We performed a comparison between AlienVault OSSIM and USM Anywhere based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has a lot of great features."
"The machine learning and artificial intelligence on offer are great."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The solution is free to use."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"With AlienVault you get everything in one box."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The initial setup is straightforward."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"It brought our logs into one place for review and set up alarms based on changes we were missing due to lack of having one place for everything to go."
"Any unusual behaviour, we can monitor. We have alerts set up to be sent when we receive signs of any unusual behaviour."
"The AlienVault solution has enabled us to create a SOC on a budget with smaller than usual staff requirements, offering a wider range of solutions for our customers."
"Our main focus was intrusion detection, alerts, and correlation. It's easy to use AlienVault and integrate it with other alert tools because it includes lots of connectors. Either the tool is already there, or AlienVault will write an API for us if they don't have a connector for the solution that is providing the logs."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"SIEM log collection is great, and all of the rules that support updates with maintenance."
"The new cloud-based panel is excellent both for client review as well as for our SOC to review and respond to threats. It is much easier to configure and use than the previous solution from AlienVault."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"There is room for improvement in entity behavior and the integration site."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"The user interface needs to be friendlier across the board."
"Lacking in depth of reporting."
"The solution needs more integration with cyber intelligence systems."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"We need more dashboards and we need more customization for dashboards."
"I don't like to work on OSSIM because it is unpredictable."
"I'd like to see a dashboard that's a little more descriptive."
"AlienVault needs to continue to integrate with other third-party technologies that clients want to have monitored."
"I think plugin management should be self-service on AlienVault USM. The other product is self-service but on the USM side. You have to submit a ticket then AT&T creates and updates the plugins."
"It should be able to communicate with other security solutions to stop threats."
"There could be some type of integration with our existing portal. We have our own customer portals, and it would be good if there was an integration so that our portal can provide reports. There could be some type of API into the AlienVault system with the USM system so that it is easy to show the customers high-level reports of the system through our portal."
"It would be nice to see some machine learning and monitoring of the configuration in network devices."
"There are many reports included but would be nice to have better access to the data."
"Search performance can be slow. The Raw Logs feature is painfully slow. And if we're talking about the newer, the Anywhere product, you can't even schedule reports on the thing. There are probably a dozen other features I'd really like to see there, but that would be one of the biggies."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while USM Anywhere is ranked 11th in Security Information and Event Management (SIEM) with 113 reviews. AlienVault OSSIM is rated 7.4, while USM Anywhere is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of USM Anywhere writes "Easy to use and affordable". AlienVault OSSIM is most compared with Wazuh, Elastic Security, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas USM Anywhere is most compared with Wazuh, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM. See our AlienVault OSSIM vs. USM Anywhere report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.