Likelihood to Recommend If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Read full review It has been brilliant for us in terms of understanding the behaviour affecting our endpoints and assets. We have full visibility of our alerts, which menas we can act on them immediately. We use a single pain of glass with dashboards that can be easily drilled down into to get further information. It has laso helped us eo create bespoke reports for senios Managmeent, while at the same time supports other teams like Network Mnagement and Operations.
Read full review Pros Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product. SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management. Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others. Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use. Read full review Rapid7 InsightIDR does a very good job at keeping virus definitions up to date so that our threat intelligence is very up to date when knowing what to protect against. It helps us by scanning all of our infrastructure components and highlights where improvements need to be made in security so we can be proactive with our security initiatives. It has automated response mechanisms to triage and resolve any potentials risks allowing us to save time in the long run. Read full review Cons Creating custom rules is a bit complicated Reporting could be improved Agent has caused conflicts with a couple of our other applications Read full review Sometimes Rapid7 InsightIDR will be too locked down and without knowing will block applications and processes needed for day to day operation. System scans with Rapid7 InsightIDR can be very bandwidth-heavy on the network and system resources. From a recent incident, we have seen more and more false positives from Rapid7 InsightIDR on areas that we know are secure. Read full review Usability AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Read full review Support Rating Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
Read full review Alternatives Considered Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as
Stellar Data processor, we have begun to evaluate alternatives.
Read full review The biggest advantage it has the lightweight agent and smooth and less traffic chaos in network during log collection. Cloud Security always require extra efforts but InsightIDR reduce that burden as it has highly anticipated agents to which knows what they need to do when they captured malicious traffic.log collection and threat intelligence is major part in and xdr and here it stand out along others in the market, I started my career as qualys administration but I like InsightIDR much now.
Read full review Return on Investment It satisfied a requirement of our audit team (internal and external). Custom written alerts allow us to be proactive for some events. Stable product means we don't spend a lot of time keeping it up and running. Read full review Rapid7 InsightIDR has allowed us to be proactive in securing our systems as the vulnerability scans give us a lens at what we need to fortify when it comes to security. In recent incidents its allowed us to save time and money as it mostly detects issues accurately and we are able to bring systems back quickly without too much downtime for the business. With recent updates, we are confident that Rapid7 InsightIDR is a good solution for the long run as they are always making adjustments to their platform and improving it with every release. Read full review ScreenShots