What is most valuable?
AlienVault has an agent and OS X, which provide good detection. It is an open-source solution, and the agent gives more visibility to the endpoints. The alert feature is also good.
It gives us much more visibility if something is going on in the environment or if certain features are being used on the endpoint, copying files, or certain event codes that have been there for our servers. We need log in, log out, and every detail. It gives us much more information.
What needs improvement?
The log management could be improved because of the open source.
In the configuration of AlienVault OSSIM, users can determine backup frequency, retention policies, and other settings. There is a limitation on customizing backup settings for specific devices. Unfortunately, there's no option within the interface. Even accessing the backend database doesn't offer a solution, as it only allows for full database backups or none at all. This is a significant drawback, particularly for larger environments or clients with specific device backup needs.
For how long have I used the solution?
I have been using AlienVault OSSIM for 3 months. We are using the V5.6 of the solution.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a ten out of ten.
What do I think about the scalability of the solution?
The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup.
We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities.
Only one person is using the solution. It is the perfect solution for small businesses.
I rate the solution’s scalability a three out of ten.
How are customer service and support?
There is no straightforward documentation available now at AT&T. They are focusing on the cloud. The on-prem documentation is not available there.
AT&T has removed the support. They are trying to force the customer to go with the cloud. They still have the tool up and going. They won't be able to configure it If something new is there.
How was the initial setup?
The initial setup is straightforward. It takes a week for everything, including onboarding of the devices.
The only issue is the support for certain network devices. We needed to onboard them onto AlienVault OSSIM, but few pre-existing integrations were available. As a result, we had to create custom configurations for those devices. For example, when attempting to onboard Cisco Unified Communication Manager, which allows centralized management of Cisco routers and other equipment, we faced challenges with the configuration process.
I followed the documentation provided for AlienVault OSSIM, which included straightforward commands. After downloading the setup, running the command established the management console as expected. Additional steps were required for agents. The agents needed to be installed, and their IPs were configured. There are discrepancies in some configuration files that were not documented. We had to edit these files to ensure that the IPs matched.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
What about the implementation team?
What's my experience with pricing, setup cost, and licensing?
What other advice do I have?
Asset discovery is good. You give the IP range, and it'll scan everything in the network. You can select it and onboard it.
If you're new to AlienVault OSSIM, dive in and start configuring it. Experiment, play around with its features, and get comfortable with it. If it meets your needs and you feel confident using it, you can continue using it. However, if you encounter issues with scalability or log management that you can't resolve, it may be necessary to explore alternative solutions.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: integrator