TrustRadius: an HG Insights company

AlienVault OSSIM (discontinued) Professional, Scientific, and Technical Services Reviews & Insights

Score8.9 out of 10

29 Reviews and Ratings

Community insights

TrustRadius Insights for AlienVault OSSIM are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.

Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.

Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.

AlienVault OSSIM (discontinued) Reviews

4 Reviews
Professional, Scientific, and Technical ServicesInformation Technology & Services1Computer & Network Security3

AlienVault OSSIM - very useful for threat hunting

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.

Pros

  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.

Cons

  • Integration with a honeypot.

Likelihood to Recommend

AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).
Vetted Review
AlienVault OSSIM (discontinued)
2 years of experience

Lego block SIEM

Rating: 6 out of 10
Incentivized

Use Cases and Deployment Scope

As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.

Pros

  • Collection of logs
  • Pricing
  • Ability to customize reports

Cons

  • Out of the box reporting
  • Correlation of events
  • AI

Likelihood to Recommend

AlienVault is a good SIEM tool in general, it can collect logs, has the ability to create custom reports for the data that it gathers from both windows systems and networking devices, and the reports with some amount of finessing can look as good as the organization spends time on them. The problem is that alien vault past these great abilities falls short on doing anything else, it is an archaic SIEM solution that does nothing more than being a SIEM solution, [it] is very little out of the box reporting that is useful, no ability to dynamically adapt to a customers environment and no AI built into the appliance. At the end of the day, the biggest problem that this product suffers from is that it is expensive for the value provided. If you are looking for a SIEM that does nothing more than just be a SIEM and you have a dedicated team to run it, alien value is a great tool, unfortunately, that’s all it can do.
Vetted Review
AlienVault OSSIM (discontinued)
4 years of experience

AlienVault OSSIM

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

AlienVault OSSIM address's several business problems including but not limited to.
  • SIEM
  • Reporting
  • Asset management

OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs

Pros

  • SIEM - Curtail part of managing your alarms and events on the network
  • Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
  • GUI - The user interface is clean, and easy to use and customise

Cons

  • Data logging - Note this is available via their paid version USM
  • Plugins - More API plugins to aid the collection of logs form other security platforms
  • Threat Map - Did not appear to work

Likelihood to Recommend

OSSIM is suited for security researchers and system admins who want quick visibility of network activity and alerts they may have missed without the aid of Alien Vault OSSIM. After a setup that only takes around 15 to 30 minutes, you will be seeing network traffic and generating alarms on your dashboard making it fast and effective deployment.

A hands-on proper security solution!

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.

Likelihood to Recommend

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.