AlienVault OSSIM - very useful for threat hunting
January 10, 2022

AlienVault OSSIM - very useful for threat hunting

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with AlienVault OSSIM

AlienVault OSSIM is mostly useful for us to determine which machines are behind on patches and updates. And it is a necessary tool for threat hunting as it collects events from all machines.
  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.
  • Integration with a honeypot.
  • Event and log management.
  • Vulnerability scanning.
  • Graphical analysis and visualization.
  • Having all machines up to date.
  • Saving time when threat hunting.
  • Customized dashboards that allow us to know if we're compliant or not.

Do you think AlienVault OSSIM delivers good value for the price?

Not sure

Are you happy with AlienVault OSSIM's feature set?

Yes

Did AlienVault OSSIM live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of AlienVault OSSIM go as expected?

Yes

Would you buy AlienVault OSSIM again?

Yes

AlienVault OSSIM is very well suited for threat hunting. The ability to find all events and logs from all machines in one place saves a lot of time. It is also well suited for vulnerability scanning. The aspect that is lacking (or not obvious at least) is the integration with other security tools (like an antivirus for example).

AlienVault OSSIM Feature Ratings

Centralized event and log data collection
10
Correlation
6
Event and log normalization/management
8
Deployment flexibility
8
Integration with Identity and Access Management Tools
10
Custom dashboards and workspaces
10
Host and network-based intrusion detection
Not Rated
Log retention
8
Data integration/API management
Not Rated
Behavioral analytics and baselining
Not Rated
Rules-based and algorithmic detection thresholds
Not Rated
Response orchestration and automation
Not Rated
Reporting and compliance management
10
Incident indexing/searching
Not Rated