Skip to main content
TrustRadius
AlienVault OSSIM

AlienVault OSSIM

Overview

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…

Read more
Recent Reviews

TrustRadius Insights

AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security …
Continue reading
TrustRadius Insights
TrustRadius Insights

Lego block SIEM

6 out of 10
November 24, 2021
Incentivized
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. …
Continue reading
Read all reviews

Popular Features

View all 13 features
  • Centralized event and log data collection (10)
    9.4
    94%
  • Deployment flexibility (11)
    8.2
    82%
  • Event and log normalization/management (11)
    8.1
    81%
  • Correlation (11)
    7.0
    70%
Return to navigation

Pricing

View all pricing
AlienVault OSSIM

AlienVault OSSIM

N/A
Unavailable

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

23 people also want pricing

Alternatives Pricing

AlienVault USM

AlienVault USM

$1,075
per month
What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

InsightIDR

InsightIDR

$5.89
per month per asset
What is InsightIDR?

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

Return to navigation

Product Demos

Archie Webster - AlienVault OSSIM Demo

YouTube

Explore OSSIM - demo HIDS

YouTube

OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.5
Avg 7.8
Return to navigation

Product Details

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM
OSSIM provides the basis for AlienVault's proprietary Unified Security Management (USM) product.

It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault OSSIM Video

AlienVault® USM vs. OSSIM™

AlienVault OSSIM Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(30)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.

The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.

One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.

AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.

Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.

User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.

Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.

Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.

Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.

Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.

Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
February 11, 2020

A dinosaur aging gracefully!

John Keenan | TrustRadius Reviewer
John Keenan
Director of Information Security
Memorial Hospital of Gulfport (Medical Practice, 5001-10,000 employees)
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.
Pros and Cons
  • It integrates with a bunch of different platforms.
  • Collects tons of data from all integrated platforms provided the right level of logging is enabled.
  • The reports are clunky and a bit tedious to parse through.
  • Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.
Likelihood to Recommend
If you want a SIEM and you are a small-to mid-market organization getting security monitoring started, then this is a great SIEM for the money. It comes with a vulnerability scanner. While vulnerability scanners aren't all that expensive, this saves time and money by offering an industry-leading open-source version that enables managers to immediately start vulnerability management programs.
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (5)
70%
7.0
Centralized event and log data collection
80%
8.0
Correlation
70%
7.0
Event and log normalization/management
70%
7.0
Deployment flexibility
60%
6.0
Host and network-based intrusion detection
70%
7.0
Return on Investment
  • OSSIM and the installers didn't really help us optimize at installation. OSSIM went without optimization for almost two years before that fact was noticed. I think this decreased ROI.
  • Finding and researching incidents is much faster with all data available. Sometimes too much data, though.
Alternatives Considered
I liked it but it seemed a bit pricey for our organization at the time in comparison to AlienVault.
Support Rating
7
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
October 15, 2019

AlienVault OSSIM is the bomb!

LK
Laurie Keith
Help Desk Manager
Black Hills Federal Credit Union (Banking, 201-500 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective threat detection, incident response, and compliance management, all done within a single appliance. The analysis is run in the background so we don't have to look at all the threats individually and research them from scratch.
Pros and Cons
  • Threat analysis. It can correlate different events happening to detect a pattern or an attack.
  • Dashboard provides a clean, single location to see what is going on in our environment.
  • Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.
  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Likelihood to Recommend
AlienVault OSSIM is great for organizations that do not have a large staff and cannot afford to dedicate an entire person or group of people to deal with threats and monitoring the environment. The cost is also very reasonable for the amount of functionality of all the features we receive from the product.
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (7)
61.42857142857143%
6.1
Centralized event and log data collection
80%
8.0
Correlation
80%
8.0
Event and log normalization/management
70%
7.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
N/A
N/A
Custom dashboards and workspaces
40%
4.0
Host and network-based intrusion detection
80%
8.0
Return on Investment
  • It satisfied a requirement of our audit team (internal and external).
  • Custom written alerts allow us to be proactive for some events.
  • Stable product means we don't spend a lot of time keeping it up and running.
Alternatives Considered
We have not used any other products similar to AlienVault so I do not have anything to compare it to. We did look at a few others when first purchasing, but at this point, I do not recall what they were.
Support Rating
9
AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.
October 09, 2019

AlienVault OSSIM: Best Bang for Your Buck Hands Down!

MF
Matthew Frederickson
Director of Information Technology
Council Rock School District (Education Management, 1001-5000 employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.
Pros and Cons
  • Scan network for anomalies once you've established a baseline.
  • Excellent job of showing unusual connections or file transfers
  • Excellent job of showing the health of network, congestions, etc.
  • It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
  • Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
  • Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
Likelihood to Recommend
AlienVault OSSIM is an excellent starter SIEM—you have a fully functioning SIEM in a few hours (installs in less than one, but takes a few to configure, based on your network). The insight you get, immediately is worth the time setting it up. If you are willing to invest some more time, you can fine tune it to really provide deep insight into your network. I really love that it is still free (was nervous when AT&T bought AlienVault).

Each of MyBuildings is routed back to the core - reduces overall traffic and adds one more layer to the network for security reasons. So having an "eye" in each building is necessary at this point. Not sure what I would do if I had to stop using them. The only other thing I plan on doing, in the process of rolling it out right now, is to add some netflow analysis.
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (7)
85.71428571428571%
8.6
Centralized event and log data collection
90%
9.0
Correlation
70%
7.0
Event and log normalization/management
70%
7.0
Deployment flexibility
100%
10.0
Integration with Identity and Access Management Tools
90%
9.0
Custom dashboards and workspaces
80%
8.0
Host and network-based intrusion detection
100%
10.0
Return on Investment
  • It's free, so a very positive impact. Most products out there are in the thousands of dollars, and for a K12 School District, money is always tight.
  • It allowed me to actually gain invaluable insight.
Alternatives Considered
Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.

FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Support Rating
10
Everytime I had a question, they were very willing to help. Not that I called often.
Return to navigation