What users are saying about
93 Ratings
14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101
93 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.9 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Elasticsearch

Elasticsearch is the gold standard for text-based search. Across large data sets it performs admirably, and we will certainly make it our first choice search solution in the future. For a use case where needs are simple and regular database queries might suffice, Elasticsearch may or may not provide any benefits.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
Elasticsearch
Centralized event and log data collection
AlienVault OSSIM
8.4
Elasticsearch
Correlation
AlienVault OSSIM
8.0
Elasticsearch
Event and log normalization
AlienVault OSSIM
8.0
Elasticsearch
Deployment flexibility
AlienVault OSSIM
8.7
Elasticsearch
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
Elasticsearch
Custom dashboards and views
AlienVault OSSIM
8.0
Elasticsearch
Host and network-based intrusion detection
AlienVault OSSIM
8.6
Elasticsearch

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • Indexing. Elasticsearch can index thousands of documents per second.
  • Searching. Elasticsearch provides plenty of options for querying your data to get just the right information back.
  • Scalability. Elasticsearch has built-in features for replicating data and distributing load, so you don't have to invest a ton of time and effort into third-party or customized clustering and/or sharding solutions.
  • Backup. Elasticsearch has built-in options for backing up your data. If you're dealing with a large cluster, backing things up can get rather interesting from a storage perspective, but Elasticsearch has worked very well for us thus far.
  • Recovery. If part of your cluster goes offline, Elasticsearch generally does a decent job of staying online and recovering from the outage. Occasionally you'll lose nodes that house all copies of a given set of shards (which isn't fun), but Elasticsearch still handles that situation as well as can be expected.
No photo available

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Ivan Montilla Miralles profile photo
  • The documentation could be a bit more detailed and have more examples, especially for advanced functionality.
  • The ability to update/change existing live field mappings would be nice.
  • The ingest pipeline structure is a bit more complicated and confusing than previous implementations for using things like attachment plug-ins.
Josh Kramer profile photo

Likelihood to Renew

No score
No answers yet
No answers on this topic
Elasticsearch10.0
Based on 1 answer
We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Aaron Gussman profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
Elasticsearch10.0
Based on 1 answer
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
No photo available

Implementation

No score
No answers yet
No answers on this topic
Elasticsearch9.0
Based on 1 answer
Do not mix data and master roles. Dedicate at least 3 nodes just for Master
No photo available

Alternatives Considered

AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.
Ivan Montilla Miralles profile photo
Cassandra and Solr are other products that I haven't used but might be considered "competitors". Splunk is very, very good in terms of search but it seemed limited to logging. It is also quite pricey compared to ElasticSearch which is free.
Ivan Portugal profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • ROI since it is open source, yay!
  • We have been able to track defects quicker.
  • We can detect immediately when deployed changes help or hurt.
Shannon Donohue profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Elasticsearch

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details