• Home
  • AlienVault OSSIM vs. Microsoft Defender XDR

AlienVault OSSIM vs Microsoft Defender XDR comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
AT&T Logo

AlienVault OSSIM

Read 26 AlienVault OSSIM reviews
7,457 views|4,008 comparisons
76% willing to recommend
Microsoft Logo

Microsoft Defender XDR

Read 76 Microsoft Defender XDR reviews
5,744 views|4,276 comparisons
98% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
AlienVault OSSIM vs. Microsoft Defender XDR
May 2023
Executive Summary

We performed a comparison between AlienVault OSSIM and Microsoft Defender XDR based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AlienVault OSSIM vs. Microsoft Defender XDR Report (Updated: May 2023).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
Sachin Paul
Makes data integration very easy for our SOC
It enables data integration within our hybrid, multi-cloud environment, and it makes this data integration very easy for our security operations... Read more →
Aman Aijaz
An easy-to-scale open-source solution used for monitoring events on devices
This may not be a feature. It is something like how you configure and how you analyze it. But since it's open-source, I'm talking more about this.... Read more →
Eyad Abounada.
The solution's timeline feature helps you track and investigate incidents
Defender XDR has helped a lot in terms of capturing all kinds of activities happening on the endpoints where it is. If you want to know what... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc.""It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions.""I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily.""Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.""It's pretty powerful and its performance is pretty good.""Sentinel pricing is good""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources.""The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."

More Microsoft Sentinel Pros →

"The initial setup was straightforward. I didn't have any problems.""The most valuable features of this solution are the data correlation and vulnerability assessment.""The solution is very stable. Compared to Qradar and Splunk, it's very stable.""The paid version of the solution has reporting and better scalability options.""The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation.""The product is easy to use.""The most valuable feature is the logging capability.""OSSIM is the only solution that includes the large number of modules that we need: a vulnerability scanner, a network IDS system, a host IDS system."

More AlienVault OSSIM Pros →

"The most valuable feature is the network security.""From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave.""The summarization of emails is a valuable feature.""The EDR and the way it automatically responds to ransomware and other attacks are valuable features.""It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done...""The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it.""We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us.""Advanced hunting is good. I like that. We can drill down to lots of details."

More Microsoft Defender XDR Pros →

Cons
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.""The solution could improve the playbooks.""Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft.""Sentinel's reporting is complex and can be more user-friendly.""I think the number one area of improvement for Sentinel would be the cost.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear.""We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."

More Microsoft Sentinel Cons →

"The documentation could be improved.""AlienVault OSSIM should improve the deployment and make it unified like the USM.""AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base.""When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration.""The solution needs more integration with cyber intelligence systems.""The price of this solution is very high and it could be cheaper.""AlienVault OSSIM gives unwanted notifications.""They can add more compliance templates."

More AlienVault OSSIM Cons →

"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things.""Advanced attacks could use an improvement.""The mobile app support for Android and iOS is difficult and needs improvement.""The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging.""One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions.""The tool gives inconsistent answers and crashes a lot.""The solution does not offer a unified response and standard data.""It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."

More Microsoft Defender XDR Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "AlienVault pricing is the best. Whatever cost you are paying, you are getting a return on every penny... It's not like your IBM, your QRadar, or Splunk, where the cost is too high."
  • "The solution is open source, so it's free to use."
  • "OSSIM is free."
  • "The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
  • "AlienVault OSSIM is free."
  • "We are using the community version, which can be used for free."
  • "We are using a free version of the solution. If you purchase a license there are more features available but the price is a little high. The solution should be cheaper to allow more customers to be able to afford it."
  • "The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."

    • More AlienVault OSSIM Pricing and Cost Advice →

  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

    • More Microsoft Defender XDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about AlienVault OSSIM?
    Top Answer:The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify… more »
    Read all 25 answers   →
    What is your experience regarding pricing and costs for AlienVault OSSIM?
    Top Answer:AlienVault OSSIM is expensive compared to its competitors.
    Read all 20 answers   →
    What needs improvement with AlienVault OSSIM?
    Top Answer:AlienVault OSSIM gives unwanted notifications.
    Read all 25 answers   →
    What do you like most about Microsoft 365 Defender?
    Top Answer:I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an… more »
    Read all 38 answers   →
    What is your experience regarding pricing and costs for Microsoft 365 Def...
    Top Answer:While Microsoft Defender XDR carries a higher cost, its ease of use compared to Defender may justify the investment.
    Read all 29 answers   →
    What needs improvement with Microsoft 365 Defender?
    Top Answer:Defender XDR has good threat visibility, but it could be better in some areas, like when we are hunting for a specific… more »
    Read all 37 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    OSSIM
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    Learn More
    Microsoft
    AT&T
    Microsoft
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Council Rock School District
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Insurance Company14%
    Computer Software Company14%
    Media Company7%
    Recreational Facilities/Services Company7%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm8%
    Comms Service Provider8%
    Government8%
    REVIEWERS
    Manufacturing Company19%
    Computer Software Company14%
    Government11%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business52%
    Midsize Enterprise29%
    Large Enterprise19%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise20%
    Large Enterprise51%
    REVIEWERS
    Small Business44%
    Midsize Enterprise23%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    Buyer's Guide
    AlienVault OSSIM vs. Microsoft Defender XDR
    May 2023
    Free Report: AlienVault OSSIM vs. Microsoft Defender XDR
    Find out what your peers are saying about AlienVault OSSIM vs. Microsoft Defender XDR and other solutions. Updated: May 2023.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Microsoft Defender XDR is ranked 6th in Extended Detection and Response (XDR) with 76 reviews. AlienVault OSSIM is rated 7.4, while Microsoft Defender XDR is rated 8.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and LogRhythm SIEM, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Intune. See our AlienVault OSSIM vs. Microsoft Defender XDR report.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.