What users are saying about
<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
Top Rated
255 Ratings
17 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101

Splunk Enterprise

<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow noopener noreferrer'>Customer Verified: Read more.</a>
Top Rated
255 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 8.7 out of 101

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Splunk Enterprise

Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive.
Kuntal Das profile photo

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.1
Splunk Enterprise
8.7
Centralized event and log data collection
AlienVault OSSIM
8.5
Splunk Enterprise
9.2
Correlation
AlienVault OSSIM
7.8
Splunk Enterprise
8.7
Event and log normalization
AlienVault OSSIM
7.4
Splunk Enterprise
9.0
Deployment flexibility
AlienVault OSSIM
8.7
Splunk Enterprise
8.3
Integration with Identity and Access Management Tools
AlienVault OSSIM
8.1
Splunk Enterprise
8.0
Custom dashboards and views
AlienVault OSSIM
7.2
Splunk Enterprise
9.0
Host and network-based intrusion detection
AlienVault OSSIM
8.7
Splunk Enterprise
8.7

Pros

AlienVault OSSIM

  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Jose Quintero profile photo

Splunk Enterprise

  • Allow for separation of control where we don't let some employees have access to production but still can diagnose issues.
  • Common location to go for all logs even if the logs themselves aren't in the same place.
  • Ability to ingest logs from different locations without having to change the code to put logs in a certain place (pro and con).
No photo available

Cons

AlienVault OSSIM

  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Laurie Keith profile photo

Splunk Enterprise

  • Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
  • Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
  • My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Trung Pham profile photo

Likelihood to Renew

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Splunk Enterprise

Splunk Enterprise 10.0
Based on 17 answers
We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks.
No photo available

Usability

AlienVault OSSIM

AlienVault OSSIM 8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo

Splunk Enterprise

Splunk Enterprise 9.0
Based on 3 answers
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Kenneth Taitingfong profile photo

Reliability and Availability

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Splunk Enterprise

Splunk Enterprise 10.0
Based on 1 answer
When properly setup and configured, Splunk is extremely reliable.
No photo available

Support

AlienVault OSSIM

AlienVault OSSIM 9.5
Based on 2 answers
AlienVault OSSIM support has been very good. I have not had an issue that they were not able to quickly identify and provide a fix for. They are very quick to respond to open cases and are very knowledgeable in the product, which makes troubleshooting issues fast and solutions are provided quickly.
Laurie Keith profile photo

Splunk Enterprise

Splunk Enterprise 9.2
Based on 8 answers
It helped us and is still helping to deploy new modules, installing and configuring new databases without worrying about a huge bottleneck or lack of understanding, and monitoring the post-deploy impacts. This has been our main tool across the University IT sectors to utilize all of its monitoring options, and sharing those alerts with end-users as needed.
No photo available

Implementation

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Splunk Enterprise

Splunk Enterprise 9.0
Based on 2 answers
Smooth without too many major issues.
No photo available

Alternatives Considered

AlienVault OSSIM

Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
Matthew Frederickson profile photo

Splunk Enterprise

Splunk is proving to be a formidable replacement for Qradar, which we had as our previous SIEM. Qradar was powerful, but not easy to customize and quite limited. Splunk is not per se a "SIEM" but it can be in the way you used it. Also there is an Enterprise Security App that is available to buy and sit on top of Splunk, and that will take care of any concerns with needing a full-fledged SIEM. Splunk wins.
No photo available

Scalability

AlienVault OSSIM

No score
No answers yet
No answers on this topic

Splunk Enterprise

Splunk Enterprise 9.1
Based on 1 answer
Splunk can scale in to the petabyte per day range which of course is awesome
Rick Yetter profile photo

Return on Investment

AlienVault OSSIM

  • The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!
No photo available

Splunk Enterprise

  • I'm not a data analyst so I can not provide concrete examples on how the business has benefited from implementing Splunk. However, the analysts I have worked with have provided a wealth of support in reducing workstation issues across the enterprise. This alone reduces the time it takes to determine where the exact problem lies between a workstation and the servers it tries to communicate with.
No photo available

Pricing Details

AlienVault OSSIM

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Splunk Enterprise

General

Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Entry-level set up fee?
No

Rating Summary

Likelihood to Recommend

AlienVault OSSIM
8.5
Splunk Enterprise
8.9

Likelihood to Renew

AlienVault OSSIM
Splunk Enterprise
10.0

Usability

AlienVault OSSIM
8.0
Splunk Enterprise
9.0

Reliability and Availability

AlienVault OSSIM
Splunk Enterprise
10.0

Support

AlienVault OSSIM
9.5
Splunk Enterprise
9.2

Implementation

AlienVault OSSIM
Splunk Enterprise
9.0

Scalability

AlienVault OSSIM
Splunk Enterprise
9.1

Add comparison