AlienVault OSSIM vs Elasticsearch

What users are saying about

Score 8.7 out of 10

Based on 17 reviews and ratings

Score 8.7 out of 10

Based on 112 reviews and ratings

Feature Rating Comparison

AlienVault OSSIM

Elasticsearch

Centralized event and log data collection

Correlation

Event and log normalization

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and views

Host and network-based intrusion detection

Pros

Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.

Read full review

Jose Quintero

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 6 answers on this topic

Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.

Read full review

Anatoly Geyfman

Founder & CEO

CarevoyanceHealth, Wellness and Fitness, 1-10 employees

View all 34 answers on this topic

Cons

Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
Navigation through the vulnerability scans is not ideal.
Asset management is also cumbersome to navigate through.

Read full review

Laurie Keith

Help Desk Manager

Black Hills Federal Credit UnionBanking, 201-500 employees

View all 6 answers on this topic

Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.

Read full review

Colby Shores

DevOps Engineer

Voice Media GroupMarketing and Advertising, 201-500 employees

View all 34 answers on this topic

Likelihood to Renew

No score

No answers yet

No answers on this topic

Ask the community to sound off

Elasticsearch 10.0

Based on 1 answer

We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.

Read full review

Aaron Gussman

Senior Technologist

HumanGeoDefense & Space, 51-200 employees

View all 1 answers on this topic

Usability

AlienVault OSSIM 8.0

Based on 1 answer

AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.

Read full review

Jose Quintero

Support Services Manager

GB Advisors, Inc.Computer Software, 51-200 employees

View all 1 answers on this topic

Elasticsearch 10.0

Based on 1 answer

To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.

Read full review

Verified User

Vice-President in Information Technology

Computer Software Company, 1-10 employees

View all 1 answers on this topic

Support

AlienVault OSSIM 9.5

Based on 2 answers

AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.

Read full review

Laurie Keith

Help Desk Manager

Black Hills Federal Credit UnionBanking, 201-500 employees

View all 2 answers on this topic

Elasticsearch 7.5

Based on 2 answers

I've never used official support from the company behind Elasticsearch, but I had to get support from community, and being a so known product, it is really easy find someone else facing the same issues you have, and most of time, presenting a good solution for that.

Read full review

Erlon Sousa Pinheiro

Senior Devops Engineer

SOTIComputer & Network Security, 1001-5000 employees

View all 2 answers on this topic

Implementation

No score

No answers yet

No answers on this topic

Ask the community to sound off

Elasticsearch 9.0

Based on 1 answer

Do not mix data and master roles. Dedicate at least 3 nodes just for Master

Read full review

Verified User

Contributor in Information Technology

Pharmaceuticals Company, 51-200 employees

View all 1 answers on this topic

Alternatives Considered

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 6 answers on this topic

With Elasticsearch you can integrate a lot of data sources. It can act as a small DataLake where you can put different kinds of data and extract important insights. With Splunk, additional to elevated costs of licensing and hardware, you need to have expert engineers to address business and platform requirements. If you have Elasticsearch, it can be easily deployed and scaled.

Read full review

Jose Adan Ortiz

Sales Engineer

Mainsoft S.A.Information Technology and Services, 51-200 employees

View all 34 answers on this topic

Return on Investment

The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!

Read full review

Verified User

Engineer in Information Technology

Non-Profit Organization Management Company, 501-1000 employees

View all 6 answers on this topic

ElasticSearch was able to meet the high demands of our product when it mattered most.
Implementation of ElasticSearch was easy and quick, saving on the cost of implementation.
Managing ElasticSearch is very easy. With the right monitoring tools in place, it really is "set it and forget it".

Read full review

Verified User

C-Level Executive in Information Technology

Computer Software Company, 1-10 employees

View all 34 answers on this topic