TrustRadius Insights
AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security …
Overview
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…
Recent Reviews
Popular Features
- Centralized event and log data collection (10)9.494%
- Deployment flexibility (11)8.282%
- Event and log normalization/management (11)8.181%
- Correlation (11)7.070%
Pricing
N/A
Unavailable
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
22 people also want pricing
Alternatives Pricing
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Product Demos
Archie Webster - AlienVault OSSIM Demo
YouTube
Explore OSSIM - demo HIDS
YouTube
OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability
YouTube
Features
Return to navigation
Product Details
- About
- Tech Details
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.
- Asset discovery
- Vulnerability assessment
- Intrusion detection
- Behavioral monitoring
- SIEM
It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.
AlienVault OSSIM Video
AlienVault® USM vs. OSSIM™
AlienVault OSSIM Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(30)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.
The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.
One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.
AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.
Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.
User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.
Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.
Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.
Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.
Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.
Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.
Attribute Ratings
Reviews
(1-10 of 10)Companies can't remove reviews or game the system. Here's why
January 10, 2022
AlienVault OSSIM - very useful for threat hunting
AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.
- Event and log management.
- Vulnerability scanning.
- Graphical analysis and visualization.
- Integration with a honeypot.
November 24, 2021
Lego block SIEM
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.
- Collection of logs
- Pricing
- Ability to customize reports
- Out of the box reporting
- Correlation of events
- AI
November 04, 2021
Alienvault - the friend from another world
AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a clear presentation of alerts and allows you to drill down into an alert to determine detailed information for research. It is also customizable to create rules and send email notifications.
- Behavioral monitoring
- Vulnerability assessment
- Intrusion detection
- Creating custom rules is a bit complicated
- Reporting could be improved
- Agent has caused conflicts with a couple of our other applications
February 11, 2020
A dinosaur aging gracefully!
We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.
- It integrates with a bunch of different platforms.
- Collects tons of data from all integrated platforms provided the right level of logging is enabled.
- The reports are clunky and a bit tedious to parse through.
- Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.
October 15, 2019
AlienVault OSSIM is the bomb!
AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective threat detection, incident response, and compliance management, all done within a single appliance. The analysis is run in the background so we don't have to look at all the threats individually and research them from scratch.
- Threat analysis. It can correlate different events happening to detect a pattern or an attack.
- Dashboard provides a clean, single location to see what is going on in our environment.
- Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.
- Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
- Navigation through the vulnerability scans is not ideal.
- Asset management is also cumbersome to navigate through.
October 09, 2019
AlienVault OSSIM: Best Bang for Your Buck Hands Down!
Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.
- Scan network for anomalies once you've established a baseline.
- Excellent job of showing unusual connections or file transfers
- Excellent job of showing the health of network, congestions, etc.
- It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
- Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
- Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
December 14, 2018
A great, free, open source tool by AlienVault!
It is currently being used by only the IT department. It is a fantastic tool to help with intrusion detection, asset discovery, SIEM correlation, behavior analytics, and a few other features. On the SIEM side, it does standard correlation, normalization, and collection. Being open source we use it only as part of a lab and not as our enterprise tool but it's been great working with it so far.
- Being a part of the Open Source community, open source tools are always a big plus for me.
- Being a simple straightforward tool, it does a great job especially with the asset management piece built into it.
- Straightforward
- Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.
- It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.
December 01, 2018
AlienVault OSSIM
AlienVault OSSIM address's several business problems including but not limited to.
OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs
- SIEM
- Reporting
- Asset management
OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs
- SIEM - Curtail part of managing your alarms and events on the network
- Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
- GUI - The user interface is clean, and easy to use and customise
- Data logging - Note this is available via their paid version USM
- Plugins - More API plugins to aid the collection of logs form other security platforms
- Threat Map - Did not appear to work
March 30, 2018
A robust yet lightweight SIEM in a single package
AlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.
- Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
- SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
- Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
- Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
- OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
- The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
- More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
March 14, 2018
A hands-on proper security solution!
AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.
- Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
- Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
- The tickets feature for handling alarms is really easy to use.
- The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
- Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
- The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.