AlienVault OSSIM (discontinued) Reviews and Ratings
Rating: 8.9 out of 10
Score
8.9 out of 10
Community insights
TrustRadius Insights for AlienVault OSSIM (discontinued) are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.
Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.
Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.
AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.
Pros
Event and log management.
Vulnerability scanning.
Graphical analysis and visualization.
Cons
Integration with a honeypot.
Likelihood to Recommend
AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).
VU
Verified User
Technician in Information Technology (201-500 employees)
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.
Pros
Collection of logs
Pricing
Ability to customize reports
Cons
Out of the box reporting
Correlation of events
AI
Likelihood to Recommend
AlienVault is a good SIEM tool in general, it can collect logs, has the ability to create custom reports for the data that it gathers from both windows systems and networking devices, and the reports with some amount of finessing can look as good as the organization spends time on them. The problem is that alien vault past these great abilities falls short on doing anything else, it is an archaic SIEM solution that does nothing more than being a SIEM solution, [it] is very little out of the box reporting that is useful, no ability to dynamically adapt to a customers environment and no AI built into the appliance. At the end of the day, the biggest problem that this product suffers from is that it is expensive for the value provided. If you are looking for a SIEM that does nothing more than just be a SIEM and you have a dedicated team to run it, alien value is a great tool, unfortunately, that’s all it can do.
AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a clear presentation of alerts and allows you to drill down into an alert to determine detailed information for research. It is also customizable to create rules and send email notifications.
Pros
Behavioral monitoring
Vulnerability assessment
Intrusion detection
Cons
Creating custom rules is a bit complicated
Reporting could be improved
Agent has caused conflicts with a couple of our other applications
Likelihood to Recommend
If you don't have staff do dedicate solely to SIEM, AlienVault [OSSIM] is simple enough to get up and running and configure enough rules and notifications so that it does not require dedicated staff to constantly monitor. Vulnerability scanning has a lot to be desired - suggest using a system with more robust vulnerability scanning features.
VU
Verified User
Professional in Information Technology (201-500 employees)
Alien Vault is a great product, which I have used over at my previous job and had purchased and installed at my current position too. Alien Vault is being primarily used by the IT team, but since it protects our entire network benefits the business in its entirety. Once the team has overcome the initial flood of notifications and had fine-tuned the alerts, the product is great and you know that each alert requires investigation, which in the long run will help us mitigate issues with cybersecurity.
Pros
Monitoring and alerts are great, once fine-tuned.
The interface is as user friendly as it can be, considering what AlienVault does.
It is based off open source products and as such can be deployed for free (it is a bit more limited than the paid-for product, but still does the trick for small business owners).
Cons
Can be overwhelming when you first set it up.
Some of the terminology can be tricky to understand.
Could allow for a bit more log storage on its lower tiers of subscription.
Likelihood to Recommend
It is a great product for any size organization and scales very well as the company's demand increases. Because it is built on open source technology, its inner workings are more or less auditable by anyone that would like to so, it will be difficult to have back doors installed in the product. The alerts are great, you can also have them automatically perform actions, based on different scenarios.
It can be a bit pricey, but the support is great and well worth it for a medium to large enterprise.
VU
Verified User
Manager in Information Technology (501-1000 employees)
We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.
Pros
It integrates with a bunch of different platforms.
Collects tons of data from all integrated platforms provided the right level of logging is enabled.
Cons
The reports are clunky and a bit tedious to parse through.
Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.
Likelihood to Recommend
If you want a SIEM and you are a small-to mid-market organization getting security monitoring started, then this is a great SIEM for the money. It comes with a vulnerability scanner. While vulnerability scanners aren't all that expensive, this saves time and money by offering an industry-leading open-source version that enables managers to immediately start vulnerability management programs.
AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective threat detection, incident response, and compliance management, all done within a single appliance. The analysis is run in the background so we don't have to look at all the threats individually and research them from scratch.
Pros
Threat analysis. It can correlate different events happening to detect a pattern or an attack.
Dashboard provides a clean, single location to see what is going on in our environment.
Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.
Cons
Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
Navigation through the vulnerability scans is not ideal.
Asset management is also cumbersome to navigate through.
Likelihood to Recommend
AlienVault OSSIM is great for organizations that do not have a large staff and cannot afford to dedicate an entire person or group of people to deal with threats and monitoring the environment. The cost is also very reasonable for the amount of functionality of all the features we receive from the product.
Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but time and curiosity? I've set this up on my perimeters at each of my high schools and middle schools, and again at the district level. My goal is to watch the traffic and devices inside each building and also across the buildings. We use it daily to monitor for unusual activity, devices, or strange "stuff" on our network.
Pros
Scan network for anomalies once you've established a baseline.
Excellent job of showing unusual connections or file transfers
Excellent job of showing the health of network, congestions, etc.
Cons
It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
Likelihood to Recommend
AlienVault OSSIM is an excellent starter SIEM—you have a fully functioning SIEM in a few hours (installs in less than one, but takes a few to configure, based on your network). The insight you get, immediately is worth the time setting it up. If you are willing to invest some more time, you can fine tune it to really provide deep insight into your network. I really love that it is still free (was nervous when AT&T bought AlienVault).
Each of MyBuildings is routed back to the core - reduces overall traffic and adds one more layer to the network for security reasons. So having an "eye" in each building is necessary at this point. Not sure what I would do if I had to stop using them. The only other thing I plan on doing, in the process of rolling it out right now, is to add some netflow analysis.
OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs
Pros
SIEM - Curtail part of managing your alarms and events on the network
Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
GUI - The user interface is clean, and easy to use and customise
Cons
Data logging - Note this is available via their paid version USM
Plugins - More API plugins to aid the collection of logs form other security platforms
Threat Map - Did not appear to work
Likelihood to Recommend
OSSIM is suited for security researchers and system admins who want quick visibility of network activity and alerts they may have missed without the aid of Alien Vault OSSIM. After a setup that only takes around 15 to 30 minutes, you will be seeing network traffic and generating alarms on your dashboard making it fast and effective deployment.
AlienVault OSSIM is used in the organization as a log centralization tool and also as an event manager. We also use the feature of asset and availability management. The Netflow feature is also really helpful at diagnosing spikes of activity in the network, we also rely on it to detect suspicious activity.
Pros
Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
The tickets feature for handling alarms is really easy to use.
Cons
The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.
Likelihood to Recommend
If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.
AlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.
Pros
Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Cons
OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Likelihood to Recommend
The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.
