TrustRadius: an HG Insights company

AlienVault OSSIM (discontinued)

Score8.9 out of 10

29 Reviews and Ratings

What is AlienVault OSSIM (discontinued)?

AlienVault OSSIM was an open source Security Information and Event Management (SIEM). AlienVault was acquired by AT&T Cybersecurity, now LevelBlue, and OSSIM is no longer available for sale.

Categories & Use Cases

Key Features

Learn about the best (and worst!) features AlienVault OSSIM (discontinued) has to offer, as determined by TrustRadius' reviewers.
Based on 29 ratings of AlienVault OSSIM (discontinued)'s features
View all features

Top Performing Features

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 8.5

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.3

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 8.1

Areas for Improvement

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.6

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

    Category average: 7.9

  • Rules-based and algorithmic detection thresholds

    Effectiveness of manually-established rules and algorithmically-determined detection thresholds

    Category average: 8.2

Reviews

What users are saying about AlienVault OSSIM (discontinued).
View all reviews

A dinosaur aging gracefully!

Incentivized
John KeenanView profile
Director of Information Security in Information Technology at Memorial Hospital of Gulfport (5001-10,000 employees employees)

Pros

  • It integrates with a bunch of different platforms.
  • Collects tons of data from all integrated platforms provided the right level of logging is enabled.

Cons

  • The reports are clunky and a bit tedious to parse through.
  • Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.

Return on Investment

  • OSSIM and the installers didn't really help us optimize at installation. OSSIM went without optimization for almost two years before that fact was noticed. I think this decreased ROI.
  • Finding and researching incidents is much faster with all data available. Sometimes too much data, though.

Alternatives Considered

LogRhythm NextGen SIEM Platform

AlienVault OSSIM is the bomb!

Incentivized
Laurie Keith
Help Desk Manager in Information Technology at Black Hills Federal Credit Union (201-500 employees employees)

Pros

  • Threat analysis. It can correlate different events happening to detect a pattern or an attack.
  • Dashboard provides a clean, single location to see what is going on in our environment.
  • Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.

Cons

  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.

Return on Investment

  • It satisfied a requirement of our audit team (internal and external).
  • Custom written alerts allow us to be proactive for some events.
  • Stable product means we don't spend a lot of time keeping it up and running.

AlienVault OSSIM: Best Bang for Your Buck Hands Down!

Incentivized
Matthew Frederickson
Director of Information Technology in Information Technology at Council Rock School District (1001-5000 employees employees)

Pros

  • Scan network for anomalies once you've established a baseline.
  • Excellent job of showing unusual connections or file transfers
  • Excellent job of showing the health of network, congestions, etc.

Cons

  • It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
  • Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
  • Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.

Return on Investment

  • It's free, so a very positive impact. Most products out there are in the thousands of dollars, and for a K12 School District, money is always tight.
  • It allowed me to actually gain invaluable insight.

Alternatives Considered

Darktrace and FortiSIEM

Lego block SIEM

Incentivized
Verified User
Executive in Engineering (51-200 employees employees)

Use Cases and Deployment Scope

As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.

Pros

  • Collection of logs
  • Pricing
  • Ability to customize reports

Cons

  • Out of the box reporting
  • Correlation of events
  • AI

Most Important Features

  • Custom reporting
  • Log collection
  • Analytics

Return on Investment

  • Costly appliances with low ROI

Alternatives Considered

Datadog, Splunk Enterprise Security (SIEM), Azure Sentinel, IntSights Cyber Intelligence, from Rapid7 and Stellar Data Recovery & Erasure

Alienvault - the friend from another world

Incentivized
Verified User
Professional in Information Technology (201-500 employees employees)

Pros

  • Behavioral monitoring
  • Vulnerability assessment
  • Intrusion detection

Cons

  • Creating custom rules is a bit complicated
  • Reporting could be improved
  • Agent has caused conflicts with a couple of our other applications

Most Important Features

  • Event log collection
  • Behavioral monitoring
  • SIEM event correlation

Return on Investment

  • Satisfied audit needs
  • Increased security visibility in our network
  • Up to date on current threats