We compared AlienVault OSSIM and Wazuh based on our user's reviews in several parameters.
According to user reviews, AlienVault OSSIM is praised for its comprehensive threat detection, real-time monitoring, and strong asset management capabilities, while Wazuh is highlighted for its advanced threat detection, seamless integration with other tools, and easy installation process. AlienVault OSSIM users appreciate the customer service and pricing structure, while Wazuh users value the customer support and flexible licensing options. However, AlienVault OSSIM users desire improvements in the user interface and documentation, while Wazuh users suggest enhancements in system resource consumption. Overall, both products offer positive ROI and efficient security monitoring capabilities.
Features: AlienVault OSSIM stands out for its comprehensive threat detection and strong asset management capabilities. On the other hand, Wazuh is known for its advanced threat detection, efficient log analysis, and flexibility in tailoring the solution to specific needs.
Pricing and ROI: AlienVault OSSIM has been positively evaluated for its pricing, setup cost, and licensing. Users find the pricing structure reasonable and affordable. The setup process is straightforward and requires minimal effort. AlienVault OSSIM offers flexible licensing options. In comparison, Wazuh is also considered cost-effective with reasonable pricing options. The setup cost is hassle-free and the licensing is customizable., AlienVault OSSIM has been praised for its valuable and efficient security monitoring capabilities, cost-effectiveness, and ability to address security threats effectively. On the other hand, Wazuh users have reported various benefits and advantages from using the product.
Room for Improvement: Users have identified room for improvement in both AlienVault OSSIM and Wazuh. AlienVault OSSIM needs enhancements in user interface, documentation, support, customization, and integration capabilities. Wazuh could benefit from improvements in interface, documentation, configuration options, and system resource consumption.
Deployment and customer support: The reviews for AlienVault OSSIM highlight varying timeframes for the different phases of establishing a new tech solution. Some users took three months for deployment and an additional week for setup, while others only needed a week for both. In contrast, the reviews for Wazuh emphasize the importance of considering both deployment and setup timeframes. Some users spent three months on deployment and a week on setup, while others required a week for both., Customers have expressed positive feedback about the customer service provided by both AlienVault OSSIM and Wazuh. Users appreciate the helpful and responsive team of AlienVault OSSIM, while Wazuh's customer service is commended for their knowledge, efficiency, and helpfulness.
The summary above is based on 41 interviews we conducted recently with AlienVault OSSIM and Wazuh users. To access the review's full transcripts, download our report.
"Sentinel pricing is good"
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It's pretty powerful and its performance is pretty good."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The Log analytics are useful."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"The most valuable features of this solution are the data correlation and vulnerability assessment."
"The open vault component and the checking of vulnerabilities are the most valuable features. The page management helps with this. If you know how your device is vulnerable at least you can do something about it."
"The paid version of the solution has reporting and better scalability options."
"Better than other SIEM solutions because almost everything can be integrated."
"The solution has a very good open source community, and whenever we have problems, we are always able to resolve it online."
"The solution is free to use."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The deployment is easy and they provide very good documentation."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"The most valuable features are the modules and metrics."
"Good for monitoring, active response, and for vulnerabilities."
"It's stable."
"The main thing I like about it is that it has an EDR."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The playbook is a bit difficult and could be improved."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"GUI could be improved."
"Sometimes technical issues take very long to get resolved."
"It takes some time. It does not give me a prompt response for any such [malicious] traffic. It takes time to get that alert from the AlienVault system."
"The initial setup was a bit complex. You've got to do a lot of reading. It's not an intuitive implementation."
"We need more dashboards and we need more customization for dashboards."
"AlienVault OSSIM is costly."
"The price of this solution is very high and it could be cheaper."
"The computing resources are consuming and do not make sense."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Its configuration process is time-consuming."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"The tool does not provide CTI to monitor darknet."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 26 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. AlienVault OSSIM is rated 7.4, while Wazuh is rated 7.4. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". AlienVault OSSIM is most compared with Elastic Security, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, Graylog and Fortinet FortiAnalyzer. See our AlienVault OSSIM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.