What users are saying about

Splunk Enterprise<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

189 Ratings

AlienVault OSSIM

14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

Splunk Enterprise<a href='https://www.trustradius.com/static/about-trustradius-scoring#question3' target='_blank' rel='nofollow'>Customer Verified: Read more.</a>

189 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101

Add comparison

Likelihood to Recommend

AlienVault OSSIM

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Ivan Montilla Miralles profile photo

Splunk Enterprise

Scenarios, where Splunk is well suited, would be a larger organization where multiple teams have their own logs and a web ops team is trying to come in and get a central location to be able to ingest and report on those logsScenarios, where Splunk wouldn't be as well suited, would be a small org where all their logs are in one place, easy to find and report on.
No photo available

Feature Rating Comparison

Security Information and Event Management (SIEM)

AlienVault OSSIM
8.2
Splunk Enterprise
8.7
Centralized event and log data collection
AlienVault OSSIM
8.3
Splunk Enterprise
9.2
Correlation
AlienVault OSSIM
8.0
Splunk Enterprise
8.1
Event and log normalization
AlienVault OSSIM
8.0
Splunk Enterprise
9.1
Deployment flexibility
AlienVault OSSIM
8.7
Splunk Enterprise
8.7
Integration with Identity and Access Management Tools
AlienVault OSSIM
7.5
Splunk Enterprise
7.9
Custom dashboards and views
AlienVault OSSIM
8.0
Splunk Enterprise
9.4
Host and network-based intrusion detection
AlienVault OSSIM
8.7
Splunk Enterprise
8.6

Pros

  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Jose Quintero profile photo
  • SPLUNK has a quick learning curve and can be easily self-taught. For example, there are plenty of resources available such as tutorials and search tools. There is really no prerequisite for learning how to use Splunk.
  • SPLUNK Enterprise provides plenty of useful documentation and user support which makes it easy for anyone to learn and start using SPLUNK in a very short period of time. There are also examples and user feedback that is helpful if you need more advanced implementations.
  • SPLUNK is very powerful, yet simple. For instance, you can set up a dashboard in one day provided you have admin rights and access to the data you want to Splunk.
Trung Pham profile photo

Cons

  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Jose Quintero profile photo
  • Even though there is a search tool as a help function, you still have to read through many documentation to find the answers you're looking for and sometimes you don't find it. The help function in Splunk could be improved to be more intuitive or have a built-in help per report, panel or dashboard.
  • Creating a Splunk dashboard is rather straightforward however, customization is not. Splunk could be improved to provide more tools or features for customization such as adding colors and font options for text and graphs or graphics.
  • My dashboard has a lot of useful information and I want the important panels and reports at the top but there is no easy way to do this. Perhaps Splunk could be improved to allow features such as adding URL links to other dashboards or some other clever way to emphasize the important data in my dashboard without compromising space.
Trung Pham profile photo

Likelihood to Renew

No score
No answers yet
No answers on this topic
Splunk Enterprise7.7
Based on 15 answers
Over time, Splunk becomes a part of the core business and the usefulness grows as the amount of data ingested grows.
Rick Yetter profile photo

Usability

AlienVault OSSIM8.0
Based on 1 answer
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Jose Quintero profile photo
Splunk Enterprise9.9
Based on 2 answers
You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all.
Kenneth Taitingfong profile photo

Reliability and Availability

No score
No answers yet
No answers on this topic
Splunk Enterprise10.0
Based on 1 answer
When properly setup and configured, Splunk is extremely reliable.
No photo available

Support

No score
No answers yet
No answers on this topic
Splunk Enterprise8.9
Based on 3 answers
Support from Splunk to our company is extremely good . Our team developed many dash boards , reports and alerts in Splunk which saved so many hours of our development time and made us very very efficient . We are extremely happy with current functionality provided by Splunk and have no complaints at all . I would definitely recommend it to everyone
No photo available

Implementation

No score
No answers yet
No answers on this topic
Splunk Enterprise8.0
Based on 1 answer
Engage professional service early on in the implementation
No photo available

Alternatives Considered

AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
Jose Quintero profile photo
I wanted to learn a new language that I can quickly master and implement. Splunk is easy, fun to use and best of all, it can be developed in hours not days or weeks. Splunk is fundamentally a programming language that is minimal but yet powerful enough to collect, analyze and visualize data.
Trung Pham profile photo

Scalability

No score
No answers yet
No answers on this topic
Splunk Enterprise9.1
Based on 1 answer
Splunk can scale in to the petabyte per day range which of course is awesome
Rick Yetter profile photo

Return on Investment

  • The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
  • On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
  • Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
Jose Quintero profile photo
  • It has been helping with alerting on certain attacks on site and monitoring server health.
  • It slows down during high traffic volume days - ( major 5 days of the year )
Priti Asai / Thakkar profile photo

Pricing Details

AlienVault OSSIM

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Splunk Enterprise

General
Free Trial
Yes
Free/Freemium Version
Yes
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details