AlienVault OSSIM Reviews

I use the solution for my project.

The solution is free to use. 

However, I have found a lot of issues in general that have given me problems. For example, their stability is not great. 

There is no alarm in my system, so I don't know if that's something right, or if there is nothing attached to my system. It's like there is no alarm in my system.

It's so hard to configure and explore something new on it.

It is not easy to find the steps we need to follow in order to use the solution effectively. 

We've been using this solution for one month. We might use it for three months or so. 

I have not found the stability to be very good. It's not, for example, showing any alarms. 

I cannot speak to technical support. I've never used them.

We did not previously use a different version of the solution. 

The solution is complex to set up. It is not straightforward. 

I set up the solution myself without the help of outside assistance. 

We are using the free version of the solution. 

I'm an end-user of the product. 

I'd rate the solution five out of ten. 

Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. 

It is also free and very powerful.

They can add more compliance templates.

I have been using AlienVault OSSIM since 2015. 

It is a quite stable product.

It is perfectly scalable. We have ten in-house users.

I have used Splunk. AlienVault OSSIM and Splunk differ mainly in price. In Splunk, we need to do the correlation ourselves. Alienvault OSSIM is more user friendly. I don't have to learn a particular SQL language to do a query. It provides a new way of creating a query for any security event or management. 

The initial setup is very straightforward. It doesn't take more than 15 minutes, and you are done.

We predominantly deploy it on-premises. We have a few deployments on the cloud, but our focus is primarily on the on-premises deployments.

AlienVault OSSIM is free.

It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability. 

I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware. 

AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good.

I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.

We are using AlienVault for vulnerability scanning and detecting abnormal behavior.

This product is easy to use.

The support is very good and they offer managed services.

The dashboards are good. You can customize the dashboards as well as the reporting.

There needs to be more focus on the NOC and IIS in terms of developing applications for behavior detection.

The backup features use a lot of storage space.

The documentation could be improved.

Asset management and filtering are in need of fine-tuning and enhancement.

I have been working with AlienValut since 2018.

AlienValut is a very stable product.

The technical support is perfect.

I have worked with LogRhythm in the past, since 2015, and I find that AlienVault is a better product. We are facing a technical issue with LogRhythm, as it is still used in other parts of our organization. I am looking to finalize and unify the solution.

We needed better detection to give us information from the IS about geography or abnormal behavior that is breaching our security. Most of our products are web applications and this is important to us. 

We are currently looking into implementing a PoC for either ManageEngine or FortiSIEM.

My advice to anybody who is considering AlienVault is to implement a proof of concept to ensure that it meets their requirements. A PoC should be done before settling on any product.

I would rate this solution a nine out of ten.

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture. 

We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.

The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.

The pricing of the solution needs to be improved.

There needs to be more support or some kind of training program so users can self-learn the system more effectively.

I've been using the solution for three years.

The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.

The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.

There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.

We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.

We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.

We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.

The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.

Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise. 

The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.

We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.

We had one internal consultant who did the entire implementation for us.

I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.

We're just customers. We don't have a business relationship with the product.

We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.

Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.

I'd rate the solution overall at eight out of ten.

Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant. 

A very good feature of AlienVault OSSIM is that it has many domains that can be integrated from different solutions. For example, if we have a firewall and I want to connect it with the AlienVault OSSIM, there is already a grid affecting that. From that perspective, it's a very good solution in that almost everything can be integrated and that makes it better than other SIEM solutions.

The great thing is that the networking configuration features are good and integrations don't need to be done manually. Of course it's possible but there's an automatic option for configuring networks and there's a plug in for different kinds of solutions. Network security firewalls, IDS, and the like are things that already exist. 

The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable.

The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool. 

I've been using this solution for one year. 

I'd say the stability of the solution is moderate. 

The documentation provided was not sufficient, so we worked it out by ourselves. 

The initial setup was not so easy, partly because the documentation was not up to date. You end up learning from your mistakes. Deployment took us more than six months.  We have an open source intrusion detection system which is connected to it and endpoint systems. We implemented by ourselves, there are two people in the company with expertise in this area. 

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. 

If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective.

I would rate this solution a six out of 10. 

I use AlienVault OSSIM for the protection of our customers and to find critical events. 

There are two different versions of AlienVault OSSIM, one is on-premise and the other is cloud.

The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network.

AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base.

I have been using AlienVault OSSIM for three years.

The older versions of AlienVault OSSIM were not stable, but the latest version was better.

I rate the stability of AlienVault OSSIM a four out of five.

I rate the scalability of AlienVault OSSIM a four out of five.

We have three people who use this solution in my company.

The support from AlienVault OSSIM is good, they are responsive.

I rate the support from AlienVault OSSIM a five out of five.

Positive

The initial setup of AlienVault OSSIM was easy. However, I have many years of experience in the field of network administration. The process took one day to complete.

We did the implementation of AlienVault OSSIM, we are all certified. We have five engineers that did the implementation of the solution.

The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support.

We have two people that do the maintenance for the solution.

I rate AlienVault OSSIM an eight out of ten.

The self-paced training is pretty good. 

The initial setup is straightforward. 

We've found the solution to be very stable. 

You can scale the solution.

Technical support is excellent. They are very helpful and responsive. 

ArcSight works better than AlienVault right now.

The incidence reporting could be better. We'd like to be able to better privatize certain logs that handle certain detections. It's really important to us. 

The integration capabilities could be improved. 

I've been using the solution for over three years at this point. 

The solution has been quite stable for us. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.

The product can scale. The only problem we have with it is the integration. For example, we were trying to integrate a solution in the server for retaining logs on AlienVault. We tried everything possible, however, it just wouldn't integrate. In contrast, when we move to ArcSight, we could do it one time and it was working just fine. There were no integration issues. 

When we have had to reach out to them, they were brilliant. They were prompt and very precise. 

We've used ArcSight as well. We used it on a particular project recently. It's easier to integrate items in it as compared to AlienVault. Aside from that, they are very similar products. 

The implementation process is pretty simple and straightforward. It's not difficult or complex at all. A company shouldn't have issues handling it. 

The only issue that comes into play is when you want to integrate it with other vendors. 

Overall, I'd rate the deployment process at a four out of five. 

I'm a consultant. 

I'd rate the solution at an eight out of ten. For the most part, I am satisfied with its capabilities. 

I have deployed AlienVault OSSIM in a couple of small environments for monitoring.

The paid version of the solution has reporting and better scalability options.

When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration.

I have been using AlienVault OSSIM for approximately seven years.

The solution is stable.

The free version is lacking some of the scalability options.

I have used QRadar and ArcSight.

The configuration of the solution is difficult. There are videos we can watch but we do not have time to watch videos. We want there to be better documentation that we can use.

We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it.

I have evaluated ELK Stack and Security Onion.

I rate AlienVault OSSIM an eight out of ten.