AlienVault OSSIM Reviews

Name: AlienVault OSSIM
Brand: AT&T
Rating: 3.7 (31 reviews)

Vendor: AT&T

3.7 out of 5

31 reviews
80% willing to recommend

Leave a review

What is AlienVault OSSIM?

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

Get the AlienVault OSSIM Buyer's Guide and find out what your peers are saying about AlienVault OSSIM, Wazuh, Splunk Enterprise Security and more!

AlienVault OSSIM is the #12 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give AlienVault OSSIM an average rating of 7.4 out of 10. AlienVault OSSIM is most commonly compared to Wazuh: AlienVault OSSIM vs Wazuh. AlienVault OSSIM is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 13% of all views.

Helped 879,259 peers since 2012

Featured AlienVault OSSIM reviews

Brandon Pearce

Independent Contractor at a comms service provider with 5,001-10,000 employees

Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implementation. The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale. By pushing it to a cloud-based system, they've largely alleviated scale issues. It's native in Amazon but will also run in Azure. They have worked with cloud service providers to offer enough throughput at a cost reasonable for a corporation. Scaling was their biggest problem, and they've largely conquered those issues.

Read full review

Tigabu Ab

Soc at a financial services firm with 5,001-10,000 employees

The primary use case is as a comprehensive Security Information and Event Management (SIEM) system, with more focus on internet access. It is used in the organization's threat detection and response strategies. Additionally, it was deployed in our on-premises servers to integrate log sources and…

Read full review

HarshBhardiya

SOC Engineer at a outsourcing company with 10,001+ employees

The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup. We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities. Only one person is using the solution. It is the perfect solution for small businesses. I rate the solution’s scalability a three out of ten.

Read full review

AlienVault OSSIM mindshare

As of December 2025, the mindshare of AlienVault OSSIM in the Security Information and Event Management (SIEM) category stands at 2.2%, down from 4.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
AlienVault OSSIM	2.2%
Wazuh	8.3%
Splunk Enterprise Security	8.0%
Other	81.5%

Security Information and Event Management (SIEM)

PeerResearch reports based on AlienVault OSSIM reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Dec 29, 2025	Download
Product	Reviews, tips, and advice from real users	Dec 29, 2025	Download
Comparison	AlienVault OSSIM vs Splunk Enterprise Security	Dec 29, 2025	Download
Comparison	AlienVault OSSIM vs Wazuh	Dec 29, 2025	Download
Comparison	AlienVault OSSIM vs Microsoft Sentinel	Dec 29, 2025	Download

Valuable Features

AlienVault OSSIM is praised for its threat alerts, asset discovery, and log collection. The open vault component and vulnerability assessments are valuable, while the dashboard provides centralized visibility. The integration capabilities are efficient, supporting various solutions and offering automation options. Features like inbuilt IDS and threat intelligence integration highlight its effectiveness. User-friendliness, ease of configuration, logging capabilities, and security detection are key strengths. Its free nature and multilayer architecture make it suitable for diverse organizations.

"I recommend it due to the experience of the people running it."
"Network traffic analysis is highly efficient."
"The product is majorly used for threat detection of the agents on servers and endpoints."

Room for Improvement

AlienVault OSSIM requires improvements in integration with cyber intelligence systems and ease of configuration. Users find the interface complex and the log tracing difficult. There are concerns about scalability, false positives, and the need for more dashboard customization. Pricing is considered high and deployment can be challenging. Users desire enhanced threat intelligence, better device integration, and improved user experience. The system struggles under heavy traffic and faces stability issues with on-premise setups.

"The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale."
"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."
"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."

ROI

Users found that AlienVault OSSIM helped reduce time spent on manual log analysis, improved threat detection efficiency, and offered valuable insights into network security. It enhanced compliance reporting and provided cost-effective security management. Some noted that while initial setup required effort, the significant reduction in labor costs and improved threat visibility justified the investment.

Pricing

AlienVault OSSIM offers an open-source version free of charge, making it appealing for budget-conscious enterprises. While additional support and premium features incur costs, many users find it competitively priced when compared to high-end alternatives like IBM or Splunk. Some users mention a high price point for licensing, comparable to Microsoft Sentinel, but others highlight a reasonable return on investment. Those purchasing the non-community edition pay annual licensing fees, with pricing adjusted based on usage and support options.

"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."
"AlienVault OSSIM is expensive compared to its competitors."
"The tool's licensing costs are yearly."

Popular Use Cases

AlienVault OSSIM users employ it for monitoring networks, threat detection, log collection, and incident management. They utilize it for securing traffic and analyzing security events. It supports vulnerability scanning, Network IDS, and local actions. Users in sectors like media and finance leverage AlienVault OSSIM for compliance and event correlation. They benefit from features aiding SOC setups and cyber security for telecommunications. Integration capabilities extend across diverse hardware and operating systems, enhanced by OTX for open-source threat exchange.

Service and Support

AlienVault OSSIM's customer service has mixed evaluations. Some users find support responsive and effective, while others experience significant delays in issue resolution. Paid support gets positive remarks, but those using free versions often rely on community forums. There is inconsistency in documentation and availability of support for on-premises operations, as AT&T emphasizes cloud solutions. Users highlight the option for US-based support at an additional cost and mention minimal training during implementation.

Deployment

Initial setup of AlienVault OSSIM varies in complexity. Some find it straightforward, requiring minimal time and resources, while others report challenges due to infrastructure size or integration needs. Virtualization issues are noted, with workarounds needed. Lack of up-to-date documentation or training can complicate deployment, though the availability of recent documentation aids configuration. Deployment duration ranges from hours to months, influenced by network complexity and organizational expertise. Integration with third-party tools extends implementation time.

Scalability

AlienVault OSSIM has varied scalability feedback. Some mention it is quite scalable, adaptable with a flexible architecture, while others find it limiting for larger enterprises. It supports mid-sized businesses effectively but may face challenges with extensive expansions. Users have noted integration issues and scalability limits, with mixed scores reflecting both strengths and weaknesses. Many use it successfully within capacity, but for substantial scaling, they may consider external solutions.

Stability

AlienVault OSSIM is stable with some experiencing high reliability, comparing it favorably to other platforms like Qradar and Splunk. Many rate its stability positively, though some note potential issues with older versions and server configurations. Most users do not encounter bugs or crashes. The open-source version has certain limitations but remains dependable when adhering to its restrictions. Some face minor stability concerns, while current versions are seen as improved in performance.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our AlienVault OSSIM Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	16
Midsize Enterprise	6
Large Enterprise	8

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	153
Midsize Enterprise	114
Large Enterprise	263

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

13%

Comms Service Provider

13%

Financial Services Firm

Manufacturing Company

Educational Organization

University

Retailer

Government

Healthcare Company

Hospitality Company

Non Profit

Media Company

Real Estate/Law Firm

Performing Arts

Consumer Goods Company

Transportation Company

Energy/Utilities Company

Legal Firm

Aerospace/Defense Firm

Insurance Company

Recreational Facilities/Services Company

Wholesaler/Distributor

Construction Company

Outsourcing Company

Logistics Company

Non Tech Company

Marketing Services Firm

Leisure / Travel Company

Compare AlienVault OSSIM with alternative products

Learn more about AlienVault OSSIM

AlienVault OSSIM was previously known as OSSIM.

AlienVault OSSIM customers

Council Rock School District

Julia Miller

Community Director at PeerSpot

Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries

What Solution for SIEM is Best To Be NIST 800-171 Compliant?

When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?

What are the main differences between Nessus and Arcsight?

What's The Best Way to Trial SIEM Solutions?

Which is the best SIEM solution for a government organization?

What is the difference between IT event correlation and aggregation?

What Is SIEM Used For?

RSA-EMC vs. other SIEM products?

What Questions Should I Ask Before Buying SIEM?

What are the pros and cons of internal SOC vs SOC-as-a-Service?

Product Categories

Security Information and Event Management (SIEM)

Popular Comparisons

Wazuh vs AlienVault OSSIM

Splunk Enterprise Security vs AlienVault OSSIM

Microsoft Sentinel vs AlienVault OSSIM

IBM Security QRadar vs AlienVault OSSIM

Elastic Security vs AlienVault OSSIM

Rapid7 InsightIDR vs AlienVault OSSIM

LogRhythm SIEM vs AlienVault OSSIM

Fortinet FortiSIEM vs AlienVault OSSIM

Google Chronicle Suite vs AlienVault OSSIM

Exabeam vs AlienVault OSSIM

Stellar Cyber Open XDR vs AlienVault OSSIM

ManageEngine Log360 vs AlienVault OSSIM

USM Anywhere vs AlienVault OSSIM

Devo vs AlienVault OSSIM

ManageEngine EventLog Analyzer vs AlienVault OSSIM

See all alternatives

AlienVault OSSIM Reviews Summary
Author info	Rating	Review Summary
Independent Contractor at a comms service provider with 5,001-10,000 employees	4.0	AlienVault OSSIM is appealing for small to medium businesses due to its cost-effective, cloud-based threat management and integration of OTX. While scaling was once challenging, improvements have been made. ROI depends on the business size and setup.
Soc at a financial services firm with 5,001-10,000 employees	4.0	AlienVault OSSIM serves as our primary SIEM system, focusing on internet access and enhancing security monitoring. While network traffic analysis is efficient, user behavior analytics and integration capabilities require improvement. We evaluated Wazuh and TrueRider before selecting AlienVault.
SOC Engineer at a outsourcing company with 10,001+ employees	4.0	AlienVault OSSIM provides good detection with its agent and OS X, enhancing endpoint visibility and alert features. However, the log management needs improvement, particularly in customizing backup settings for specific devices, which is a limitation for larger environments.
Senior System and cyber security administration at Tankeenhr	3.0	I use AlienVault OSSIM to collect and track user login details and activities, focusing on security detection, such as identifying brute-force attacks. It effectively generates reports, but sometimes it sends unnecessary notifications.
Assistant Manager Global Security at Convergys Corporation	4.0	I use AlienVault OSSIM to monitor device events, but being open-source, it has limitations. Its unpredictability and dependency issues are challenging, and while it lacks features, it's becoming outdated as we transition to Security Data Lake solutions.
Managing Director of Hytec (OLM Group company) at OLM Group company	3.5	I use AlienVault OSSIM for SOC support due to its valuable features like case management, configuration ease, and investigation tools. However, it requires better integration with newer tools and UI modernization. I've also worked with Microsoft Sentinel for similar tasks.
Owner / Area Engineering Manager at Jlgatica	3.5	I am using AlienVault OSSIM as a cybersecurity technician because its GUI is user-friendly. However, it needs improvement in adding features for directives and correlation policies, and its deployment should be more unified, similar to USM.
Information Technology Intern at Maputo Port Development Company SARL	4.5	I use AlienVault OSSIM for cyber security in a telecommunication company. It’s straightforward to use, but the configuration and integration processes could be simpler, as I needed to research to fully understand it. I haven't tried other solutions.

AlienVault OSSIM Reviews

What is AlienVault OSSIM?

Featured AlienVault OSSIM reviews

AlienVault OSSIM mindshare

PeerResearch reports based on AlienVault OSSIM reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare AlienVault OSSIM with alternative products

Learn more about AlienVault OSSIM

AlienVault OSSIM customers

Related articles

Related questions

Product Categories

Popular Comparisons

Title	Rating	Mindshare	Recommending
Wazuh	3.7	8.3%	81%	50 interviews Add to research
Splunk Enterprise Security	4.2	8.0%	94%	374 interviews Add to research