Skip to main content
TrustRadius
AlienVault OSSIM

AlienVault OSSIM

Overview

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…

Read more
Recent Reviews

TrustRadius Insights

AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security …
Continue reading
TrustRadius Insights
TrustRadius Insights

Lego block SIEM

6 out of 10
November 24, 2021
Incentivized
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. …
Continue reading
Read all reviews

Popular Features

View all 13 features
  • Centralized event and log data collection (10)
    9.4
    94%
  • Deployment flexibility (11)
    8.2
    82%
  • Event and log normalization/management (11)
    8.1
    81%
  • Correlation (11)
    7.0
    70%
Return to navigation

Pricing

View all pricing
AlienVault OSSIM

AlienVault OSSIM

N/A
Unavailable

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

23 people also want pricing

Alternatives Pricing

AlienVault USM

AlienVault USM

$1,075
per month
What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

InsightIDR

InsightIDR

$5.89
per month per asset
What is InsightIDR?

In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.

Return to navigation

Product Demos

Archie Webster - AlienVault OSSIM Demo

YouTube

Explore OSSIM - demo HIDS

YouTube

OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.5
Avg 7.8
Return to navigation

Product Details

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM
OSSIM provides the basis for AlienVault's proprietary Unified Security Management (USM) product.

It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault OSSIM Video

AlienVault® USM vs. OSSIM™

AlienVault OSSIM Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(30)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.

The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.

One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.

AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.

Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.

User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.

Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.

Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.

Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.

Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.

Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
January 10, 2022

AlienVault OSSIM - very useful for threat hunting

Verified User
Technician in Information Technology
Information Technology & Services Company, 201-500 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.
Pros and Cons
  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.
  • Integration with a honeypot.
Likelihood to Recommend
AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).
Most Important Features
  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (14)
50%
5.0
Centralized event and log data collection
100%
10.0
Correlation
60%
6.0
Event and log normalization/management
80%
8.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
100%
10.0
Custom dashboards and workspaces
100%
10.0
Host and network-based intrusion detection
N/A
N/A
Log retention
80%
8.0
Data integration/API management
N/A
N/A
Behavioral analytics and baselining
N/A
N/A
Rules-based and algorithmic detection thresholds
N/A
N/A
Response orchestration and automation
N/A
N/A
Reporting and compliance management
100%
10.0
Incident indexing/searching
N/A
N/A
Return on Investment
  • Having all machines up to date.
  • Saving time when threat hunting.
  • Customized dashboards that allow us to know if we're compliant or not.
November 24, 2021

Lego block SIEM

Verified User
Executive in Engineering
Computer & Network Security Company, 51-200 employees
Score 6 out of 10
Vetted Review
ResellerIncentivized
Use Cases and Deployment Scope
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. The scope was to support environments from a security perspective collecting logs and generating reports and analytics for the purposes of IT security. This included custom reporting, leveraging on-premises appliances and delivery is security as a service.
Pros and Cons
  • Collection of logs
  • Pricing
  • Ability to customize reports
  • Out of the box reporting
  • Correlation of events
  • AI
Likelihood to Recommend
AlienVault is a good SIEM tool in general, it can collect logs, has the ability to create custom reports for the data that it gathers from both windows systems and networking devices, and the reports with some amount of finessing can look as good as the organization spends time on them. The problem is that alien vault past these great abilities falls short on doing anything else, it is an archaic SIEM solution that does nothing more than being a SIEM solution, [it] is very little out of the box reporting that is useful, no ability to dynamically adapt to a customers environment and no AI built into the appliance. At the end of the day, the biggest problem that this product suffers from is that it is expensive for the value provided. If you are looking for a SIEM that does nothing more than just be a SIEM and you have a dedicated team to run it, alien value is a great tool, unfortunately, that’s all it can do.
Most Important Features
  • Custom reporting
  • Log collection
  • Analytics
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (14)
62.142857142857146%
6.2
Centralized event and log data collection
90%
9.0
Correlation
50%
5.0
Event and log normalization/management
50%
5.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
60%
6.0
Custom dashboards and workspaces
90%
9.0
Host and network-based intrusion detection
50%
5.0
Log retention
90%
9.0
Data integration/API management
50%
5.0
Behavioral analytics and baselining
30%
3.0
Rules-based and algorithmic detection thresholds
30%
3.0
Response orchestration and automation
60%
6.0
Reporting and compliance management
90%
9.0
Incident indexing/searching
50%
5.0
Return on Investment
  • Costly appliances with low ROI
Alternatives Considered
Originally my organization leveraged alien value due to the lower cost of entry and ability to manage it as a service provider. Unfortunately, after several years of working with this tool, it became unwieldy to use as it felt that almost every useful report had to be created by hand. As other tools have come out with the ability to do automated responses such as Stellar Data processor, we have begun to evaluate alternatives.
November 04, 2021

Alienvault - the friend from another world

Verified User
Professional in Information Technology
Financial Services Company, 201-500 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
AlienVault [OSSIM] is being used across the entire organization. It has an intelligent analytic engine to determine potential threats in our network. The dashboard provides a clear presentation of alerts and allows you to drill down into an alert to determine detailed information for research. It is also customizable to create rules and send email notifications.
Pros and Cons
  • Behavioral monitoring
  • Vulnerability assessment
  • Intrusion detection
  • Creating custom rules is a bit complicated
  • Reporting could be improved
  • Agent has caused conflicts with a couple of our other applications
Likelihood to Recommend
If you don't have staff do dedicate solely to SIEM, AlienVault [OSSIM] is simple enough to get up and running and configure enough rules and notifications so that it does not require dedicated staff to constantly monitor. Vulnerability scanning has a lot to be desired - suggest using a system with more robust vulnerability scanning features.
Most Important Features
  • Event log collection
  • Behavioral monitoring
  • SIEM event correlation
AlienVault OSSIM Feature Ratings
Security Information and Event Management (SIEM) (14)
68.57142857142857%
6.9
Centralized event and log data collection
80%
8.0
Correlation
80%
8.0
Event and log normalization/management
80%
8.0
Deployment flexibility
80%
8.0
Integration with Identity and Access Management Tools
80%
8.0
Custom dashboards and workspaces
80%
8.0
Host and network-based intrusion detection
90%
9.0
Log retention
60%
6.0
Data integration/API management
60%
6.0
Behavioral analytics and baselining
80%
8.0
Rules-based and algorithmic detection thresholds
70%
7.0
Response orchestration and automation
N/A
N/A
Reporting and compliance management
50%
5.0
Incident indexing/searching
70%
7.0
Return on Investment
  • Satisfied audit needs
  • Increased security visibility in our network
  • Up to date on current threats
Alternatives Considered
We did not evaluate or use any other product previous to AlienVault [OSSIM]. We had a specific need to meet our audit requirements and AlienVault [OSSIM] provided all the features needed as well as being simple enough to deploy without any dedicated staff. Real-time alerts from custom rules gives us a heads-up immediately to investigate any threat.
Return to navigation