AlienVault OSSIM Reviews and Pricing

reviewer2401791

ICT Support Analyst at a tech services company with 1-10 employees

May 30, 2024

Download

Has a robust threat intelligence feature along with efficient asset grouping functionality

Pros and Cons

"It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries."

"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."

What is our primary use case?

The primary use case is threat detection. We have configured various rules to monitor the environment for any suspicious activity.

What needs improvement?

Collecting logs can sometimes be tedious, especially compared to my experience with Microsoft Sentinel.

I suggest more in-built rules based on modern threats and environments to make it a more competitive solution.

For how long have I used the solution?

I have been using AlienVault OSSIM for six months.

What other advice do I have?

I find the overall threat intelligence feature robust and the asset grouping feature, allows us to correlate events with entire asset groups.

It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries.

The asset discovery functionality, once set up, automatically identifies all devices on the network. It aids compliance efforts and helps us understand the network's device landscape.

While integration is possible with other tools like EDR and Cisco Office 365 Defender ATP, it is not as fast or easy as integrating with Microsoft products.

I recommend it, particularly for medium to large companies with complex IT infrastructures.

Overall, I rate the product an eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.