AlienVault OSSIM vs Elasticsearch | TrustRadius

What users are saying about

Score 7.9 out of 10

Based on 21 reviews and ratings

Score 8.7 out of 10

Based on 154 reviews and ratings

Feature Rating Comparison

AlienVault OSSIM

Elasticsearch

Centralized event and log data collection

Correlation

Event and log normalization

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and views

Host and network-based intrusion detection

Pros

Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.

Read full review

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 7 answers on this topic

Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.

Read full review

Anatoly Geyfman

Founder & CEO

CarevoyanceHealth, Wellness and Fitness, 1-10 employees

View all 42 answers on this topic

Cons

The reports are clunky and a bit tedious to parse through.
Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.

Read full review

Director of Information Security

Memorial Hospital of GulfportMedical Practice, 5001-10,000 employees

View all 7 answers on this topic

Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.

Read full review

DevOps Engineer

Voice Media GroupMarketing and Advertising, 201-500 employees

View all 42 answers on this topic

Likelihood to Renew

No score

No answers yet

No answers on this topic

Elasticsearch 10.0

Based on 1 answer

We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.

Read full review

Senior Technologist

HumanGeoDefense & Space, 51-200 employees

View all 1 answers on this topic

Usability

AlienVault OSSIM 8.0

Based on 1 answer

AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.

Read full review

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 1 answers on this topic

Elasticsearch 10.0

Based on 1 answer

To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.

Read full review

Verified User

Vice-President in Information Technology

Computer Software Company, 1-10 employees

View all 1 answers on this topic

Support Rating

AlienVault OSSIM 8.0

Based on 4 answers

AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.

Read full review

Help Desk Manager

Black Hills Federal Credit UnionBanking, 201-500 employees

View all 4 answers on this topic

Elasticsearch 7.5

Based on 12 answers

We've only used it as an opensource tooling. We did not purchase any additional support to roll out the elasticsearch software. When rolling out the application on our platform we've used the documentation which was available online. During our test phases we did not experience any bugs or issues so we did not rely on support at all.

Read full review

Verified User

Consultant in Information Technology

Information Technology & Services Company, 201-500 employees

View all 12 answers on this topic

Implementation Rating

No score

No answers yet

No answers on this topic

Elasticsearch 9.0

Based on 1 answer

Do not mix data and master roles. Dedicate at least 3 nodes just for Master

Read full review

Verified User

Contributor in Information Technology

Pharmaceuticals Company, 51-200 employees

View all 1 answers on this topic

Alternatives Considered

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 7 answers on this topic

As far as we are concerned, Elasticsearch is the gold standard and we have barely evaluated any alternatives. You could consider it an alternative to a relational or NoSQL database, so in cases where those suffice, you don't need Elasticsearch. But if you want powerful text-based search capabilities across large data sets, Elasticsearch is the way to go.

Read full review

Verified User

Engineer in Engineering

Health, Wellness and Fitness Company, 1-10 employees

View all 42 answers on this topic

Return on Investment

The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!

Read full review

Verified User

Engineer in Information Technology

Non-Profit Organization Management Company, 501-1000 employees

View all 7 answers on this topic

Faster searches on our application have resulted in better usability and increased application use
Analytics dashboard has given our managers a better understanding of day-to-day activities
Being a backup data store, we need not touch SQL database while doing data dumps for local data science projects

Read full review

Data Scientist

Intelligent Retail Pvt. Ltd.Retail, 51-200 employees

View all 42 answers on this topic

Pricing Details

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

AlienVault OSSIM Editions & Modules

—

Additional Pricing Details

—

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Elasticsearch Editions & Modules

Edition

Standard	$16.00¹
Gold	$19.00¹
Platinum	$22.00¹
Enterprise	Contact Sales

per month

Additional Pricing Details

—

Rating Summary

AlienVault OSSIM

Elasticsearch

AlienVault OSSIM

Elasticsearch

AlienVault OSSIM

Elasticsearch

AlienVault OSSIM

Elasticsearch

AlienVault OSSIM

Elasticsearch

Add comparison