We performed a comparison between AlienVault OSSIM and ClearSkies SaaS NG SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The main benefit is the ease of integration."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The pricing of the product is excellent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Better than other SIEM solutions because almost everything can be integrated."
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The paid version of the solution has reporting and better scalability options."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The correlation rules and the user platform are most valuable."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We are invoiced according to the amount of data generated within each log."
"The playbook is a bit difficult and could be improved."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"It's so hard to configure and explore something new on it."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"AlienVault OSSIM gives unwanted notifications."
"The solution needs more integration with cyber intelligence systems."
"The incidence reporting could be better."
"GUI could be improved."
"The user interface could be improved."
"They can add behavior analytics and AI or machine learning technology. They also improve their correlation engine. In addition to collecting logs from devices, they can collect the traffic and then correlate these logs and the traffic information."
Earn 20 points
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while ClearSkies SaaS NG SIEM is ranked 58th in Security Information and Event Management (SIEM). AlienVault OSSIM is rated 7.4, while ClearSkies SaaS NG SIEM is rated 8.0. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of ClearSkies SaaS NG SIEM writes "Good correlation rules, competitive pricing, and good stability". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas ClearSkies SaaS NG SIEM is most compared with .
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.