We performed a comparison between AlienVault OSSIM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We have no complaints about the features or functionality."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The solution is free to use."
"The paid version of the solution has reporting and better scalability options."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"You can customize the dashboards as well as the reporting."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The initial setup is straightforward."
"The most valuable features are the threat prediction and network forensics."
"The most valuable features are the integration and ease of use."
"Their technical support responds quickly and are knowledgable."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The newer 11.5 version that my team is using has found it to have good mapping."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The AI capabilities must be improved."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Sentinel's reporting is complex and can be more user-friendly."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The correlation engine needs to be improved."
"I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."
"They can add more compliance templates."
"The user interface could be improved."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"It's so hard to configure and explore something new on it."
"The user interface needs to be friendlier across the board."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The user interface is a little bit difficult for new users and it needs to be improved."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"Health monitoring of the event sources and devices."
"We have encountered issues with unresolved crashes."
"The tool's integration capability isn't so great."
"The initial setup is complex. There are other solutions that are easier to implement."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. AlienVault OSSIM is rated 7.4, while NetWitness Platform is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our AlienVault OSSIM vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.