We performed a comparison between AlienVault OSSIM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI of Sentinel is very good and easy to use, even for beginners."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"We have no complaints about the features or functionality."
"Sentinel pricing is good"
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The initial setup is straightforward."
"You can customize the dashboards as well as the reporting."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The solution is free to use."
"Better than other SIEM solutions because almost everything can be integrated."
"The product is easy to use."
"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
"This solution integrates easily and very well with other technologies."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"I like the ease of deployment."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"It can be easily deployed with the other solutions."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"The price of this solution is very high and it could be cheaper."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version. Additionally, they should add integration between several different environments at once and improve their online knowledge base."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"AlienVault OSSIM is costly."
"It's so hard to configure and explore something new on it."
"The support from McAfee ESM could improve. They could improve the speed."
"We cannot add new data sources to the most recent version."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"I would like to see fingerprint recognition included in the next release of this solution."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"There's no software support from McAfee."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. AlienVault OSSIM is rated 7.4, while Trellix ESM is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our AlienVault OSSIM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.