TrustRadius Insights
AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security …
Overview
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…
Recent Reviews
Popular Features
- Centralized event and log data collection (10)9.494%
- Deployment flexibility (11)8.282%
- Event and log normalization/management (11)8.181%
- Correlation (11)7.070%
Pricing
N/A
Unavailable
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
22 people also want pricing
Alternatives Pricing
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Product Demos
Archie Webster - AlienVault OSSIM Demo
YouTube
Explore OSSIM - demo HIDS
YouTube
OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability
YouTube
Features
Return to navigation
Product Details
- About
- Tech Details
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.
- Asset discovery
- Vulnerability assessment
- Intrusion detection
- Behavioral monitoring
- SIEM
It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.
AlienVault OSSIM Video
AlienVault® USM vs. OSSIM™
AlienVault OSSIM Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(30)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.
The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.
One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.
AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.
Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.
User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.
Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.
Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.
Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.
Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.
Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.
Attribute Ratings
Reviews
(1-8 of 8)Companies can't remove reviews or game the system. Here's why
November 24, 2021
Lego block SIEM
- Datadog, Splunk Enterprise Security (SIEM), Azure Sentinel, IntSights Cyber Intelligence, from Rapid7 and Stellar Data Recovery & Erasure
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
November 04, 2021
Alienvault - the friend from another world
We did not evaluate or use any other product previous to AlienVault [OSSIM]. We had a specific need to meet our audit requirements and AlienVault [OSSIM] provided all the features needed as well as being simple enough to deploy without any dedicated staff. Real-time alerts from custom rules gives us a heads-up immediately to investigate any threat.
February 11, 2020
A dinosaur aging gracefully!
I liked it but it seemed a bit pricey for our organization at the time in comparison to AlienVault.
October 15, 2019
AlienVault OSSIM is the bomb!
We have not used any other products similar to AlienVault so I do not have anything to compare it to. We did look at a few others when first purchasing, but at this point, I do not recall what they were.
October 09, 2019
AlienVault OSSIM: Best Bang for Your Buck Hands Down!
Best bang for the buck. Darktrace did not perform even close to AlienVault. I ran them concurrently. AlienVault consistently found issues that Darktrace didn't pick up, and the Darktrace incidents were false positives. At one point, Darktrace stated I had 2,000 servers and I have 112.
FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
December 01, 2018
AlienVault OSSIM
OSSIM is the free version of the Alien Vault USM and comes packed with most of the features you will need to get going. Like most free to use products, it is missing aspects that make the use of the product much more productive.
As an example, you will need a separate system for log storage, as the OSSIM does not have storage like the USM does, making the setup a little longer and more systems needed to make it work.
As an example, you will need a separate system for log storage, as the OSSIM does not have storage like the USM does, making the setup a little longer and more systems needed to make it work.
March 30, 2018
A robust yet lightweight SIEM in a single package
AlienVault OSSIM has the upper ante in initial deployment price, being that it's open source. Also, with perhaps the exception of SolarWinds, it has a lower optimal requirements for onsite deployment, hence your OPEX won't be hit very hard by investing in new hardware to suit the appliance. The correlation engine is somewhat more robust that their counterparts in LogRhythm and SolarWinds, and the IDS (both NIDS and HIDS) are more reliable as well in terms of results. Finally, although Tenable SecurityCenter is more robust in dashboards, alerts and reports, it comes short in front of OSSIM in terms of real-time IDS and SIEM correlation.
March 14, 2018
A hands-on proper security solution!
AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.