No more typing reviews! Try our Samantha, our new voice AI agent.

AlienVault OSSIM vs Cortex XSIAM comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
26th
Average Rating
7.4
Reviews Sentiment
7.1
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Cortex XSIAM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
16
Ranking in other categories
Identity Threat Detection and Response (ITDR) (6th), AI-Powered Cybersecurity Platforms (7th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of AlienVault OSSIM is 1.2%, down from 3.4% compared to the previous year. The mindshare of Cortex XSIAM is 1.7%, down from 2.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Cortex XSIAM1.7%
AlienVault OSSIM1.2%
Other97.1%
Security Information and Event Management (SIEM)
 

Featured Reviews

BP
Independent Contractor at a comms service provider with 5,001-10,000 employees
Enables cost-effective security management for small businesses
Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implementation. The main area where the AlienVault product was lacking around the 2018 timeframe was in its ability to scale. By pushing it to a cloud-based system, they've largely alleviated scale issues. It's native in Amazon but will also run in Azure. They have worked with cloud service providers to offer enough throughput at a cost reasonable for a corporation. Scaling was their biggest problem, and they've largely conquered those issues.
reviewer2541030 - PeerSpot reviewer
Cybersecurity Architect at a computer software company with 10,001+ employees
Unified security monitoring has simplified incident response and improved automated threat handling
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually very in-depth. I mean, you can do most of the things and a lot of integration that you actually want. So if I want to choose to send things to WildFire, for example, I can choose to send it, I can choose to not send it. This basically offers flexibility to implement Cortex XSIAM in more standardized places where you maybe have a certification. I would say that the thing that maybe needs a bit more improvement is the fact that the one with the firewall because I have seen some things there that are kind of hard to manage. You do not really have a very easy way to manage those, unless you actually know where you have put them. So it is very inflexible. In the rest, you have a lot of playbooks that you can do and you can do lots of automation, which is actually easy to manage from what I have seen from my colleagues.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Technical support is excellent; they are very helpful and responsive."
"Network traffic analysis is highly efficient."
"I recommend it due to the experience of the people running it."
"The initial setup is straightforward."
"The most valuable feature is the logging capability."
"The dashboard is the solution's most valuable aspect; it brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on," and the solution works well and allows me to have visibility into anomalous events."
"Asset discovery is good."
"What I like about this product, is that it is a fully-fledged solution."
"The advanced visualization capabilities of the product are important for understanding security trends in an organization."
"The most valuable aspect is that Cortex XSIAM doesn't generate excessive alerts, refines all search results effectively, and filters out incidents where SOC intervention isn't necessary, allowing engineers to focus only on what matters."
"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."
"For me, to have Cortex XSIAM available is to basically have integration of all log sources, all alerting, and so on and so forth from firewalls and different tools, to get everything in one place, and afterwards to be able to build on the information that is coming."
"Since implementing Cortex XSIAM, incident response times have been significantly reduced by approximately twenty percent."
"The most valuable feature is the integration capability."
"The way the solution responds to detections and warnings is really impressive."
"Its ability to deliver a substantial amount of security intelligence greatly enhances and optimizes our security operations program."
 

Cons

"It's so hard to configure and explore something new on it. It is not easy to find the steps we need to follow in order to use the solution effectively."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"Sometimes it takes very long for your issue to get resolved."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"The user interface could be improved."
"ArcSight works better than AlienVault right now."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports."
"At the beginning, we experienced some difficulties setting up the product with connectivity and infrastructure, but ultimately it functioned really effectively."
"It could provide more integration with a large variety of products."
"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."
"The support could be a bit faster."
"I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."
"I would say that the thing that maybe needs a bit more improvement is the firewall because I have seen some things there that are kind of hard to manage."
"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."
 

Pricing and Cost Advice

"When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price structure. If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current pricing of Microsoft Sentinel."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"AlienVault OSSIM is expensive compared to its competitors."
"AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
"We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
"The tool's licensing costs are yearly."
"We are using the community version, which can be used for free."
"OSSIM is open source, and USM is the paid license. So, if you want, you can switch to USM. There you will have to buy a license, and they have a support team that helps you out on issues you face."
"The solution comes at a significant cost."
"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."
"The solution is expensive compared to its competitors."
"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."
"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Comms Service Provider
14%
Financial Services Firm
8%
Computer Software Company
8%
Manufacturing Company
7%
Computer Software Company
12%
Manufacturing Company
10%
Financial Services Firm
9%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business18
Midsize Enterprise9
Large Enterprise8
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise5
 

Questions from the Community

What is your experience regarding pricing and costs for AlienVault OSSIM?
It depends. I would need to review their cost models, but generally, they are on a scaled basis based on throughput usage. Because it's a software as a service solution for their core product for U...
What needs improvement with AlienVault OSSIM?
Scaling for USM is always challenging for any product unless it is purpose-built or overbuilt at the front end. They will use Palo Alto and its competitors, and LevelBlue will manage that implement...
What is your primary use case for AlienVault OSSIM?
This solution is very similar to most of the other MSSPs that you would find out there. When I look at use cases, AlienVault was initially aimed at small to medium businesses. It grew, and that was...
What is your experience regarding pricing and costs for Cortex XSIAM?
I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.
What needs improvement with Cortex XSIAM?
The firewall side can make some improvements. I know the firewall on Cortex XSIAM is based on Windows. From what I have experienced so far, I have seen that the policies you can create are actually...
 

Also Known As

OSSIM
No data available
 

Overview

 

Sample Customers

Council Rock School District
Information Not Available
Find out what your peers are saying about AlienVault OSSIM vs. Cortex XSIAM and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.