What users are saying about
112 Ratings
17 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101
112 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Elasticsearch

Elasticsearch is the gold standard for text-based search. Across large data sets it performs admirably, and we will certainly make it our first choice search solution in the future. For a use case where needs are simple and regular database queries might suffice, Elasticsearch may or may not provide any benefits.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.1
Elasticsearch
Centralized event and log data collection
AlienVault OSSIM
8.5
Elasticsearch
Correlation
AlienVault OSSIM
7.8
Elasticsearch
Event and log normalization
AlienVault OSSIM
7.5
Elasticsearch
Deployment flexibility
AlienVault OSSIM
8.7
Elasticsearch
Integration with Identity and Access Management Tools
AlienVault OSSIM
8.0
Elasticsearch
Custom dashboards and views
AlienVault OSSIM
7.3
Elasticsearch
Host and network-based intrusion detection
AlienVault OSSIM
8.7
Elasticsearch

Pros

AlienVault OSSIM

  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Jose Quintero profile photo

Elasticsearch

  • Super-fast search on millions of documents. We've got over 2 billion documents in our index and the retrieve speeds are still in the < 1-second range.
  • Analytics on top of your search. If you organize your data appropriately, Elasticsearch can serve as a distributed OLAP system
  • Elasticsearch is great for geographic data as well, including searching and filtering with geojson, and a variety of geospatial algorithms.
Anatoly Geyfman profile photo

Cons

AlienVault OSSIM

  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Laurie Keith profile photo

Elasticsearch

  • Setting Java memory thresholds can be a pain for those not accustomed to things like Eden Space & Old Generation which can lead to over allocation, or more likely, under allocation. Apache Solr had a similar issue. It would be nice if the program would take an extra step and dogfood it's own advice by analyzing the system & processes to return a solid recommendation for that configuration. The proper configuration information is outlined in the documentation, it would be nice if that was automated.
  • The only health check that ElasticSearch reports back is a "red" status without any real solid information about what is going on, though its usually memory thresholds or disk I/O. I am currently on ElasticSearch 1.5 so that may have changed for newer versions. When the status goes "red", I as the administrator of the software, feel like I lose control of whats going on which should rarely happen. Something more verbose would eliminate that.
  • This is more of a critique of the ElasticStack in general. The whole top to bottom stack is starting to get feature creep with things that are better suited in other software and increasing the barrier for entry for people to get started with setting up a robust logging infrastructure. ElasticSearch as a storage search engine, is pretty streamlined, but I can see that the tools that comprise the ELK Stack are going to require a certification with constant study at some point. During major release for Logstash a while back, it literally took a month to learn a new language because Elastic completely changed the syntax. For a medium sized organization of only a couple of admins, that is a pretty high bar where time is money. They really should work on refining/automating the tools & search engine they have, instead of shoehorning/changing things on to an already rock solid foundation.
Colby Shores profile photo

Likelihood to Renew

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Elasticsearch

Elasticsearch 10.0
Based on 1 answer
We're pretty heavily invested in ElasticSearch at this point, and there aren't any obvious negatives that would make us reconsider this decision.
Aaron Gussman profile photo

Usability

AlienVault OSSIM

AlienVault OSSIM 8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo

Elasticsearch

Elasticsearch 10.0
Based on 1 answer
To get started with Elasticsearch, you don't have to get very involved in configuring what really is an incredibly complex system under the hood. You simply install the package, run the service, and you're immediately able to begin using it. You don't need to learn any sort of query language to add data to Elasticsearch or perform some basic searching.If you're used to any sort of RESTful API, getting started with Elasticsearch is a breeze. If you've never interacted with a RESTful API directly, the journey may be a little more bumpy. Overall, though, it's incredibly simple to use for what it's doing under the covers.
No photo available

Support

AlienVault OSSIM

AlienVault OSSIM 9.5
Based on 2 answers
AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.
Laurie Keith profile photo

Elasticsearch

Elasticsearch 7.5
Based on 2 answers
I've never used official support from the company behind Elasticsearch, but I had to get support from community, and being a so known product, it is really easy find someone else facing the same issues you have, and most of time, presenting a good solution for that.
Erlon Sousa Pinheiro profile photo

Implementation

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Elasticsearch

Elasticsearch 9.0
Based on 1 answer
Do not mix data and master roles. Dedicate at least 3 nodes just for Master
No photo available

Alternatives Considered

AlienVault OSSIM

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Matthew Frederickson profile photo

Elasticsearch

With Elasticsearch you can integrate a lot of data sources. It can act as a small DataLake where you can put different kinds of data and extract important insights. With Splunk, additional to elevated costs of licensing and hardware, you need to have expert engineers to address business and platform requirements. If you have Elasticsearch, it can be easily deployed and scaled.
Jose Adan Ortiz profile photo

Return on Investment

AlienVault OSSIM

  • The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!
No photo available

Elasticsearch

  • ElasticSearch was able to meet the high demands of our product when it mattered most.
  • Implementation of ElasticSearch was easy and quick, saving on the cost of implementation.
  • Managing ElasticSearch is very easy. With the right monitoring tools in place, it really is "set it and forget it".
No photo available

Pricing Details

AlienVault OSSIM

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Elasticsearch

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison