We performed a comparison between AlienVault OSSIM and Logpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The automation feature is valuable."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The solution is free to use."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"Better than other SIEM solutions because almost everything can be integrated."
"AlienVault OSSIM's GUI is very user-friendly."
"The product is easy to use."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"They basically charge you in a better way."
"The product is easy to use."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"Log collection, dashboards and reporting are good."
"Technical support is responsive and very friendly."
"The search feature is valuable. The dashboards are also valuable for our bosses. Another valuable feature, which is the main feature of the product, is the centralization of all the logs."
"It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline."
"The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report."
"I would like to see more AI used in processes."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"GUI could be improved."
"Sometimes technical issues take very long to get resolved."
"The user interface needs to be friendlier across the board."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"I don't like to work on OSSIM because it is unpredictable."
"Lacking in depth of reporting."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"Sometimes, the product is not stable."
"Log management could be better because transporting the log from a password to the client system takes time."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"Dashboards could be developed further."
"Nowadays the trend is going towards the ransomware and the endpoint detection and response. So if they added something for that, that will be very, very good."
"The interface needs things like wizards that will assist with creating complex correlation rules."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"Logpoint is not flexible. Its documentation is not user-friendly."
AlienVault OSSIM is ranked 16th in Security Information and Event Management (SIEM) with 26 reviews while Logpoint is ranked 14th in Security Information and Event Management (SIEM) with 20 reviews. AlienVault OSSIM is rated 7.4, while Logpoint is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, LogRhythm SIEM and Logsign Next-Gen SIEM. See our AlienVault OSSIM vs. Logpoint report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.