What users are saying about

AlienVault OSSIM

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

SolarWinds Log & Event Manager

37 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.7 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

SolarWinds Log & Event Manager

For medium to large scale business that incorporate high-value resources and need a central log repository I think SolarWinds is fantastic. It may be overkill for smaller businesses however.
Joseph Crook profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
SolarWinds Log & Event Manager
6.7
Centralized event and log data collection
AlienVault OSSIM
8.3
SolarWinds Log & Event Manager
8.7
Correlation
AlienVault OSSIM
8.0
SolarWinds Log & Event Manager
8.0
Event and log normalization
AlienVault OSSIM
8.0
SolarWinds Log & Event Manager
7.7
Deployment flexibility
AlienVault OSSIM
8.7
SolarWinds Log & Event Manager
5.2
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
SolarWinds Log & Event Manager
5.3
Custom dashboards and views
AlienVault OSSIM
8.0
SolarWinds Log & Event Manager
4.7
Host and network-based intrusion detection
AlienVault OSSIM
8.7
SolarWinds Log & Event Manager
7.0

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • We use the client on register systems as event forwarders and log collection.
  • It enables us to verify the access security to high value workstations and register systems.
  • It provides a repository storage for log files so that they do not solely exist on workstations.
  • It helps us ensure PCI standards are being maintained and track security risk issues as well as system health.
Joseph Crook profile photo

Cons

  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Ivan Montilla Miralles profile photo
  • No custom parser. Inevitably, there will be a product on your network that Solarwinds LEM won't know how to parse. Other SIEM solutions I've used leverage custom parsers for this reason. LEM does not have support for creating custom parsers, so unknown log formats remain unparsed.
  • Sometimes too basic. LEM is an excellent tool for performing basic correlations in a small to mid-size environment. If you try to get too advanced with the correlations you are trying to perform, you may get frustrated with the lack of functionality due to the way that LEM parses data.
No photo available

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
No score
No answers yet
No answers on this topic

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
In the past I have used Qradar, McAfee ESM, and RSA Security Analytics.
PROS:Compared to these products, LEM is by far the most user friendly and easiest to deploy. LEM's ability to automate response and remediation also seems a cut above these products. LEM also ranks up at the top in terms of reliability. Very rarely have we had to resolve issues that prevented LEM from doing it's job.
CONS: LEM is unfortunately lacking in the ability to create custom parsers like other SIEM solutions can. This means if LEM is unable to parse logs coming from a network appliance, you won't be able to view them until Solarwinds releases their official parser for that product. Complex correlations can also test the limits of LEM due to the way that logs are parsed into event type rather than log source type. Trying to correlate all of your IPS events in a complex correlation? This my prove to be difficult in LEM.
No photo available

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • It has helped to give us an insight into our accounts and has been valuable to alert us to attacks.
  • It has been valuable to manually correlate logs after there have been incidents and server issues.
  • For the price, it has not given us any preventative analytics. Some of our alerting is based off of events that caused problems after the fact, so not really helpful at the time.
No photo available

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

SolarWinds Log & Event Manager

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details