AlienVault OSSIM Reviews

The self-paced training is pretty good. 

The initial setup is straightforward. 

We've found the solution to be very stable. 

You can scale the solution.

Technical support is excellent. They are very helpful and responsive. 

ArcSight works better than AlienVault right now.

The incidence reporting could be better. We'd like to be able to better privatize certain logs that handle certain detections. It's really important to us. 

The integration capabilities could be improved. 

I've been using the solution for over three years at this point. 

The solution has been quite stable for us. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The product can scale. The only problem we have with it is the integration. For example, we were trying to integrate a solution in the server for retaining logs on AlienVault. We tried everything possible, however, it just wouldn't integrate. In contrast, when we move to ArcSight, we could do it one time and it was working just fine. There were no integration issues. 

When we have had to reach out to them, they were brilliant. They were prompt and very precise. 

We've used ArcSight as well. We used it on a particular project recently. It's easier to integrate items in it as compared to AlienVault. Aside from that, they are very similar products. 

The implementation process is pretty simple and straightforward. It's not difficult or complex at all. A company shouldn't have issues handling it. 

The only issue that comes into play is when you want to integrate it with other vendors. 

Overall, I'd rate the deployment process at a four out of five. 

I'm a consultant. 

I'd rate the solution at an eight out of ten. For the most part, I am satisfied with its capabilities. 

I have deployed AlienVault OSSIM in a couple of small environments for monitoring.

The paid version of the solution has reporting and better scalability options.

When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration.

I have been using AlienVault OSSIM for approximately seven years.

The solution is stable.

The free version is lacking some of the scalability options.

I have used QRadar and ArcSight.

The configuration of the solution is difficult. There are videos we can watch but we do not have time to watch videos. We want there to be better documentation that we can use.

We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it.

I have evaluated ELK Stack and Security Onion.

I rate AlienVault OSSIM an eight out of ten.

We are using this solution for collecting logs. We are not correlating or assessing any user behavior analytics (UBA). 

The most valuable feature is the logging capability.

The correlation engine needs to be improved.

The interface is not user-friendly, which is an area for improvement.

I have been using this solution for one year.

It's a stable solution.

This is certainly a scalable product.

The Community version does not have any technical support.

We have been able to resolve some issues through the community forums.

Previously, we did not use another similar product.

We are using the community version, which can be used for free.

We have decided to implement a fully-featured SIEM solution that has all of the features, including UBA.

Because we are using the community version, we were unable to explore features such as behavior analytics.

I would rate this solution a five out of ten.

Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. 

It is also free and very powerful.

They can add more compliance templates.

I have been using AlienVault OSSIM since 2015. 

It is a quite stable product.

It is perfectly scalable. We have ten in-house users.

I have used Splunk. AlienVault OSSIM and Splunk differ mainly in price. In Splunk, we need to do the correlation ourselves. Alienvault OSSIM is more user friendly. I don't have to learn a particular SQL language to do a query. It provides a new way of creating a query for any security event or management. 

The initial setup is very straightforward. It doesn't take more than 15 minutes, and you are done.

We predominantly deploy it on-premises. We have a few deployments on the cloud, but our focus is primarily on the on-premises deployments.

AlienVault OSSIM is free.

It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability. 

I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware. 

AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good.

I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.

We are using AlienVault for vulnerability scanning and detecting abnormal behavior.

This product is easy to use.

The support is very good and they offer managed services.

The dashboards are good. You can customize the dashboards as well as the reporting.

There needs to be more focus on the NOC and IIS in terms of developing applications for behavior detection.

The backup features use a lot of storage space.

The documentation could be improved.

Asset management and filtering are in need of fine-tuning and enhancement.

I have been working with AlienValut since 2018.

AlienValut is a very stable product.

The technical support is perfect.

I have worked with LogRhythm in the past, since 2015, and I find that AlienVault is a better product. We are facing a technical issue with LogRhythm, as it is still used in other parts of our organization. I am looking to finalize and unify the solution.

We needed better detection to give us information from the IS about geography or abnormal behavior that is breaching our security. Most of our products are web applications and this is important to us. 

We are currently looking into implementing a PoC for either ManageEngine or FortiSIEM.

My advice to anybody who is considering AlienVault is to implement a proof of concept to ensure that it meets their requirements. A PoC should be done before settling on any product.

I would rate this solution a nine out of ten.

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture. 

We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.

The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.

The pricing of the solution needs to be improved.

There needs to be more support or some kind of training program so users can self-learn the system more effectively.

I've been using the solution for three years.

The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.

The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.

There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.

We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.

We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.

We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.

The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.

Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise. 

The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.

We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.

We had one internal consultant who did the entire implementation for us.

I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.

We're just customers. We don't have a business relationship with the product.

We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.

Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.

I'd rate the solution overall at eight out of ten.

This product would typically be used by a client who would be looking at dipping his feet into the SIEM space and understanding how to go about setting up an SOC without putting in a large up-front investment. I'm the director of our company and we are partners with AlienVault. 

The solution offers great models with good integration and this is one of the out-of-the-box features which you're able to easily enable and get it up and running. It's a big plus for the product, because you don't have to bother your head about doing the integrations.

Other good features include an inbuilt IDS, an inbuilt integration with their own threat intelligence platform which is the OTX, and integration with the vulnerability assessment modules.

I believe this solution still has a way to go. From a management console perspective and the maturity of the dashboards, I would probably put it slightly behind some of the other players that have been in the market for ages. The leading vendors of SIEM already have a very mature user interface with evolved dashboards and reporting mechanisms. There is a lot of depth in that, but not everybody is looking for that. If your requirements are functional and you're looking for something that's easily deployable and simple to understand and manage, without the necessity of a very large team, I would choose this solution. 

An additional feature I'd like to see would be an increase in the depth of reporting. IBM has AI enabled dashboards which are supposed to be intuitive. They are difficult to configure and that's a problem, but they are very rich in terms of the information that they provide. There is a lot of granular detail and different ways in which you can slice and dice and present the same data. I would also like to see the product handle larger scale deployments and more third party integrations.

I've been using this solution for three years. 

This is a stable solution. 

It's scalable, but AlienVault is not an enterprise class solution in the sense that it cannot go beyond 15000 EPS, which limits the market that it can address. That's a drawback, but expansion might not be what the company wants and they're happy to remain in the 2000 to 3000 EPS range, in which case it's a great product for its market. 

We don't use the support very much as we manage to deal with most issues in-house. The technical support they provide is okay. We haven't had too many problems but my reference point might be slightly slanted, because we don't have such a large installed base.

The initial setup is relatively straightforward and doesn't take much time. AlienVault has its own vulnerability module and its own OTX feed. All of these are pre-integrated which makes for a speedy deployment. The issue is that these days nobody employs SIEM alone. It needs to be able to correlate information not only from its own data sources, but also from third-party data sources, like vulnerability tools, like threat intelligence feeds, like forensic data, and these third party integrations add to implementation time. Each situation is different and deployment time depends on the scale of the infrastructure. 

Most of the SOC or SIEM enterprise class products are very expensive, whereas with OSSIM you can start out with a smaller setup and then expand as you wish. It's great because you get a pre-integrated, ready to run platform, which you can deploy. You don't have to bother about the integrations too much. This platform provides an adequate level of experience for that kind of an integrated intelligence gathering in any IT setup at a reasonable cost. It makes the entry easier for somebody who's not so well versed in these technologies and so on. I think that's the principal use case for AlienVault's product line.

Make sure to choose the right partner to do the implementation. It's important that they know and understand the technology. They should have a very good understanding of the tool as well as an understanding of the security and operations space so that they are able to deliver on what you want to achieve as an outcome. 

I would rate this solution an eight out of 10. 

Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant. 

A very good feature of AlienVault OSSIM is that it has many domains that can be integrated from different solutions. For example, if we have a firewall and I want to connect it with the AlienVault OSSIM, there is already a grid affecting that. From that perspective, it's a very good solution in that almost everything can be integrated and that makes it better than other SIEM solutions.

The great thing is that the networking configuration features are good and integrations don't need to be done manually. Of course it's possible but there's an automatic option for configuring networks and there's a plug in for different kinds of solutions. Network security firewalls, IDS, and the like are things that already exist. 

The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable.

The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool. 

I've been using this solution for one year. 

I'd say the stability of the solution is moderate. 

The documentation provided was not sufficient, so we worked it out by ourselves. 

The initial setup was not so easy, partly because the documentation was not up to date. You end up learning from your mistakes. Deployment took us more than six months.  We have an open source intrusion detection system which is connected to it and endpoint systems. We implemented by ourselves, there are two people in the company with expertise in this area. 

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. 

If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective.

I would rate this solution a six out of 10. 

We primarily use the solution just to analyze events that occur based on security events.

I can't really discuss how this helps my organization. I'm running this from my home, so this is not a business I'm using it for. What I do is I log in infrequently to the device or to the service and I check and see if there's anything that's anomalous or anything that is of concern. 

The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on."

The solution works well and allows me to have visibility into anomalous events.

I'm not sure if there's anything on the solution that needs improvement.

I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.

I've only been using the solution for about a year.

The solution is very stable. It runs well and there are no issues that I can see that would make me concerned about its stability. I haven't faced any bugs or crashes that would make me worry.

The solution is largely scalable. I'd rate it at about a seven out of ten in terms of how well you can expand it. 

There is room for improvement, but that's only because it depends upon the data that's feeding in. You have to understand that it's a collector. It collects data, it analyzes data. It's only going to be as good as the data you give it.

The solution is free to use and therefore doesn't offer technical support.

I didn't previously use a different solution, at least not at my house.

The initial setup was very straightforward. I didn't run into any problems or complexities at all.

I maintain the solution myself. It doesn't require a lot of maintenance or man-hours to keep it running properly.

I didn't use a reseller or integrator to assist me. I was able to handle the process from beginning to end on my own.

The solution is free to use.

I didn't evaluate any other options. I already knew enough about them, and this was the only free solution, which is why I chose it.

I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment.

I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.

We are a solution provider and this is one of the products that we implement for our clients.

Our clients use this SIEM solution to collect and analyze logs that are generated by different appliances or different machines. It is a correlation tool for event management that gathers all of the events in your environment. This includes different hardware and different operating systems. There are rules in AlienVault that might be triggered based on the logs, and you can tell when there is a security attack or something else that is malicious that comes to your network. These types of events raise a flag and send a notification.

Our clients include banks and other financial institutions.

There are two versions of AlienVault. One is a community edition and the other requires a license. We are dealing with the licensed version and a hybrid-cloud environment.

The most valuable features of this solution are the data correlation and vulnerability assessment.

The price of this solution is very high and it could be cheaper. Normally it is sold to financial institutions, which is why it is high.

I first implemented this solution in 2012, seven years ago.

This solution is very stable. It runs on a Linux box and you only interface with it through the GUI. It works behind the scenes. It has never crashed in the time that I have used it.

Scalability is very good. It integrates with a number of other products, such as the help desk.

Technical support for this solution is very good. They are now owned by AT&T Security, and their people do a pretty good job.

We implement this solution for our customers.

We have a team of twenty engineers. Some work on infrastructure, while others handle security products. I am the head of the security team.

There are two versions of AlienVault available. The Community Edition is free, and the other version requires a license. The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this.

There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises.

The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's almost free. As long as you can handle problems, such as when it stops working, that you can fix over a couple of days or during the weekend, then it is fine. 

I would rate this solution a ten out of ten.