AlienVault OSSIM vs Wazuh comparison


Comparison Buyer's Guide

Executive SummaryUpdated on Mar 6, 2024

Categories and Ranking

AlienVault OSSIM
Ranking in Security Information and Event Management (SIEM)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories
Ranking in Security Information and Event Management (SIEM)
Average Rating
Number of Reviews
Ranking in other categories
Log Management (2nd), Extended Detection and Response (XDR) (3rd)

Market share comparison

As of June 2024, in the Security Information and Event Management (SIEM) category, the market share of AlienVault OSSIM is 1.0% and it decreased by 60.4% compared to the previous year. The market share of Wazuh is 26.3% and it increased by 84.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
No other categories found
Log Management
Extended Detection and Response (XDR)

Featured Reviews

Aman Aijaz - PeerSpot reviewer
Jun 28, 2023
An easy-to-scale open-source solution used for monitoring events on devices
The area for improvement is a lot. When I started using it on our enterprise side, the issue we faced was, for example, if we were running at that time on AlienVault OSSIM v5.7.4. So, for some orders, we had to install some packages, and when we tried installing that package, some dependencies got upgraded to a new version. Now once that dependency got upgraded, the SQL, since you might be aware that OSSIM uses SQL database, now SQL and all the dependency in everything was not on the same version, and that caused the database to crash. The aforementioned area should be eased out by upgrading the patches and upgrading dependencies. This kind of thing is a disadvantage of OSSIM, and I would like them to work on this. But I have also raised service requests many times and gave it a push on the community section too. However, since it is a local source, they don't reply much over there. That is why I don't like to work on OSSIM because it is unpredictable. Once the storage goes above 50 percent, it starts behaving unpredictably. If you get stuck with a situation, then you need to drill a lockdown into that. Sometimes you get no luck. Then you have to just reimage the server with the new fresh OS of AlienVault. As for additional features, not much because if you move to the newer version, it is kind of getting more stable. But, to make my life easier, then I would say try to give more features. I know it's open source, so they also cannot provide me with more features. But still, if they can provide me with more features because right now it's becoming old. Right now, we are even moving from SIEM to Security Data Lake. So when we move to it, this will be literally outdated. No one can even expect anything out of it. The way security is moving, it will be outdated very soon. They have to also provide something new to keep this going for the future also.
Jun 15, 2023
Good for file integrity monitoring
There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation."
"You can customize the dashboards as well as the reporting."
"The product is easy to use."
"Better than other SIEM solutions because almost everything can be integrated."
"Asset discovery is good."
"AlienVault OSSIM is an enterprise solution that sells easily. It is rated highly by organizations."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"Its cost-effectiveness is the most valuable aspect."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"If they support a solution, it is easy to do an integration."
"It has efficient SCA capabilities."


"We need more dashboards and we need more customization for dashboards."
"The solution needs more integration with cyber intelligence systems."
"The price of this solution is very high and it could be cheaper."
"AlienVault OSSIM could improve by having better integration with some of the newer tools."
"Lacking in depth of reporting."
"The user interface could be improved."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"I suggest more in-built rules based on modern threats and environments to make it a more competitive solution."
"There could be a hardware monitoring tool for the solution."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"The only challenge we faced with Wazuh was the lack of direct support."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"We would like to see more improvements on the cloud."
"The deployment is a bit complex."
"Wazuh needs more security and features, particularly visualization features and a health monitor."

Pricing and Cost Advice

"AlienVault OSSIM is expensive compared to its competitors."
"AlienVault OSSIM is free."
"The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
"The price of AlienVault OSSIM is too high sometimes for us to present to our customers. The price should be lower. We are on a three-year license to use the solution. We had to pay extra for the support."
"OSSIM is open source, and USM is the paid license. So, if you want, you can switch to USM. There you will have to buy a license, and they have a support team that helps you out on issues you face."
"The solution is open source, so it's free to use."
"AlienVault OSSIM is an open-source solution."
"We are using the community version, which can be used for free."
"They have a good pricing strategy for market expansion."
"It is a cost-effective solution."
"The current pricing is open source."
"Wazuh is a cheaply priced product."
"The solution's cost is above the average."
"Wazuh is not an expensive solution."
"My client uses the open-source version of Wazuh."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
787,560 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Comms Service Provider
Computer Software Company
Comms Service Provider
Financial Services Firm

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What needs improvement with AlienVault OSSIM?
The log management could be improved because of the open source. In the configuration of AlienVault OSSIM, users can determine backup frequency, retention policies, and other settings. There is a l...
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating mu...
What is your primary use case for Wazuh?
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Also Known As

No data available

Learn More




Sample Customers

Council Rock School District
Information Not Available
Find out what your peers are saying about AlienVault OSSIM vs. Wazuh and other solutions. Updated: June 2024.
787,560 professionals have used our research since 2012.