A dinosaur aging gracefully!
February 10, 2020

A dinosaur aging gracefully!

John Keenan | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault OSSIM

We're currently on a migration path to eliminate AlienVault OSSIM but it was our only SIEM when I first arrived on location. We use it to collect and analyze security data from a variety of sources. Kind of like a receiver is used to merge audio sources from a bunch of disparate systems.
  • It integrates with a bunch of different platforms.
  • Collects tons of data from all integrated platforms provided the right level of logging is enabled.
  • The reports are clunky and a bit tedious to parse through.
  • Sometimes there's so much noise it's hard to tell what a true positive is. There are lots of false ones that trigger alerts but are normal behavior in many environments.
  • OSSIM and the installers didn't really help us optimize at installation. OSSIM went without optimization for almost two years before that fact was noticed. I think this decreased ROI.
  • Finding and researching incidents is much faster with all data available. Sometimes too much data, though.
I liked it but it seemed a bit pricey for our organization at the time in comparison to AlienVault.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.

Do you think AlienVault OSSIM delivers good value for the price?

Yes

Are you happy with AlienVault OSSIM's feature set?

Yes

Did AlienVault OSSIM live up to sales and marketing promises?

Yes

Did implementation of AlienVault OSSIM go as expected?

Yes

Would you buy AlienVault OSSIM again?

No

If you want a SIEM and you are a small-to mid-market organization getting security monitoring started, then this is a great SIEM for the money. It comes with a vulnerability scanner. While vulnerability scanners aren't all that expensive, this saves time and money by offering an industry-leading open-source version that enables managers to immediately start vulnerability management programs.

AlienVault OSSIM Feature Ratings

Centralized event and log data collection
8
Correlation
7
Event and log normalization/management
7
Deployment flexibility
6
Host and network-based intrusion detection
7