AlienVault OSSIM

AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).

AlienVault is a good SIEM tool in general, it can collect logs, has the ability to create custom reports for the data that it gathers from both windows systems and networking devices, and the reports with some amount of finessing can look as good as the organization spends time on them. The problem is that alien vault past these great abilities falls short on doing anything else, it is an archaic SIEM solution that does nothing more than being a SIEM solution, [it] is very little out of the box reporting that is useful, no ability to dynamically adapt to a customers environment and no AI built into the appliance. At the end of the day, the biggest problem that this product suffers from is that it is expensive for the value provided. If you are looking for a SIEM that does nothing more than just be a SIEM and you have a dedicated team to run it, alien value is a great tool, unfortunately, that’s all it can do.

If you don't have staff do dedicate solely to SIEM, AlienVault [OSSIM] is simple enough to get up and running and configure enough rules and notifications so that it does not require dedicated staff to constantly monitor. Vulnerability scanning has a lot to be desired - suggest using a system with more robust vulnerability scanning features.

It is a great product for any size organization and scales very well as the company's demand increases. Because it is built on open source technology, its inner workings are more or less auditable by anyone that would like to so, it will be difficult to have back doors installed in the product. The alerts are great, you can also have them automatically perform actions, based on different scenarios.
It can be a bit pricey, but the support is great and well worth it for a medium to large enterprise.

If you want a SIEM and you are a small-to mid-market organization getting security monitoring started, then this is a great SIEM for the money. It comes with a vulnerability scanner. While vulnerability scanners aren't all that expensive, this saves time and money by offering an industry-leading open-source version that enables managers to immediately start vulnerability management programs.

AlienVault OSSIM is great for organizations that do not have a large staff and cannot afford to dedicate an entire person or group of people to deal with threats and monitoring the environment. The cost is also very reasonable for the amount of functionality of all the features we receive from the product.

AlienVault OSSIM is an excellent starter SIEM—you have a fully functioning SIEM in a few hours (installs in less than one, but takes a few to configure, based on your network). The insight you get, immediately is worth the time setting it up. If you are willing to invest some more time, you can fine tune it to really provide deep insight into your network. I really love that it is still free (was nervous when AT&T bought AlienVault).

Each of MyBuildings is routed back to the core - reduces overall traffic and adds one more layer to the network for security reasons. So having an "eye" in each building is necessary at this point. Not sure what I would do if I had to stop using them. The only other thing I plan on doing, in the process of rolling it out right now, is to add some netflow analysis.

Small, medium or large, every company can benefit from this tool. Even if you decide to supplement your existing SIEM this is the way to go and chances are you might end up switching to this as your primary.

OSSIM is suited for security researchers and system admins who want quick visibility of network activity and alerts they may have missed without the aid of Alien Vault OSSIM. After a setup that only takes around 15 to 30 minutes, you will be seeing network traffic and generating alarms on your dashboard making it fast and effective deployment.

The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.

If this is your first experience with a SIEM, this one can get you started. Take the time to learn the ins and outs of the product and you'll most likely be satisfied with it if your company is an SMB. If you need compliance reports, OSSIM is too small for you, you'll need to go with USM or USM Anywhere.