We performed a comparison between AlienVault OSSIM and ArcSight Enterprise Security Manager (ESM) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The paid version of the solution has reporting and better scalability options."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"Better than other SIEM solutions because almost everything can be integrated."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The solution is free to use."
"It makes maintenance very easy."
"The solution is pretty stable."
"SmartConnector: Normalization parses raw logs and converts them into CEF (common event format). This is the core of the product."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"We have been satisfied with the support."
"This process has helped to improve our organization because we have centralized the intra-group security equipment logs."
"The most useful features are directories, price, and live reporting."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"The troubleshooting has room for improvement."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"One key area that can be improved is by building a strong integration with our XDR platform."
"The on-prem log sources still require a lot of development."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"The price of this solution is very high and it could be cheaper."
"AlienVault OSSIM is costly."
"I don't like to work on OSSIM because it is unpredictable."
"AlienVault OSSIM gives unwanted notifications."
"We need more dashboards and we need more customization for dashboards."
"The user interface could be improved."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"I am having issues with report generation with older versions. I don't know if this is because of compatibility issues, but report generation has been a little bit difficult in older versions. It is not similar to the newer and current versions. We are looking at moving to the cloud. It would be good if ArcSight ESM can move to the cloud. They already seem to be working on this. It would also be very helpful and great if we can integrate external threat intelligence, machine learning, and AI into this solution. It has good dashboards, but they can always be better. Its stability can also be improved."
"The dashboard looks a bit cumbersome."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"The solution could be more stable."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
AlienVault OSSIM is ranked 16th in Security Information and Event Management (SIEM) with 26 reviews while ArcSight Enterprise Security Manager (ESM) is ranked 11th in Security Information and Event Management (SIEM) with 93 reviews. AlienVault OSSIM is rated 7.4, while ArcSight Enterprise Security Manager (ESM) is rated 7.8. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Elastic Security. See our AlienVault OSSIM vs. ArcSight Enterprise Security Manager (ESM) report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.