What users are saying about

Splunk Enterprise

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
213 Ratings
15 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.3 out of 101

Splunk Enterprise

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>
213 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.6 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Splunk Enterprise

In a corporate environment, especially in a financial sector, I would actually go with a product like RSA Security Analytics. But that is not necessarily the rule of thumb and is not the case for all financial companies. In higher ed, for example, I recommend Splunk because of the ability to monitor trends of students that can help them to get better grades, help the university to grow, and streamline registration processes.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
Splunk Enterprise
8.6
Centralized event and log data collection
AlienVault OSSIM
8.4
Splunk Enterprise
9.2
Correlation
AlienVault OSSIM
8.0
Splunk Enterprise
8.0
Event and log normalization
AlienVault OSSIM
8.0
Splunk Enterprise
9.1
Deployment flexibility
AlienVault OSSIM
8.7
Splunk Enterprise
8.3
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
Splunk Enterprise
8.0
Custom dashboards and views
AlienVault OSSIM
8.0
Splunk Enterprise
9.4
Host and network-based intrusion detection
AlienVault OSSIM
8.6
Splunk Enterprise
8.5

Pros

  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
Ivan Montilla Miralles profile photo
  • It gathers logs very well from almost all machine types - most SIEM related products don't do this quite as well.
  • It provides visuals to the user, giving you the ability to transform logs into visual charts (e.g. pie charts, graphs, tables, etc.).
  • Splunk is very quick in reporting and alerting on anomalies. There is little delay.
No photo available

Cons

  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Jose Quintero profile photo
  • Splunk can be very expensive, and it is best to size out your environment first before procuring. Planning is key, and make sure to buy a license that is at least 2-3 times what you think you need.
  • There is a learning curve to Splunk. It takes a bit to get up to speed with the application.
  • Support is very good, but they will almost never tell you to ways to not use up your license. I had to figure that out myself, and ended up cutting out some useless logs that used over 50 % of my license.
No photo available

Likelihood to Renew

No score
No answers yet
No answers on this topic
Splunk Enterprise7.7
Based on 15 answers
Over time, Splunk becomes a part of the core business and the usefulness grows as the amount of data ingested grows.
Rick Yetter profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
Splunk Enterprise9.9
Based on 2 answers
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Kenneth Taitingfong profile photo

Reliability and Availability

No score
No answers yet
No answers on this topic
Splunk Enterprise10.0
Based on 1 answer
When properly setup and configured, Splunk is extremely reliable.
No photo available

Support

No score
No answers yet
No answers on this topic
Splunk Enterprise8.9
Based on 3 answers
Support from Splunk to our company is extremely good . Our team developed many dash boards , reports and alerts in Splunk which saved so many hours of our development time and made us very very efficient . We are extremely happy with current functionality provided by Splunk and have no complaints at all . I would definitely recommend it to everyone
No photo available

Implementation

No score
No answers yet
No answers on this topic
Splunk Enterprise8.0
Based on 1 answer
Engage professional service early on in the implementation
No photo available

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
Splunk is proving to be a formidable replacement for Qradar, which we had as our previous SIEM. Qradar was powerful, but not easy to customize and quite limited. Splunk is not per se a "SIEM" but it can be in the way you used it. Also there is an Enterprise Security App that is available to buy and sit on top of Splunk, and that will take care of any concerns with needing a full-fledged SIEM. Splunk wins.
No photo available

Scalability

No score
No answers yet
No answers on this topic
Splunk Enterprise9.1
Based on 1 answer
Splunk can scale in to the petabyte per day range which of course is awesome
Rick Yetter profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • There are a lot of positive impacts that Splunk had made, we have real-time exception alerting which is very useful
  • We have report generation out of the logs which again helped us in many ways.
  • The only negative thing I can say is that it requires good learning and that takes a long time
Rounak Jangir profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Splunk Enterprise

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details