Skip to main content
TrustRadius
AlienVault OSSIM

AlienVault OSSIM

Overview

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…

Read more

Learn from top reviewers

Lego block SIEM

Rating: 6 out of 10
November 24, 2021
IncentivizedVetted Review
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments ...
Continue reading
Verified user
Executive
AlienVault OSSIM4 years of experience

Alienvault - the friend from another world

Rating: 8 out of 10
November 4, 2021
IncentivizedVetted ReviewVerified User
AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a ...
Continue reading
Verified user
Professional
AlienVault OSSIM5 years of experience

A dinosaur aging gracefully!

Rating: 7 out of 10
February 11, 2020
IncentivizedVetted ReviewVerified User
We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data fro...
Continue reading
John Keenan
Director - Information Technology
Director of Information Security
Memorial Hospital of Gulfport
AlienVault OSSIM2 years of experience

AlienVault OSSIM is the bomb!

Rating: 8 out of 10
October 15, 2019
IncentivizedVetted ReviewVerified User
AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective thre...
Continue reading
Laurie Keith
Manager - Information Technology
Help Desk Manager
Black Hills Federal Credit Union
AlienVault OSSIM4 years of experience

AlienVault OSSIM: Best Bang for Your Buck Hands Down!

Rating: 10 out of 10
October 9, 2019
IncentivizedVetted ReviewVerified User
Anyone who works in a K12 public school district knows you have just as many threats inside your network as outside. Think about it, what else do 7 through 12 graders have but...
Continue reading
Matthew Frederickson
Executive - Information Technology
Director of Information Technology
Council Rock School District
AlienVault OSSIM3 years of experience
Log in with LinkedIn to see content from your network
Return to navigation

Pricing

View all pricing
AlienVault OSSIM

AlienVault OSSIM

N/A
Unavailable

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

24 people also want pricing

Alternatives Pricing

AlienVault USM

AlienVault USM

$1,075
per month
What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

Microsoft Sentinel

Microsoft Sentinel

$2.46
per GB ingested
What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Return to navigation

Product Demos

Archie Webster - AlienVault OSSIM Demo

YouTube

Explore OSSIM - demo HIDS

YouTube

OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.5
Avg 7.8
Return to navigation

Product Details

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM
OSSIM provides the basis for AlienVault's proprietary Unified Security Management (USM) product.

It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault OSSIM Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

View all reviews
(1-5 of 6)

AlienVault OSSIM - very useful for threat hunting

Rating: 10 out of 10
Incentivized
January 10, 2022
Verified User
Technician in Information Technology
Information Technology & Services Company, 201-500 employees
Vetted Review
Verified User
AlienVault OSSIM
2 years of experience
Use Cases and Deployment Scope
AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.
Pros
  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.
Cons
  • Integration with a honeypot.
Likelihood to Recommend
AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).

AlienVault OSSIM is the bomb!

Rating: 8 out of 10
Incentivized
October 15, 2019
LK
Laurie Keith
Help Desk Manager
Black Hills Federal Credit Union (Banking, 201-500 employees)
Vetted Review
Verified User
AlienVault OSSIM
4 years of experience
Use Cases and Deployment Scope
AlienVault OSSIM is being used across the entire organization. We use the tools to assist in computer security, intrusion detection, and prevention. It provides effective threat detection, incident response, and compliance management, all done within a single appliance. The analysis is run in the background so we don't have to look at all the threats individually and research them from scratch.
Pros
  • Threat analysis. It can correlate different events happening to detect a pattern or an attack.
  • Dashboard provides a clean, single location to see what is going on in our environment.
  • Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.
Cons
  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Likelihood to Recommend
AlienVault OSSIM is great for organizations that do not have a large staff and cannot afford to dedicate an entire person or group of people to deal with threats and monitoring the environment. The cost is also very reasonable for the amount of functionality of all the features we receive from the product.

A robust yet lightweight SIEM in a single package

Rating: 9 out of 10
Incentivized
March 30, 2018
Use Cases and Deployment Scope
AlienVault OSSIM is our lightweight, open-souce option for SIEM and vulnerability assessment in our company and recommended for deployment in our clients. OSSIM, besides being open-sourced (hence, free of charge, although also free of support), is very flexible being mounted over a special Linux distro (Debian-based) and easily installable either on physical or virtual servers. Despite being a lighter version of the full-fledged AlienVault All-In-One solution, it's very much capable of handling daily maintenance and inspection IT tasks such as IDS (Intrusion Detection System), both network-based and hardware-based, SIEM correlation, Asset Discovery, and also includes the very useful AlienVault OTX (Open Threat Exchange) platform, allowing you and your organization to keep up to date in terms of threats and malicious devices worldwide that can affect your operations via open collaborative information.
Pros
  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
Cons
  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Likelihood to Recommend
The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.

Alienvault - the friend from another world

Rating: 8 out of 10
Incentivized
November 04, 2021
Verified User
Professional in Information Technology
Financial Services Company, 201-500 employees
Vetted Review
Verified User
AlienVault OSSIM
5 years of experience
Use Cases and Deployment Scope
AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a clear presentation of alerts and allows you to drill down into an alert to determine detailed information for research. It is also customizable to create rules and send email notifications.
Pros
  • Behavioral monitoring
  • Vulnerability assessment
  • Intrusion detection
Cons
  • Creating custom rules is a bit complicated
  • Reporting could be improved
  • Agent has caused conflicts with a couple of our other applications
Likelihood to Recommend
If you don't have staff do dedicate solely to SIEM, AlienVault [OSSIM] is simple enough to get up and running and configure enough rules and notifications so that it does not require dedicated staff to constantly monitor. Vulnerability scanning has a lot to be desired - suggest using a system with more robust vulnerability scanning features.

AlienVault OSSIM

Rating: 7 out of 10
Incentivized
December 01, 2018
SH
Scott Holland
CEO
Frontline Cyber Security Ltd (Computer & Network Security, 1-10 employees)
Vetted Review
Verified User
AlienVault OSSIM
1 year of experience
View profile
Use Cases and Deployment Scope
AlienVault OSSIM address's several business problems including but not limited to.
  • SIEM
  • Reporting
  • Asset management

OSSIM allows all this to be done form a single management platform saving time and money in having to use multiple platforms to complete daily tasks. With the OSSIM you will need a separate syslog server to allow the collection on logs
Pros
  • SIEM - Curtail part of managing your alarms and events on the network
  • Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
  • GUI - The user interface is clean, and easy to use and customise
Cons
  • Data logging - Note this is available via their paid version USM
  • Plugins - More API plugins to aid the collection of logs form other security platforms
  • Threat Map - Did not appear to work
Likelihood to Recommend
OSSIM is suited for security researchers and system admins who want quick visibility of network activity and alerts they may have missed without the aid of Alien Vault OSSIM. After a setup that only takes around 15 to 30 minutes, you will be seeing network traffic and generating alarms on your dashboard making it fast and effective deployment.
Return to navigation