Try our new research platform with insights from 80,000+ expert users

AlienVault OSSIM vs ArcSight Intelligence comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
7.4
Reviews Sentiment
7.1
Number of Reviews
31
Ranking in other categories
No ranking in other categories
ArcSight Intelligence
Ranking in Security Information and Event Management (SIEM)
39th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
5
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
 

Mindshare comparison

As of May 2025, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 3.7%, down from 3.8% compared to the previous year. The mindshare of ArcSight Intelligence is 0.3%, down from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Aman Aijaz - PeerSpot reviewer
An easy-to-scale open-source solution used for monitoring events on devices
The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.
Pravir KumarSinha - PeerSpot reviewer
Has essential threat detection capabilities, but the features for intelligence need enhancement
We integrated this tool with our security infrastructure. We installed it on a Linux server, where we have a Logger and ESM installed. With the Linux server as the hub, we manage all the configurations and rules, including those for email triggers. The logs are routed through a connector to the Logger, allowing us to monitor our infrastructure effectively. The platform helps us improve threat detection capabilities. I recommend it to others and rate it a seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has helped us remediate threats in the past by providing significant events that assisted in identifying suspicious activities, such as logins from multiple countries."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The initial setup was straightforward. I didn't have any problems."
"The paid version of the solution has reporting and better scalability options."
"The initial setup is straightforward."
"The solution is free to use."
"Better than other SIEM solutions because almost everything can be integrated."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The platform helps us improve threat detection capabilities."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The product has a valuable interface."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
 

Cons

"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale."
"There are somewhat more false positives with the user behavior analytics, which could benefit from an additional machine learning model to detect user patterns more rapidly."
"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."
"Sometimes technical issues take very long to get resolved."
"Lacking in depth of reporting."
"The documentation could be improved."
"We need more dashboards and we need more customization for dashboards."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"The dashboard is not user-friendly and is in black and white."
"We haven't found the product fully scalable."
"ArcSight Intelligence's pricing needs improvement."
 

Pricing and Cost Advice

"AlienVault OSSIM is an open-source solution."
"AlienVault OSSIM is free."
"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."
"OSSIM is free."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
"I used the paid version of the tool and found it to be expensive. It has been a while since I changed to Securonix. I will have to check whether AlienVault charges per device, user, or log."
"The solution is expensive and only suitable for enterprise environments."
"It is an expensive platform."
"They offer perpetual licenses for the product."
"ArcSight Intelligence is an expensive solution."
"Its price is average and not very high. Splunk might be a bit cheaper than this. Its licensing is on a monthly basis."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
850,491 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Comms Service Provider
11%
Financial Services Firm
9%
University
8%
Government
20%
Computer Software Company
17%
Financial Services Firm
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for AlienVault OSSIM?
It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...
What needs improvement with AlienVault OSSIM?
Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...
What do you like most about ArcSight Interset / Intelligence?
The platform helps us improve threat detection capabilities.
What needs improvement with ArcSight Interset / Intelligence?
The product could be improved in several areas; it currently requires significant enhancement. Compared to QRadar and Splunk, ArcSight Intelligence falls behind, placing it as the third choice amon...
 

Also Known As

OSSIM
ArcSight Interset / Intelligence, FileTrek, Interset UEBA, Micro Focus Interset UEBA, Micro Focus Interset, ArcSight Interset
 

Overview

 

Sample Customers

Council Rock School District
Accuvant, Splunk Inc., NuTech, Box, rSolutions, Voodoo Technology Limited
Find out what your peers are saying about AlienVault OSSIM vs. ArcSight Intelligence and other solutions. Updated: April 2025.
850,491 professionals have used our research since 2012.