Name: AlienVault OSSIM
Rating: 8.9 (29 reviews)
Author: AT&T Cybersecurity

Help Desk

Web and Video Conferencing

Customer Support

Augmented Reality Development

Batch Management Software

Software Configuration Management

Development

Business Intelligence (BI)

Collaboration

Data Discovery and Visualization

Digital Rights Management (DRM)

Document Management

Dropshipping

Electronic Signature

Operational Analytics

Enterprise

Accounting

Trust Management

Finance and Accounting

Applicant Tracking

Corporate Learning Management

Corporate Volunteering

HR Management

Payroll

Recruitment Agency

Relocation

Talent Intelligence

Talent Management

Workforce Analytics

Workforce Management

eLearning Content

Human Resources

3D Printing

AI Governance

Application Lifecycle Management (ALM)

Cloud Storage

Consulting and Advisory Services

Content Delivery Networks (CDN)

Data Fabric

Data Recovery Service

Fraud Detection

Hadoop-Related

Integration Platform as a Service (iPaaS)

Internet Performance Monitoring

Managed File Transfer (MFT)

Network Performance Monitoring

Office Migration and Repair

Robotic Process Automation (RPA)

System Monitoring

Zero Trust Security Solutions

Information Technology

A/B Testing

Ad Serving & Retargeting

All-in-One Marketing

Audience Engagement

Blogging

Competitive Intelligence

Content Management

Email Marketing

Local Marketing

Marketing Automation

Social Media Management

Survey & Forms Building

Text to Speech

Web Analytics

Wholesale Marketplace

Marketing

Job Site Management

Project Management

Waste Management

Writing and Proofreading Tools

Professional Services

Customer Relationship Management (CRM)

Sales

Cloud Access Security Brokers

User and Entity Behavior Analytics (UEBA)

Security

Architecture

Camp Management

Chargeback Management

Dental

Digital Forensics

Nonprofit CRM

Plagiarism Checker

Vertical-Specific

Find top rated software and services based on in-depth reviews from verified users. 400+ software categories including PaaS, NoSQL, BI, HR, and more.

AlienVault USM

AT&T Cybersecurity

Microsoft Sentinel

Microsoft

Darktrace

Elasticsearch

Elastic

Splunk Enterprise

Splunk

Graylog

Tenable Nessus

Tenable

FortiSIEM

Fortinet

Snort

Cisco

Microsoft Defender for Endpoint

### Log Management
Some users appreciate AlienVault OSSIM's log management features, highlighting its event log collection and log storage capabilities. However, others find the platform's log ingestion process cumbersome and note limitations in report customization. Despite these mixed reviews, AlienVault OSSIM seems to offer a solid foundation for log management, with room for improvement in certain areas. (Source Reviews: [1](https://www.trustradius.com/reviews/alienvault-ossim-2021-10-25-13-38-06), [2](https://www.trustradius.com/reviews/alienvault-ossim-2021-11-23-19-02-08), [3](https://www.trustradius.com/reviews/alienvault-ossim-2022-01-10-07-32-31), [4](https://www.trustradius.com/reviews/alienvault-ossim-2021-07-20-10-29-24), [5](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-09-16-31-36))

### Vulnerability Scanning
Some users praise AlienVault OSSIM for its efficient vulnerability scanning, noting that it streamlines the process and saves time. However, others express concerns about the effectiveness of the vulnerability scanning feature, suggesting that it may not be as robust as desired. The mixed feedback indicates that while some find the vulnerability scanning capabilities of AlienVault OSSIM to be beneficial, others feel there is room for improvement in this aspect. (Source Reviews: [1](https://www.trustradius.com/reviews/alienvault-ossim-2022-01-10-07-32-31), [2](https://www.trustradius.com/reviews/alienvault-ossim-2021-10-25-13-38-06), [3](https://www.trustradius.com/reviews/alienvault-ossim-2020-02-10-14-30-11), [4](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-15-07-40-34))

### Threat Detection
Users consistently highlight AlienVault OSSIM's threat detection capabilities as a key strength of the platform. They appreciate its ability to effectively monitor and detect potential threats within their networks, aiding in proactive threat mitigation. While some users have mentioned minor challenges with optimization and data overload, the overall sentiment towards AlienVault OSSIM's threat detection functionality remains positive. (Source Reviews: [1](https://www.trustradius.com/reviews/alienvault-ossim-2021-10-25-13-38-06), [2](https://www.trustradius.com/reviews/alienvault-ossim-2022-01-10-07-32-31), [3](https://www.trustradius.com/reviews/alienvault-ossim-2021-07-20-10-29-24), [4](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-15-07-40-34), [5](https://www.trustradius.com/reviews/alienvault-ossim-2020-02-10-14-30-11), [6](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-09-16-31-36))

### Threat Hunting and Analysis
Users consistently highlight AlienVault OSSIM's robust threat hunting capabilities, emphasizing its effectiveness in uncovering potential security risks within their networks. The platform's analysis functionality is commended for providing deep insights into security events and logs from all machines, streamlining the threat hunting process. While some users express a desire for improved integration with other security tools, the overall sentiment leans towards AlienVault OSSIM being a valuable asset for proactive threat detection and analysis. (Source Reviews: [1](https://www.trustradius.com/reviews/alienvault-ossim-2022-01-10-07-32-31), [2](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-09-16-31-36))

### Alerts and Notifications
Users widely praise AlienVault OSSIM's alert and notification capabilities. Reviewers consistently highlight the effectiveness of the alerts in identifying potential threats within the network. The customizable nature of the alerts allows for tailored rules and email notifications, enhancing the proactive approach to cybersecurity. However, some users have noted challenges with the volume of alerts, leading to difficulties in distinguishing true positives from false alarms. Despite this, the overall sentiment leans towards the strength of AlienVault OSSIM in providing robust and reliable alerts and notifications for network security. (Source Reviews: [1](https://www.trustradius.com/reviews/alienvault-ossim-2021-10-25-13-38-06), [2](https://www.trustradius.com/reviews/alienvault-ossim-2021-07-20-10-29-24), [3](https://www.trustradius.com/reviews/alienvault-ossim-2020-02-10-14-30-11), [4](https://www.trustradius.com/reviews/alienvault-ossim-2019-10-15-07-40-34))

AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.

The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.

One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.

AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.

Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.

User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.

Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.

Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.

Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.

Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.

Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.

Essentials

Standard

Premium

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Azure Sentinel

100 GB per day

200 GB per day

300 GB per day

400 GB per day

500 GB per day

More than 500 GB per day

AlienVault OSSIM

Security Information and Event Management Tools and Software (often shortened to SIEM) analyze security-related events and log data from network hardware and applications in real-time, performing event correlation and alerting managers to configuration changes of interest, vulnerabilities and potential threats.

Security Information and Event Management (SIEM)

OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability

Explore OSSIM - demo HIDS

Archie Webster - AlienVault OSSIM Demo

Likelihood to Recommend

Usability

Support Rating

Centralized event and log data collection

Correlation

Event and log normalization/management

Deployment flexibility

Integration with Identity and Access Management Tools

Custom dashboards and workspaces

Host and network-based intrusion detection

Data integration/API management

Behavioral analytics and baselining

Rules-based and algorithmic detection thresholds

Response orchestration and automation

Reporting and compliance management

Incident indexing/searching

Security management can be a complex, time-consuming, and expensive undertaking for all
organizations, but especially for those with limited security resources, time,
and budget. But it doesn’t have to be. We founded AlienVault to help
organizations of all sizes achieve the same threat detection capabilities as
Fortune 500 companies, for their full IT infrastructure, without the headaches
and hassles of deploying, integrating and managing multiple products.
AlienVault’s award-winning products are designed and priced to ensure that all organizations
have access to world-class security. By integrating essential security
capabilities into a Unified Security Management™ (USM™) platform, and then
powering that platformwith up-to-the-minute
threat intelligence from AlienVault Labs and our Open Threat Exchange™ – the
world’s largest crowd-sourced collaborative threat exchange – AlienVault
provides its more than 5,000 commercial customers with a unified, simple and
affordable solution that simplifies and centralizes threat detection, incident
response and compliance management for cloud, hybrid cloud, and on- premises
environments. 
Founded in 2007, the company now employs over 300 people worldwide. Headquartered in San Mateo, CA, AlienVault also has
offices in Austin, TX; Madrid, Spain; Granada, Spain; and Cork, Ireland. The
company’s seasoned management team is led by President and CEO, Barmak Meftah,
an experienced leader in the security software industry.

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

Effectiveness of real-time centralized event and log data collection

Correlation of logs and events to pinpoint significant threats

Ability to normalize event syntax so that logs can be compared and are machine-understandable

Ability to tune system to maximize threat detection and minimize false positives

Integration with access control tools like Active Directory and LDAP

dashboards that can be customized to meet the needs of specific groups

Ability to detect both endpoint intrusion and network ingress detection

Log retention

Length and quality of log storage and archiving over time

Ease and quality of data integrations between SIEM and other systems

How effectively activity and behavior baselines are established and maintained

Effectiveness of manually-established rules and algorithmically-determined detection thresholds

Quality of built-in response orchestration and automation in Next-Gen SIEM

Ease and quality of reporting and compliance functions

Effectiveness of searching across structured and unstructured events and incidents within SIEM

LogRhythm NextGen SIEM Platform

Director of Information Security

AlienVault OSSIM 2020-02-10 14:30:11

Help Desk Manager

AlienVault OSSIM 2019-10-15 07:40:34

Director of Information Technology

AlienVault OSSIM 2019-10-09 16:31:36

Datadog

Stellar Data Recovery & Erasure

Splunk Enterprise Security

IntSights Cyber Intelligence, from Rapid7

Stellar Open Source Blockchain

AlienVault OSSIM 2021-11-23 19:02:08

AlienVault OSSIM 2021-10-25 13:38:06

TrustRadius is a technology and business research firm based in Austin, Texas. The company is known as a review platform for verified B2B technology and software reviews through a proprietary algorithm and human verification.

TrustRadius

Using other tools

Hard to tell

Cloud based

Reports are good

Takes too long

Custom rules

Third party

Little more flexibility

Long to load

Bit complicated

Self contained

Easy to use

Threat exchange

Open threat exchange

False positives

Intrusion detection

Saving time

Dashboard provides

Mobile devices

Source tools

Home

Security Information and Event Management (SIEM) Software

We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.

It integrates with a bunch of different platforms.
Collects tons of data from all integrated platforms provided the right level of logging is enabled.

AlienVault OSSIM

Overview

What is AlienVault OSSIM?