AlienVault OSSIM

AlienVault OSSIM

AlienVault OSSIM

Overview

Recent Reviews

Lego block SIEM

6 out of 10
November 24, 2021
As an organization, we leveraged alien vault as a SIEM solution for ourselves and also as a managed services offering for our customers. …
Continue reading

High Quality SIEM (plus more)

9 out of 10
July 21, 2021
Alien Vault is a great product, which I have used over at my previous job and had purchased and installed at my current position too. …
Continue reading

Popular Features

View all 13 features

Custom dashboards and workspaces (16)

9.3
93%

Deployment flexibility (11)

8.6
86%

Event and log normalization/management (18)

8.3
83%

Correlation (11)

7.9
79%

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of AlienVault OSSIM, and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

5 people want pricing too

Alternatives Pricing

What is Nessus?

Tenable headquartered in Columbia offers Nessus, a vulnerability scanning and security assessment solution used to analyze an entity's security posture, vulnerability testing, and provide configuration assessments.

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate…

Features Scorecard

Security Information and Event Management (SIEM)

7.8
78%

Product Details

What is AlienVault OSSIM?

OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform providing:
  • Asset discovery
  • Vulnerability assessment
  • Intrusion detection
  • Behavioral monitoring
  • SIEM
OSSIM provides the basis for AlienVault's proprietary Unified Security Management (USM) product.

It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.

AlienVault OSSIM Video

AlienVault® USM vs. OSSIM™

AlienVault OSSIM Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Reviews and Ratings

 (25)

Ratings

Reviews

(1-11 of 11)
Companies can't remove reviews or game the system. Here's why
November 24, 2021

Lego block SIEM

Score 6 out of 10
Vetted Review
Reseller
Review Source
  • Collection of logs
  • Pricing
  • Ability to customize reports
  • Out of the box reporting
  • Correlation of events
  • AI
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • Monitoring and alerts are great, once fine-tuned.
  • The interface is as user friendly as it can be, considering what AlienVault does.
  • It is based off open source products and as such can be deployed for free (it is a bit more limited than the paid-for product, but still does the trick for small business owners).
  • Can be overwhelming when you first set it up.
  • Some of the terminology can be tricky to understand.
  • Could allow for a bit more log storage on its lower tiers of subscription.
John Keenan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
  • It integrates with a bunch of different platforms.
  • Collects tons of data from all integrated platforms provided the right level of logging is enabled.
  • The reports are clunky and a bit tedious to parse through.
  • Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.
Score 8 out of 10
Vetted Review
Verified User
Review Source
  • Threat analysis. It can correlate different events happening to detect a pattern or an attack.
  • Dashboard provides a clean, single location to see what is going on in our environment.
  • Up to date open threat exchange means everything new popping up out there is included and watched for in our environment.
  • Reporting is not the greatest. I had internal developers take data and create some reports that better fit my needs.
  • Navigation through the vulnerability scans is not ideal.
  • Asset management is also cumbersome to navigate through.
Score 10 out of 10
Vetted Review
Verified User
Review Source
  • Scan network for anomalies once you've established a baseline.
  • Excellent job of showing unusual connections or file transfers
  • Excellent job of showing the health of network, congestions, etc.
  • It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
  • Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
  • Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
Score 9 out of 10
Vetted Review
Verified User
Review Source
  • Being a part of the Open Source community, open source tools are always a big plus for me.
  • Being a simple straightforward tool, it does a great job especially with the asset management piece built into it.
  • Straightforward
  • Open Threat Exchange(OTX) gives a straightforward live threat intel feed to work off.
  • It's a free product! Yes, it doesn't have all the capabilities of the USM anywhere, but it does a great job. Can't really complain.
December 01, 2018

AlienVault OSSIM

Scott Holland | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
  • SIEM - Curtail part of managing your alarms and events on the network
  • Reporting - Ability to complete one click reporting for most compliance needs saving time and resources
  • GUI - The user interface is clean, and easy to use and customise
  • Data logging - Note this is available via their paid version USM
  • Plugins - More API plugins to aid the collection of logs form other security platforms
  • Threat Map - Did not appear to work
Jose Quintero | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Reseller
Review Source
  • Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
  • SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
  • Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
  • Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
  • OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
  • The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
  • More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
Ivan Montilla Miralles | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
  • Most of the configuration comes out-of-the-box suited for most environments. Setting it up is really easy, with the wizard, you can have it working in less than 3 hours of deployment, without counting asset installation.
  • Out-of-the-box dashboards are really useful. You can modify or add new widgets to suit your needs, but you'll most likely agree with what already comes configured.
  • The tickets feature for handling alarms is really easy to use.
  • The correlation directives that come out of the box are very few. I understand more correlation directives are a premium product, but one can hardly see the value of having very few. It makes new customers think they will not get better directives when they switch to the full USM or USM Anywhere.
  • Same with reports, the few reports it comes out of the box can be retrieved using other tools that are better prepared for the task. I understand that compliance reports aren't free, but at least I'd expect more security reports.
  • The OTX tab in dashboards sometimes takes too long to load, even if you have a fast internet and plenty of resources in the VM.