We just raised a $30M Series A: Read our story

AlienVault OSSIM OverviewUNIXBusinessApplication

AlienVault OSSIM is the #15 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to AT&T AlienVault USM: AlienVault OSSIM vs AT&T AlienVault USM

What is AlienVault OSSIM?

AlienVault OSSIM, Open Source Security Information and Event Management (SIEM), provides you with a feature-rich open source SIEM complete with event collection, normalization and correlation. Launched by security engineers because of the lack of available open source products, AlienVault OSSIM was created specifically to address the reality many security professionals face: A SIEM, whether it is open source or commercial, is virtually useless without the basic security controls necessary for security visibility.

AlienVault OSSIM is also known as OSSIM.

AlienVault OSSIM Buyer's Guide

Download the AlienVault OSSIM Buyer's Guide including reviews and more. Updated: October 2021

AlienVault OSSIM Customers

Council Rock School District

AlienVault OSSIM Video

Pricing Advice

What users are saying about AlienVault OSSIM pricing:
  • "The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this."
  • "AlienVault OSSIM is free."
  • "We are using the community version, which can be used for free."

AlienVault OSSIM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RJ
Director at a tech services company with 51-200 employees
Real User
Top 5
Very good out-of-the-box, pre-integrated features, which save us time

Pros and Cons

  • "Inbuilt IDS, inbuilt integration with threat intelligence platform and with vulnerability assessment modules."
  • "Lacking in depth of reporting."

What is our primary use case?

This product would typically be used by a client who would be looking at dipping his feet into the SIEM space and understanding how to go about setting up an SOC without putting in a large up-front investment. I'm the director of our company and we are partners with AlienVault. 

What is most valuable?

The solution offers great models with good integration and this is one of the out-of-the-box features which you're able to easily enable and get it up and running. It's a big plus for the product, because you don't have to bother your head about doing the integrations.

Other good features include an inbuilt IDS, an inbuilt integration with their own threat intelligence platform which is the OTX, and integration with the vulnerability assessment modules.

What needs improvement?

I believe this solution still has a way to go. From a management console perspective and the maturity of the dashboards, I would probably put it slightly behind some of the other players that have been in the market for ages. The leading vendors of SIEM already have a very mature user interface with evolved dashboards and reporting mechanisms. There is a lot of depth in that, but not everybody is looking for that. If your requirements are functional and you're looking for something that's easily deployable and simple to understand and manage, without the necessity of a very large team, I would choose this solution. 

An additional feature I'd like to see would be an increase in the depth of reporting. IBM has AI enabled dashboards which are supposed to be intuitive. They are difficult to configure and that's a problem, but they are very rich in terms of the information that they provide. There is a lot of granular detail and different ways in which you can slice and dice and present the same data. I would also like to see the product handle larger scale deployments and more third party integrations.

For how long have I used the solution?

I've been using this solution for three years. 

What do I think about the stability of the solution?

This is a stable solution. 

What do I think about the scalability of the solution?

It's scalable, but AlienVault is not an enterprise class solution in the sense that it cannot go beyond 15000 EPS, which limits the market that it can address. That's a drawback, but expansion might not be what the company wants and they're happy to remain in the 2000 to 3000 EPS range, in which case it's a great product for its market. 

How are customer service and technical support?

We don't use the support very much as we manage to deal with most issues in-house. The technical support they provide is okay. We haven't had too many problems but my reference point might be slightly slanted, because we don't have such a large installed base.

How was the initial setup?

The initial setup is relatively straightforward and doesn't take much time. AlienVault has its own vulnerability module and its own OTX feed. All of these are pre-integrated which makes for a speedy deployment. The issue is that these days nobody employs SIEM alone. It needs to be able to correlate information not only from its own data sources, but also from third-party data sources, like vulnerability tools, like threat intelligence feeds, like forensic data, and these third party integrations add to implementation time. Each situation is different and deployment time depends on the scale of the infrastructure. 

What other advice do I have?

Most of the SOC or SIEM enterprise class products are very expensive, whereas with OSSIM you can start out with a smaller setup and then expand as you wish. It's great because you get a pre-integrated, ready to run platform, which you can deploy. You don't have to bother about the integrations too much. This platform provides an adequate level of experience for that kind of an integrated intelligence gathering in any IT setup at a reasonable cost. It makes the entry easier for somebody who's not so well versed in these technologies and so on. I think that's the principal use case for AlienVault's product line.

Make sure to choose the right partner to do the implementation. It's important that they know and understand the technology. They should have a very good understanding of the tool as well as an understanding of the security and operations space so that they are able to deliver on what you want to achieve as an outcome. 

I would rate this solution an eight out of 10. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Sharad Agrawal
Co-Founder and Director - Information Technology at Techneow
Real User
Top 5
Good architecture, excellent threat policies, and very stable

Pros and Cons

  • "The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
  • "There needs to be more support or some kind of training program so users can self-learn the system more effectively."

What is our primary use case?

We implemented the solution for one of our client's e-commerce spaces. Our customer wanted to monitor the complete security posture. 

What is most valuable?

We really like the solution's architecture. There's a logon, clients, an agent, and then the server. All of these were deployed in a multilayer architecture.

The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols.

What needs improvement?

The pricing of the solution needs to be improved.

There needs to be more support or some kind of training program so users can self-learn the system more effectively.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability is quite good. There's no hindrance to the user. It's reliable and doesn't seem to have any bugs or glitches.

What do I think about the scalability of the solution?

The scalability is something I wouldn't be able to comment much on. Since it was on-premises setup, and there was no such dynamic need from the customer in terms of expanding.

There's a team of seven currently working on the solution. Our overall monitoring was divided into three sections. One is a network monitoring, and then there are apps monitoring and monitoring the storage.

We're not involved in the engagement anymore, so I haven't heard if the client has plans to increase usage, however, due to its general limited scalability as hardware, I don't think that they would.

How are customer service and technical support?

We were in touch with technical support a bit when we were doing the implementation. The training and knowledge they provided was minimal and usually through email. We struggled a bit.

Which solution did I use previously and why did I switch?

We were pretty limited to AlienVault with this particular client. They needed something on-premises and didn't want to look at cloud options. We've used QRadar and Sentinal in the past, however, for this customer, we decided AlienVault was best.

How was the initial setup?

The initial setup was a bit complex. That may have been multiplied by the fact that there was a lack of skills on the team. If they had more training, it probably would have been a bit easier or more straightforward.

Deployment took us almost two months, including having to set up all of the infrastructure for it. We worked with about 140 monitoring devices. It wasn't too large of a setup. The client wanted us to build and operate something a bit more modern than their older setup. We worked with them to set up a complete 24/7 soft center on-premise. 

The entire setup and deployment took about four months, and that included not just the IT part but the work area as well. We had to secure the room, put in power, supply air conditioners, etc. That's a pretty standard setup in terms of the physical space.

We had four people working on the deployment, one of which was a very senior professional with 20+ years of experience.

What about the implementation team?

We had one internal consultant who did the entire implementation for us.

What's my experience with pricing, setup cost, and licensing?

I'm not sure what the cost of the solution is. It may be in the ballpark of $60,000 to $100,000.

What other advice do I have?

We're just customers. We don't have a business relationship with the product.

We're using the enterprise edition of the solution, the MSSP edition, however, I'm unsure which version it is we're currently on.

Typically, we get requests for QRadar, AlienVault, or Sentinal. QRadar and AlienVault are the top choices for the most part, and we work with both. We try to accommodate our client's preferences.

I'd rate the solution overall at eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about AlienVault OSSIM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,984 professionals have used our research since 2012.
Jim Poehlman
Chief Wealth Cybersecurity Architect at PWcyber
Real User
Top 5
Free to use but doesn't offer many integrations and doesn't have technical support

Pros and Cons

  • "The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
  • "I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening."

What is our primary use case?

We primarily use the solution just to analyze events that occur based on security events.

How has it helped my organization?

I can't really discuss how this helps my organization. I'm running this from my home, so this is not a business I'm using it for. What I do is I log in infrequently to the device or to the service and I check and see if there's anything that's anomalous or anything that is of concern. 

What is most valuable?

The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on."

The solution works well and allows me to have visibility into anomalous events.

What needs improvement?

I'm not sure if there's anything on the solution that needs improvement.

I would like the solution to be able to integrate with my firewall, my IDS and my Honeypot solutions so that it can provide real-time reporting as things occur and then have alert sent to me on my phone when suspicious activity is happening.

For how long have I used the solution?

I've only been using the solution for about a year.

What do I think about the stability of the solution?

The solution is very stable. It runs well and there are no issues that I can see that would make me concerned about its stability. I haven't faced any bugs or crashes that would make me worry.

What do I think about the scalability of the solution?

The solution is largely scalable. I'd rate it at about a seven out of ten in terms of how well you can expand it. 

There is room for improvement, but that's only because it depends upon the data that's feeding in. You have to understand that it's a collector. It collects data, it analyzes data. It's only going to be as good as the data you give it.

How are customer service and technical support?

The solution is free to use and therefore doesn't offer technical support.

Which solution did I use previously and why did I switch?

I didn't previously use a different solution, at least not at my house.

How was the initial setup?

The initial setup was very straightforward. I didn't run into any problems or complexities at all.

I maintain the solution myself. It doesn't require a lot of maintenance or man-hours to keep it running properly.

What about the implementation team?

I didn't use a reseller or integrator to assist me. I was able to handle the process from beginning to end on my own.

What's my experience with pricing, setup cost, and licensing?

The solution is free to use.

Which other solutions did I evaluate?

I didn't evaluate any other options. I already knew enough about them, and this was the only free solution, which is why I chose it.

What other advice do I have?

I would advise others to not implement it for any enterprise-level organization. However, it would definitely be a good solution for a small business environment.

I would rate the solution five out of ten. It's free, so there isn't support, first of all. Second of all, it doesn't have all the integrations that I would hope for. And thirdly, because since AT&T bought them, I worry AT&T will ultimately destroy the product. I don't like AT&T.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
FJ
Research Assistant at a tech services company with 51-200 employees
Real User
Top 5
Integrates more easily than other SIEM solutions, however the GUI needs improvement

Pros and Cons

  • "Better than other SIEM solutions because almost everything can be integrated."
  • "GUI could be improved."

What is our primary use case?

Our primary use case is for research purposes. For now, we're just playing with it and there's a potential learning curve regarding use of AlienVault as an SIEM solution. We plan to analyze different open source solutions to test strengths and weaknesses. We are customers of AlienVault and I'm a research assistant. 

What is most valuable?

A very good feature of AlienVault OSSIM is that it has many domains that can be integrated from different solutions. For example, if we have a firewall and I want to connect it with the AlienVault OSSIM, there is already a grid affecting that. From that perspective, it's a very good solution in that almost everything can be integrated and that makes it better than other SIEM solutions.

The great thing is that the networking configuration features are good and integrations don't need to be done manually. Of course it's possible but there's an automatic option for configuring networks and there's a plug in for different kinds of solutions. Network security firewalls, IDS, and the like are things that already exist. 

What needs improvement?

The GUI could be improved, and the solution could include a specialization tool. The correlation engine and the scalability of this product should be improved. And then I think it also needs to have the grid potential because when we talk about SIEM it's not just a few machines, it's hundreds and that means thousands of logs so the product should be more easily scalable.

The features I would like to see included will take some time to implement because the solution is open source and these are promotional products. On a basic level I'd like to see an open source visualization tool or a commercial visualization tool. 

For how long have I used the solution?

I've been using this solution for one year. 

What do I think about the stability of the solution?

I'd say the stability of the solution is moderate. 

How are customer service and technical support?

The documentation provided was not sufficient, so we worked it out by ourselves. 

How was the initial setup?

The initial setup was not so easy, partly because the documentation was not up to date. You end up learning from your mistakes. Deployment took us more than six months.  We have an open source intrusion detection system which is connected to it and endpoint systems. We implemented by ourselves, there are two people in the company with expertise in this area. 

What other advice do I have?

Those who are looking for a solution like this one should first conduct a survey. There are other solutions which are quite capable of doing similar things, even open source solutions. If a company can afford a commercial solution, they should go for that rather than for an open source solution. It requires an expert to assess the situation. A small mistake can lead to a big problem; opensource is there for those who know what they're doing. 

If you're looking to add another feature, you need to have strong coding because tweaking them is not simple. I'm in a technical team so that's my perspective.

I would rate this solution a six out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Tamer Serag Ahmed
User at Besafe-tech
Consultant
Top 20
Data correlation and vulnerability assessment help protect our customers against malicious activity

Pros and Cons

  • "The most valuable features of this solution are the data correlation and vulnerability assessment."
  • "The price of this solution is very high and it could be cheaper."

What is our primary use case?

We are a solution provider and this is one of the products that we implement for our clients.

Our clients use this SIEM solution to collect and analyze logs that are generated by different appliances or different machines. It is a correlation tool for event management that gathers all of the events in your environment. This includes different hardware and different operating systems. There are rules in AlienVault that might be triggered based on the logs, and you can tell when there is a security attack or something else that is malicious that comes to your network. These types of events raise a flag and send a notification.

Our clients include banks and other financial institutions.

There are two versions of AlienVault. One is a community edition and the other requires a license. We are dealing with the licensed version and a hybrid-cloud environment.

What is most valuable?

The most valuable features of this solution are the data correlation and vulnerability assessment.

What needs improvement?

The price of this solution is very high and it could be cheaper. Normally it is sold to financial institutions, which is why it is high.

For how long have I used the solution?

I first implemented this solution in 2012, seven years ago.

What do I think about the stability of the solution?

This solution is very stable. It runs on a Linux box and you only interface with it through the GUI. It works behind the scenes. It has never crashed in the time that I have used it.

What do I think about the scalability of the solution?

Scalability is very good. It integrates with a number of other products, such as the help desk.

How are customer service and technical support?

Technical support for this solution is very good. They are now owned by AT&T Security, and their people do a pretty good job.

What about the implementation team?

We implement this solution for our customers.

We have a team of twenty engineers. Some work on infrastructure, while others handle security products. I am the head of the security team.

What's my experience with pricing, setup cost, and licensing?

There are two versions of AlienVault available. The Community Edition is free, and the other version requires a license. The licensing fees for the non-community edition are paid on an annual basis, and there are no costs in addition to this.

What other advice do I have?

There is a cloud version of this solution available, called AlienVault USM Anywhere, which defends data that is outside of the premises.

The OSSIM version is an open-source product, unlike AlienVault USM, or the cloud version, AlienVault USM Anywhere. You have to rely on the community for support. If you are a business or a bank or a financial institution then it would be better to go with the licensed version. You get support 24/7, while with the community you cannot find this support. On the other hand, an individual who is using it and can handle the issues should go with OSSIM because it's almost free. As long as you can handle problems, such as when it stops working, that you can fix over a couple of days or during the weekend, then it is fine. 

I would rate this solution a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
Solutions Architect - Team Lead at a computer software company with self employed
Reseller
Top 5
It is free, powerful, and user-friendly with a well-integrated dashboard

Pros and Cons

  • "Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
  • "They can add more compliance templates."

What is most valuable?

Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. 

It is also free and very powerful.

What needs improvement?

They can add more compliance templates.

For how long have I used the solution?

I have been using AlienVault OSSIM since 2015. 

What do I think about the stability of the solution?

It is a quite stable product.

What do I think about the scalability of the solution?

It is perfectly scalable. We have ten in-house users.

Which solution did I use previously and why did I switch?

I have used Splunk. AlienVault OSSIM and Splunk differ mainly in price. In Splunk, we need to do the correlation ourselves. Alienvault OSSIM is more user friendly. I don't have to learn a particular SQL language to do a query. It provides a new way of creating a query for any security event or management. 

How was the initial setup?

The initial setup is very straightforward. It doesn't take more than 15 minutes, and you are done.

We predominantly deploy it on-premises. We have a few deployments on the cloud, but our focus is primarily on the on-premises deployments.

What's my experience with pricing, setup cost, and licensing?

AlienVault OSSIM is free.

What other advice do I have?

It is a very good solution. It is already more than adequate. It is a perfectly nice and free tool for compliance testing, assessment, and some basic vulnerability. 

I would advise upgrading to its paid version, USM, to get more features. It's well worth the money because of the provided threat intelligence, support, and training. When you upgrade to the paid version, you enjoy all these features. OSSIM doesn't have all these features because it is a freeware. 

AlienVault OSSIM is backed up by AT&T Cybersecurity, which is a Fortune Top 20 company. When you upgrade to the paid version, you also get support from AT&T, which is good.

I would rate AlienVault OSSIM a nine out of ten. I'm very happy with this solution. It is a great product.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
KB
System Administrator at a marketing services firm with 10,001+ employees
Real User
Top 10
Customizable dashboards and reports, offers abnormal behavior detection, and the support is good

Pros and Cons

  • "You can customize the dashboards as well as the reporting."
  • "The documentation could be improved."

What is our primary use case?

We are using AlienVault for vulnerability scanning and detecting abnormal behavior.

What is most valuable?

This product is easy to use.

The support is very good and they offer managed services.

The dashboards are good. You can customize the dashboards as well as the reporting.

What needs improvement?

There needs to be more focus on the NOC and IIS in terms of developing applications for behavior detection.

The backup features use a lot of storage space.

The documentation could be improved.

Asset management and filtering are in need of fine-tuning and enhancement.

For how long have I used the solution?

I have been working with AlienValut since 2018.

What do I think about the stability of the solution?

AlienValut is a very stable product.

How are customer service and technical support?

The technical support is perfect.

Which solution did I use previously and why did I switch?

I have worked with LogRhythm in the past, since 2015, and I find that AlienVault is a better product. We are facing a technical issue with LogRhythm, as it is still used in other parts of our organization. I am looking to finalize and unify the solution.

We needed better detection to give us information from the IS about geography or abnormal behavior that is breaching our security. Most of our products are web applications and this is important to us. 

Which other solutions did I evaluate?

We are currently looking into implementing a PoC for either ManageEngine or FortiSIEM.

What other advice do I have?

My advice to anybody who is considering AlienVault is to implement a proof of concept to ensure that it meets their requirements. A PoC should be done before settling on any product.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Midhun Kumar
Head of Infrastructure at Pearl Data Direct
Real User
Top 5Leaderboard
Community forums provide good support, but it is not user-friendly and the correlation engine needs improvement

Pros and Cons

  • "The most valuable feature is the logging capability."
  • "The correlation engine needs to be improved."

What is our primary use case?

We are using this solution for collecting logs. We are not correlating or assessing any user behavior analytics (UBA). 

What is most valuable?

The most valuable feature is the logging capability.

What needs improvement?

The correlation engine needs to be improved.

The interface is not user-friendly, which is an area for improvement.

For how long have I used the solution?

I have been using this solution for one year.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

This is certainly a scalable product.

How are customer service and technical support?

The Community version does not have any technical support.

We have been able to resolve some issues through the community forums.

Which solution did I use previously and why did I switch?

Previously, we did not use another similar product.

What's my experience with pricing, setup cost, and licensing?

We are using the community version, which can be used for free.

Which other solutions did I evaluate?

We have decided to implement a fully-featured SIEM solution that has all of the features, including UBA.

What other advice do I have?

Because we are using the community version, we were unable to explore features such as behavior analytics.

I would rate this solution a five out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free AlienVault OSSIM Report and get advice and tips from experienced pros sharing their opinions.