takes a team of five to maintain it. I lead the security section and among the other five, two are network specialists and three are system administrators.