AlienVault OSSIM Reviews

Our primary use case for AlienVault is incident management. We started as a customer because one of our companies worked on it. Eventually, we started reselling the service. 

What I like about this product, is that it is a fully-fledged solution. I don't need to buy any complementary products, everything comes in one box.

I would like to see an improvement in their threat exchange database because the OTX is not the best thing in the marketplace. There are better solutions. So if they could enhance our feature development, it would make the product much better. 

For me, the user interface is very important, because the simpler the user interface is, the easier it is to find candidates to run the operation. If the user interface is very complicated, you need to expose your technical people to very intensive training in order to understand the system and to get the output right. So, from a user perspective, I would say the simpler the user interface, the better the product, especially for security issues. You need to let your tech people concentrate on the incident rather than on how to use the software to get the answer.

Lastly, if technical issues could be resolved faster, it would be a huge improvement. 

This solution is about 90% stable. I do have a problem with vulnerability.

It's a very scalable product. I will say it is 100% scalable. It is currently managing the entire security of the firm, but it's managed by four members of our staff because it's a 24/7 operation. Three of them work shifts, and one of them is the supervisor. 

I will give their technical support 80%. Although I am not completely satisfied, their response is good. I give their response 100% because whenever you open a ticket, you get communication on the spot. But sometimes it takes very long for your issue to get resolved. And that's why I'm only giving them 80%.

We also used IBM QRadar before, but we did not get proper support and that's why we switched to AlienVault. 

The initial setup was rather complex and it took us about a day to finalize everything. When we did the deployment, we had some support from AlienVault. And eventually, when we installed it for our customers, our technical team did it by themselves. They didn't require any kind of support from AlienVault.

The price was good and it matched out budget at that stage.

We looked at ArcSight as an option at the beginning, but the pricing was not what we were looking for. And we don't have the proper channel to sell ArcSight in Egypt. That's why we decided to go to AlienVault.

If anybody asked me if am I happy with AlienVault, I would say that it is a very good product. Frankly speaking, if anybody asked me about QRadar or ArcSight I will say the same, but it requires lots of training and you need to have a source for the product and for the pricing, otherwise, you will end up paying an enormous amount of money.

With AlienVault you get everything in one box. I will rate this product an eight out of ten.

The solution needs more integration with cyber intelligence systems. 

Our customers want to use a single tool for managing cybersecurity. We want integration with existing tools and integration with newer tools that offer the ability to manage or to identify security vulnerabilities in a gateway system or firewall. Basically, we want the solution to offer configuration management. 

I would want it to be integrated with lasting search, in terms that it could gather a lot of intelligence and dump it into the database. Also, it would be useful if we were able to run analytics on the solution. If they can integrate it with an analytic function it would be better.

I haven't had time to compare the stability to other solutions, but for our purposes it's okay.

You need to pay for technical support, but I didn't pay for it, so I can't say much about it. The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online.

The initial setup was straightforward. 

There wasn't any complexity. The only issue we had was when we installed it on a virtual layer. We found a way around it, however. It was the open-source virtualization that gave us trouble. There was a workaround and we applied it and it was okay.

The solution is open-source. You need to pay for support if you want it.

We use the on-premises deployment model.

We have a small setup. It's an environment that supports only about 20 users, so, it's not really a complex setup.

I would give the solution a rating of seven out of ten. I believe if I paid for the support I'd get a higher quality of software and other additional functionalities.

I primarily use the solution for log collection.

AlienVault sometimes works like an appendix. It's not accurate in most cases, but we use an agent like WinCollect to collect logs. We collate the information. The solution is fast-acting when it comes to collecting the logs, and for all the inter-process work.

The log collection is okay, but tracing the logs or tracing the events is a bit difficult. It's not user-friendly. A user must be an expert and must know how to give the logs, how to configure the system, etc. He has to be an expert on this product.

The user interface needs to be friendlier across the board. Also, I would prefer if the kill chain scenario with every event was not stacked. I need to be able to do an SQL query and figure out where the event came from and tag to the source and destination. I cannot see this easily as it is right now.

The solution is very stable. Compared to Qradar and Splunk, it's very stable.

I've never had to use technical support.

I previously used QRadar and Splunk.

I'm not sure how difficult the initial setup was, but it did take a very long time to implement.

The solution is open-source, so there are no licensing costs.

I've used this for a small environment, and it was amazing. I'm currently converting to QRadar now because I am expanding. I am handling more than 30,000 events per second. I can't use Alien Vault, as it's too high a threshold.

I do recommend the solution, however, for those with small environments that don't handle as many events. It works great for anything under 1,000 events per second.

I would rate the solution eight out of ten.

I use it for monitoring. I use it for getting alerts on various malicious activities, if there are such on my network. I'm using the free version of this product, OSSIM.

As a media company, we follow MPAA, which is a set of controls for media businesses. The other set of compliance that we follow is DPP. We use AlienVault to comply to their standards.

We have various media organizations from which we get data into our network and then it goes out. If you put any control, any device, or anything to sense the traffic, it will say that it's malicious traffic, because of the nature of most of the traffic that we generate. We usually upload or download TV shows or films, they go in and out. The same size of IP packets increase because of the kind of transfer that we do.

In addition to that, we also are into broadcasting. We send the data to broadcasting stations, and from there it gets broadcasted on air.

It has really helped find critical vulnerabilities in our network at times. There was a brute force attack, a web attack, and I was able to discover that using AlienVault. There was a WannaCry in one of my systems, a trojan, and it was generating traffic towards the WannaCry domain. I was able to see that through the AlienVault system. It was not immediate. It was after almost three days that I was able to discover that there was a vulnerability within our network.

The threat alerts it gives me from time to time on harmful code within the network, or if it is generating any network traffic, are very useful. However, it takes some time. It does not give me a prompt response for any such traffic. It takes time to get that alert from the AlienVault system.

I'm using it for discovering assets every day. If there are any changes in my network, I give it additional subnets which have been added. It adds all the assets to my dashboard.

I find it very useful when it is for a small or mid-size enterprise. The problem I see in this product is that it is not meant for a large business or for managing critical business services.

AlienVault-like products are not meant for businesses like the banking sector or insurance and places that require strong regulatory compliance, in my experience, because of delays in response. And sometimes it is very complicated to configure this for specific requirements. Writing APIs, etc. takes time. On the other hand, if you look into other products in the market, it's easy to write APIs or integrate them with other database services or middleware and your application layer services, and get the alerts.

It does not help me to respond to the threats all the time. That's why we are also working with Splunk. Splunk is used by one of our service providers and we can directly ask them to use Splunk instead of any other SIEM solutions.

I find it to be stable. That's why I'm using it. Given that it's free of cost, whatever it gives us is more than enough.

I haven't explored scalability very much but the scalability is open. It's scalable up to a level where we can manage a mid-size business. As I said earlier, it is not suitable for the banking sector at all, because they require stringent controls and monitoring, real-time monitoring, which this tool doesn't have; at least, I haven't seen it. Perhaps it's my bad that I haven't seen this tool give me a proper response, on time. It takes time for it to give a response.

I've used and evaluated QRadar vs AlientVault very extensively - I was working with IBM. I used it for ten years. I used and have compared ArcSight vs AlienVault as well, at my previous organization. At that organization, I also deployed AlienVault because I am comfortable with AlienVault.

Those competitors to AlienVault are very user-friendly, their interfaces are very user-friendly. They have multiple options such as generating reports and getting immediate alerts.

If somebody changes the privileges in the system or some code changes the privileges in the system, AlienVault is lacking there. Machine-learning and artificial intelligence are things that AlienVault should explore. If those were added to it, no product could replace it.

My setup is very complex. The network is segmented and configured differently for different customers.

The initial deployment started around two years ago. It took around one-and-a-half years to make this product stable and to talk to each and every device in my network and give me some sort of report which would actually give me the right posture of my security status. I did the complete deployment myself.

The implementation strategy was there and that's why it took a long time. We were also engaged in other business activities, so it took a long time to make this into a proper deployment.

We didn't have any third-parties involved. It was all mine. I started with the web, through YouTube, through various other social media, and a couple of people who used it earlier. I now have several years of experience. That has helped me a lot in getting this deployed.

There is a financial value. It's giving me some value and I've already had a good amount of results on AlienVault products. I deployed it at multiple stations, three or four cities in India, two in the US, and one in the UK. I have deployed it widely because I find that it gives value for money. If I got the paid version at the right cost, I think it would be the best product available in the market for a business like ours.

A product like Splunk will squeeze you for money if you ask them to provide similar services. So I find this solution very useful in that sense.

AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny. I have advised multiple friends of mine, those who are into the security arena, to go for AlienVault. It's not like your IBM, your QRadar, or Splunk, where the cost is too high.

If your network is flat, if it is not that complicated, then you should go for it. I'm using it free of cost, so I'm very happy with AlienVault.

I'm the only one who's controlling it. I have a team of five. They are my soft team. They monitor all the alerts 24/7. It takes a team of five to maintain it. I lead the security section and among the other five, two are network specialists and three are system administrators.

We use the product for user analysis and network visibility. 

AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations. 

AlienVault OSSIM is costly. 

I have been working with the solution for more than a year. 

The solution is stable. 

The product is scalable. 

The tool's installation is straightforward. 

The tool's licensing costs are yearly. 

I rate AlienVault OSSIM an eight out of ten. 

I use the solution in my company. The product is majorly used for threat detection of the agents on servers and endpoints. We use Elasticsearch's dashboard. Whenever we check the traffic routing, events, alarms and notification, we also have the dashboard from Elasticsearch that helps us put them in a mode category.

Honestly, I don't know what can be improved in the product. I am trying to get a comparison between AlienVault OSSIM and the other solutions in the market. AlienVault OSSIM failed to provide our company a full insight, while also giving out a lot of false positives. The tool has certain areas where improvements are required.

I have been using AlienVault OSSIM for two years. I am a user of the solution.

Stability-wise, I rate the solution a three to four out of ten.

I did not use the solution's technical support.

I work with Wazuh and Nutanix, but before AlienVault OSSIM, I have not worked with other products.

I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log.

I am checking out to see if there are other better solutions in the market that can give me what I want because I need to sell them to other customers. I work with Wazuh myself, but I am looking at other products to figure out which ones are better if I want to start out with something new. I am making a comparison of SIEM, SOAR, and SOC solutions to see which one is better and what the advantages or the pros and cons of each of the tools in the market are. If the customer says that the price is his or her problem, I know which product to offer them.

I have not had a good experience with AlienVault OSSIM.

To be able to support our company's compliance efforts, I got to add Elasticsearch to ensure that we get the maximum results from the solution. We have broken down AlienVault and Elasticsearch and moved to Securonix.

I have used the tool's SIEM component.

I have not really used the product's integration capabilities, especially since I remember that we had faced some challenges with them in the past.

I rate the tool a five out of ten.

The primary use case is threat detection. We have configured various rules to monitor the environment for any suspicious activity.

Collecting logs can sometimes be tedious, especially compared to my experience with Microsoft Sentinel.

I suggest more in-built rules based on modern threats and environments to make it a more competitive solution.

I have been using AlienVault OSSIM for six months.

I find the overall threat intelligence feature robust and the asset grouping feature, allows us to correlate events with entire asset groups.

It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries.

The asset discovery functionality, once set up, automatically identifies all devices on the network. It aids compliance efforts and helps us understand the network's device landscape.

While integration is possible with other tools like EDR and Cisco Office 365 Defender ATP, it is not as fast or easy as integrating with Microsoft products.

I recommend it, particularly for medium to large companies with complex IT infrastructures.

Overall, I rate the product an eight out of ten.