17 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101
42 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.6 out of 101

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

LogRhythm NextGen SIEM Platform

I will say that the LogRhythm NextGen SIEM Platform is well suited for an organization that is not very big but has multiple log sources. Or a lot of non-technical employees who do not know how to code or do write custom queries. Typically it is a good fit for universities and mid-range startups. This has an excellent interface, dashboard, useful for managing roles, but it doesn't provide the level of customization that a technical person with knowledge of coding probably would prefer. Software like Splunk and Elastic Search are much more flexible in terms of the granularity of the search.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.1
LogRhythm NextGen SIEM Platform
8.5
Centralized event and log data collection
AlienVault OSSIM
8.5
LogRhythm NextGen SIEM Platform
9.4
Correlation
AlienVault OSSIM
7.8
LogRhythm NextGen SIEM Platform
9.0
Event and log normalization
AlienVault OSSIM
7.4
LogRhythm NextGen SIEM Platform
8.7
Deployment flexibility
AlienVault OSSIM
8.7
LogRhythm NextGen SIEM Platform
7.8
Integration with Identity and Access Management Tools
AlienVault OSSIM
8.1
LogRhythm NextGen SIEM Platform
8.0
Custom dashboards and views
AlienVault OSSIM
7.2
LogRhythm NextGen SIEM Platform
9.0
Host and network-based intrusion detection
AlienVault OSSIM
8.7
LogRhythm NextGen SIEM Platform
7.5

Pros

AlienVault OSSIM

  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Jose Quintero profile photo

LogRhythm NextGen SIEM Platform

  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
Joel Eng profile photo

Cons

AlienVault OSSIM

  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Laurie Keith profile photo

LogRhythm NextGen SIEM Platform

  • While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
  • Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
  • The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
No photo available

Likelihood to Renew

AlienVault OSSIM

No score
No answers yet
No answers on this topic

LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform 9.0
Based on 1 answer
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
James Harrison profile photo

Usability

AlienVault OSSIM

AlienVault OSSIM 8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo

LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform 8.0
Based on 2 answers
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
No photo available

Support

AlienVault OSSIM

AlienVault OSSIM 9.5
Based on 2 answers
AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.
Laurie Keith profile photo

LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform 7.9
Based on 8 answers
Support has always been fantastic for this product compared to many other support providers I've worked with. They are always very friendly and seem to be well trained and knowledgeable and never have to wait long for a solution. We usually get the issue fixed in the first call, but also we really haven't had to use support a ton so that's also a plus
No photo available

Implementation

AlienVault OSSIM

No score
No answers yet
No answers on this topic

LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform 8.0
Based on 1 answer
  • Buy professional services.
  • Buy and implement the system if possible.
  • Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
  • Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
  • Don't be afraid to call for help during your first months of use.
  • Don't close any ticket until you are sure the expected results are verified.
  • Use the community forums to discuss issues with your peers.
  • Watch the training videos offered by L R University.
James Harrison profile photo

Alternatives Considered

AlienVault OSSIM

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Matthew Frederickson profile photo

LogRhythm NextGen SIEM Platform

LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
No photo available

Return on Investment

AlienVault OSSIM

  • The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!
No photo available

LogRhythm NextGen SIEM Platform

  • The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
  • Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
  • The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
No photo available

Pricing Details

AlienVault OSSIM

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

LogRhythm NextGen SIEM Platform

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Rating Summary

Likelihood to Recommend

AlienVault OSSIM
8.5
LogRhythm NextGen SIEM Platform
7.3

Likelihood to Renew

AlienVault OSSIM
LogRhythm NextGen SIEM Platform
9.0

Usability

AlienVault OSSIM
8.0
LogRhythm NextGen SIEM Platform
8.0

Support

AlienVault OSSIM
9.5
LogRhythm NextGen SIEM Platform
7.9

Implementation

AlienVault OSSIM
LogRhythm NextGen SIEM Platform
8.0

Add comparison