We performed a comparison between AlienVault OSSIM and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"It has a lot of great features."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The threat alerts it gives me from time to time on harmful code within the network, or if they are generating any network traffic, are very useful."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The most valuable feature is the logging capability."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"The features I found valuable with the Sumo Logic Security solution are the search option and the ability to customize the search for the information in the logs."
"We can integrate threat intelligence solutions into the product."
"It helps a lot because we can troubleshoot issues pretty easily."
"We are able to diagnose problems before our customers."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"The solution is quite stable."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We'd like also a better ticketing system, which is older."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Lacking in depth of reporting."
"The documentation could be improved."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"We need more dashboards and we need more customization for dashboards."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"Sometimes technical issues take very long to get resolved."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"There are some API gaps that are missing."
"The initial setup is the most stressful, like learning how to use it."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"The integration with multiple sources could be better."
"The solution should improve its UI."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. AlienVault OSSIM is rated 7.4, while Sumo Logic Security is rated 8.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Grafana Loki. See our AlienVault OSSIM vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.