TrustRadius
AlienVault OSSIMAlienVault OSSIM address's several business problems including but not limited to. SIEMReportingAsset management OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs,SIEM - Curtail part of managing your alarms and events on the network Reporting - Ability to complete one click reporting for most compliance needs saving time and resources GUI - The user interface is clean, and easy to use and customise,Data logging - Note this is available via their paid version USM Plugins - More API plugins to aid the collection of logs form other security platforms Threat Map - Did not appear to work,7,OSSIM is a free network SIEM so at no cost Allows us to reduce staff needed to collect and analyse data Fast responses to potential threats on the network,AlienVault USM,AlienVault USM, StormShield Security Suite, Cisco ASAA great, free, open source tool by AlienVault!It is currently being used by only the IT department. It is a fantastic tool to help with intrusion detection, asset discovery, SIEM correlation, behavior analytics, and a few other features. On the SIEM side, it does standard correlation, normalization, and collection. Being open source we use it only as part of a lab and not as our enterprise tool but it's been great working with it so far.,Being a part of the Open Source community, open source tools are always a big plus for me. Being a simple straightforward tool, it does a great job especially with the asset management piece built into it. Straightforward Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.,It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.,9,The only investment here is setting it up and I think seeing it's performance it's a fantastic tool and has a great positive ROI!A robust yet lightweight SIEM in a single packageAlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.,Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product. SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management. Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others. Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.,OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated. The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance. More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.,9,The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production. On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue. Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.,LogRhythm and Tenable SecurityCenter,BMC Client Management, ServiceNow, Tenable.io,HIDS and NIDS agents Reporting Alarms,SIEM Log Correlation,Yes, but I don't use it,8A hands-on proper security solution!AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.,Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation. Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured. The tickets feature for handling alarms is really easy to use.,The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere. Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports. The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.,8,Since it's free, ROI has been positive in terms of money. In time cost and engineer time, it has been also very cheap to implement since it's very easy to get it running. As a learning tool, for ACSE certification, it has also been very useful, since it shares a lot with the USM appliance installation. As a test environment, again, it shares a lot with the USM appliance installation, so if you have a USM also and you don't want to test things over your production environment, testing with OSSIM first has been a good way to mitigate possible bad effects.,LogRhythm and McAfee Enterprise Security Manager,Cofense PhishMe Small Business Edition (formerly PhishMe Simulator), LogRhythm, Bomgar Remote Support Software
Unspecified
AlienVault OSSIM
14 Ratings
Score 8.2 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

AlienVault OSSIM Reviews

AlienVault OSSIM
14 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101
Show Filters 
Hide Filters 
Filter 14 vetted AlienVault OSSIM reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-4 of 4)
  Vendors can't alter or remove reviews. Here's why.
Scott Holland profile photo
November 30, 2018

User Review: "AlienVault OSSIM"

Score 7 out of 10
Vetted Review
Verified User
Review Source
AlienVault OSSIM address's several business problems including but not limited to.
  • SIEM
  • Reporting
  • Asset management

OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs
  • SIEM - Curtail part of managing your alarms and events on the network
  • Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
  • GUI - The user interface is clean, and easy to use and customise
  • Data logging - Note this is available via their paid version USM
  • Plugins - More API plugins to aid the collection of logs form other security platforms
  • Threat Map - Did not appear to work
OSSIM is suited for security researchers and system admins who want quick visibility of network activity and alerts they may have missed without the aid of Alien Vault OSSIM. After a setup that only takes around 15 to 30 minutes, you will be seeing network traffic and generating alarms on your dashboard making it fast and effective deployment.
Read Scott Holland's full review
No photo available
December 14, 2018

AlienVault OSSIM Review: "A great, free, open source tool by AlienVault!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
It is currently being used by only the IT department. It is a fantastic tool to help with intrusion detection, asset discovery, SIEM correlation, behavior analytics, and a few other features. On the SIEM side, it does standard correlation, normalization, and collection. Being open source we use it only as part of a lab and not as our enterprise tool but it's been great working with it so far.
  • Being a part of the Open Source community, open source tools are always a big plus for me.
  • Being a simple straightforward tool, it does a great job especially with the asset management piece built into it.
  • Straightforward
  • Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.
  • It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.
Small, medium or large, every company can benefit from this tool. Even if you decide to supplement your existing SIEM this is the way to go and chances are you might end up switching to this as your primary.
Read this authenticated review
Jose Quintero profile photo
March 30, 2018

AlienVault OSSIM Review: "A robust yet lightweight SIEM in a single package"

Score 9 out of 10
Vetted Review
Reseller
Review Source
AlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.
  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.
Read Jose Quintero's full review
Ivan Montilla Miralles profile photo
March 14, 2018

AlienVault OSSIM Review: "A hands-on proper security solution!"

Score 8 out of 10
Vetted Review
Verified User
Review Source
AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.
  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
Read Ivan Montilla Miralles's full review

AlienVault OSSIM Scorecard Summary

Feature Scorecard Summary

Centralized event and log data collection (3)
8.3
Correlation (4)
8.0
Event and log normalization (4)
8.0
Deployment flexibility (4)
8.7
Integration with Identity and Access Management Tools (2)
7.5
Custom dashboards and views (4)
8.0
Host and network-based intrusion detection (3)
8.7

About AlienVault OSSIM

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM
OSSIM provides the basis for AlienVault's proprietary Unified Security Management (USM) product.

It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault OSSIM Technical Details

Operating Systems: Unspecified
Mobile Application:No