The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
AlienVault has an agent and OS X, which provide good detection. It is an open-source solution, and the agent gives more visibility to the endpoints. The alert feature is also good.
It gives us much more visibility if something is going on in the environment or if certain features are being used on the endpoint, copying files, or certain event codes that have been there for our servers. We need log in, log out, and every detail. It gives us much more information.
The log management could be improved because of the open source.
In the configuration of AlienVault OSSIM, users can determine backup frequency, retention policies, and other settings. There is a limitation on customizing backup settings for specific devices. Unfortunately, there's no option within the interface. Even accessing the backend database doesn't offer a solution, as it only allows for full database backups or none at all. This is a significant drawback, particularly for larger environments or clients with specific device backup needs.
I have been using AlienVault OSSIM for 3 months. We are using the V5.6 of the solution.
The product is stable.
I rate the solution’s stability a ten out of ten.
The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup.
We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities.
Only one person is using the solution. It is the perfect solution for small businesses.
I rate the solution’s scalability a three out of ten.
There is no straightforward documentation available now at AT&T. They are focusing on the cloud. The on-prem documentation is not available there.
AT&T has removed the support. They are trying to force the customer to go with the cloud. They still have the tool up and going. They won't be able to configure it If something new is there.
The initial setup is straightforward. It takes a week for everything, including onboarding of the devices.
The only issue is the support for certain network devices. We needed to onboard them onto AlienVault OSSIM, but few pre-existing integrations were available. As a result, we had to create custom configurations for those devices. For example, when attempting to onboard Cisco Unified Communication Manager, which allows centralized management of Cisco routers and other equipment, we faced challenges with the configuration process.
I followed the documentation provided for AlienVault OSSIM, which included straightforward commands. After downloading the setup, running the command established the management console as expected. Additional steps were required for agents. The agents needed to be installed, and their IPs were configured. There are discrepancies in some configuration files that were not documented. We had to edit these files to ensure that the IPs matched.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
The solution is free.
Asset discovery is good. You give the IP range, and it'll scan everything in the network. You can select it and onboard it.
If you're new to AlienVault OSSIM, dive in and start configuring it. Experiment, play around with its features, and get comfortable with it. If it meets your needs and you feel confident using it, you can continue using it. However, if you encounter issues with scalability or log management that you can't resolve, it may be necessary to explore alternative solutions.
Overall, I rate the solution an eight out of ten.
We use Coralogix to analyze our log metrics. We were looking for an enhanced tool to help us secure our real-time data.
We have integrated Coralogix with Slack and other tools, which has helped us receive real-time alerts. We don't have to constantly monitor the tool because it generates alerts and pushes them to us, providing notifications on Slack. This enhancement has strengthened our security, fulfilling our need when searching for such a tool.
Numerous data monitoring tools are available, but Coralogix somehow fine-tunes our policies and effectively supports our teams. This SaaS platform utilizes machine learning for behavioral analysis of logs, yielding the results we need. For instance, there was a scenario where we received extension logs that were difficult to interpret. However, we obtained the analysis with the help of the product.
Almost all the features we currently use in our product subscription are important to us. Regarding alerting or incident management, incident alert mapping, and suppression rules, we utilize almost all the features available on Coralogix. Additionally, we are sending all the logs, such as app logs, EPC flow logs, etcetera.
Nowadays, tools are often divided into modules. It would be helpful if Coralogix could integrate the main modules that any organization requires into a single subscription. It would streamline the process for organizations like ours.
Merging some of the modules into a single subscription would be beneficial. Nowadays, modules are often separated, so if an organization needs additional modules after subscribing to one, they may have to purchase another subscription. Combining the availability module with tracing metrics or other relevant modules would be beneficial.
I rate the platform's stability a nine out of ten.
I rate the platform's scalability an eight.
We did contact the technical support team when we encountered a deployment issue with Cloudflare. They assisted us promptly and provided helpful answers within the expected time frame.
Before adopting Coralogix, we relied on open-source solutions, but they needed to meet our needs effectively. It led us to explore and eventually invest in a commercial product.
The platform has a reasonable cost. I rate the pricing a three out of ten.
We also evaluated Palo Alto and other Palo Alto products as potential solutions. We opted for Coralogix over Palo Alto because its subscription plan offered better visibility and more features.
The alerting feature in Coralogix, integrated with Slack, has helped your team respond to incidents more quickly and effectively. We haven't experienced any incidents since implementation. Still, during the POC phase, the alerting feature proved to be prompt and reliable, assisting your team in promptly addressing potential issues.
It provides visualization tools that facilitate data analysis. These tools are available directly on the dashboard.
I recommend analyzing their organization's use case and scenario for new users. They should compare it with other tools to see if it suits their needs. If they find it suitable, then they should proceed with it. However, they should be prepared for the possibility that the tool may only suit some organizations. In our case, it worked well in pricing, scenario, and overall performance, so we opted to use it.
I rate it a nine out of ten.
