What users are saying about
32 Ratings
15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.3 out of 101
32 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

LogRhythm

I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.
Joel Eng profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
LogRhythm
8.7
Centralized event and log data collection
AlienVault OSSIM
8.4
LogRhythm
9.4
Correlation
AlienVault OSSIM
8.0
LogRhythm
9.4
Event and log normalization
AlienVault OSSIM
8.0
LogRhythm
9.0
Deployment flexibility
AlienVault OSSIM
8.7
LogRhythm
7.3
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
LogRhythm
8.9
Custom dashboards and views
AlienVault OSSIM
8.0
LogRhythm
9.0
Host and network-based intrusion detection
AlienVault OSSIM
8.6
LogRhythm
7.7

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • One is alerting when certain events take place such as when a machine reboots. This is helps to gain more transparency as to what is going on within your network.
  • The features LogRhythm offers in terms of reporting are very helpful as well. For example we can do monthly reports on a given Windows server to show all activity on that server.
Jacob Steffen profile photo

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Ivan Montilla Miralles profile photo
  • I know in the past LogRhythm was talking about a web application for administration. I think this would be a lot better than having an application to log into.
  • I think offering more video content on their site would also be beneficial. The last time I had issues I was reading through a lot of forum postings, I was able to get the job done but in 2017 video is the king of content.
Jacob Steffen profile photo

Likelihood to Renew

No score
No answers yet
No answers on this topic
LogRhythm9.0
Based on 1 answer
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
James Harrison profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
LogRhythm9.0
Based on 1 answer
Training is lacking for the reporting and query building. Overall, the investigation tool is my most used feature. It is very easy to drill down when searching for an interesting event. The real time dashboard in the console is feature rich and provides graphical views and the ability to see associated logs.The alarms dashboard displays the most recent significant events, and the ability to track and document how the event is being handled.
James Harrison profile photo

Support

No score
No answers yet
No answers on this topic
LogRhythm10.0
Based on 1 answer
Over the last couple of years, we have had some challenges requiring longer and higher tiered support. Log Rhythm was quick to assign a 3rd tier engineer to assist us in identifying and re-mediating those problems. They have also assisted in getting us to later versions. They are willing to hand hold during platform upgrades
James Harrison profile photo

Implementation

No score
No answers yet
No answers on this topic
LogRhythm8.0
Based on 1 answer
  • Buy professional services.
  • Buy and implement the system if possible.
  • Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
  • Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
  • Don't be afraid to call for help during your first months of use.
  • Don't close any ticket until you are sure the expected results are verified.
  • Use the community forums to discuss issues with your peers.
  • Watch the training videos offered by L R University.
James Harrison profile photo

Alternatives Considered

AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.
Ivan Montilla Miralles profile photo
We had business requirements for the following features:
  • Sustained flow acquisition and data collection of dissimilar log types from multiple sources.
  • Customization for Reporting and Alerting in near real time.
  • Offer Dynamic Monitoring.
  • Presented in a Security Event Console.
  • Automated Response Generation for Security Events.
  • Support for Regulatory Compliance.
  • Host, Application and Object Access Logs.
  • Integration with IAM (Identity Access Management).
  • Ability to Express and Track Compliance with User-Defined Policy.
  • Mapping of Events to NIST/CSF and ISO 27001 Control Frameworks and Regulations.
  • Incident Management and Workflow.
  • Data Collection and Archiving.
  • Redundancy, Scalability and Deployment Flexibility.
  • Correlation and Taxonomy.
  • Enterprise Administration, Auto-Discovery, Asset Classification, Embedded Security Knowledge
James Harrison profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • It helps us satisfy log file monitoring requirements for PCI.
Stephen Ilbery profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

LogRhythm

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details