AlienVault OSSIM

(15)
4.0 out of 5 stars

Alienvault OSSIM is an open source SIEM tool that contribute and receive real-time information about malicious hosts to help user increase security visibility and control in network.

Work for AlienVault OSSIM?

Learning about AlienVault OSSIM?

We can help you find the solution that fits you best.

AlienVault OSSIM Reviews

Ask AlienVault OSSIM a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • Industry
Ratings
Company Size
User Role
Industry
Showing 15 AlienVault OSSIM reviews
LinkedIn Connections
AlienVault OSSIM review by <span>Derek D.</span>
Derek D.
Validated Reviewer
Verified Current User
Review Source

"My AlienVault OSSIM review!"

What do you like best?

The best thing with this product is the fact you are really protected with this. You don't have to worry about intrusions and protection. It does garanty a good security for any company. The other thing I like with AlienVault OSSIM is the fact you can check the logs easily and manage your security issues. A really powerful product.

What do you dislike?

What I dont't really like about this product is the fact this is an open source product so it's not updated automatically. The second thing I don't like is the support It takes a lot of time to get a reply. The fact It's free you don't have any help to learn how to use it.

Recommendations to others considering the product

If you're looking for a free (Open Source) product and trust this product then you can give it a try and protect your little company with this.

What business problems are you solving with the product? What benefits have you realized?

In a little company I have solved many problems for security issues and management. You don't have to worry about dangerous things for the company because the product helps you with that.

Sign in to G2 Crowd to see what your connections have to say about AlienVault OSSIM
AlienVault OSSIM review by <span>Ivan M.</span>
Ivan M.
Validated Reviewer
Review Source

"Threat detection and management at the reach of your hands!"

What do you like best?

What I like most about AlienVault OSSIM is the fact that it covers many layers of the security overview in your company, be it small, medium or enterprise level. Not only you receive events and correlate those, you also detect for the presence of new assets, strange behaviours in netflows and have a handy asset availability manager integrated with it. You cover a lot with such a simple, straightforward integrated tool as this one is.

What do you dislike?

If you are low on resources for this virtual machine, you might find your entire hypervisor "hung" in resources, as this is a very resource-intensive application. When idle it's already taking at least 5 Gb of RAM. As with every SIEM tool, you must properly size the virtual machine in order to have the right resources to handle your events per second metric in your network. In order to properly size this solution on the enterprise, you should also do stress tests over this virtual machine to see if it will handle your EPM metric.

Recommendations to others considering the product

Always request a solution architect to properly size this solution for you. Thanks to that, you can realize the most benefits from the features this great solution has to offer.

What business problems are you solving with the product? What benefits have you realized?

After properly configured (installed agents, listening on traffic on your mirror port, etc), you realize the benefit of threat intelligence over the traffic you just captured in a matter of minutes. So if you're presenting this tool in a demo presentation/proof-of-concept setup, it's an easy sale because the customer will see its value while you're showing it. Also, thanks to the Open Threat Exchange cloud intelligence from AlienVault, from the very first minute you get your first logs captured, you can detect new attacks that have been detected elsewhere, with the extra benefit it comes for free.

What Security Information and Event Management (SIEM) solution do you use?

Thanks for letting us know!
AlienVault OSSIM review by <span>Jose Q.</span>
Jose Q.
Validated Reviewer
Review Source

"Great and Affordable Threat Detection for Free!"

What do you like best?

AlienVault is a simple yet powerful solution for advanced threat analysis and management. It can hold its own in scanning complex network topologies in different scenarios, and the OSSIM version is open source, which makes it more attractive for middle-tier enterprises since it's free. The installation is very easy as well, as it's the basic configuration.

What do you dislike?

Of course, being open sourced is a trade-off. In OSSIM there is no Reports module, the Logger feature (for long-term events storage) and you're limited in the amount of cross correlations. Also, of course, being that the OSSIM is open-source it's not Cloud-based.

Recommendations to others considering the product

AlienVault is a quite solid SIEM foundation for everybody's needs. It has a powerful threat detector, both in hardware (HIDS) and network (NIDS), that actively and passively intercepts intrusion attempts to your covered systems and notifies you in consequence. The OSSIM version has quite a punch despite being open source, allowing to define alerts, threat analysis and notifications, and it's entirely web-based, meaning you can operate it from any web browser that can access your appliance. And speaking of appliances, it can be deployed in a virtual environment as well, for more convenience.

What business problems are you solving with the product? What benefits have you realized?

AlienVault helps us to detect incoming threats almost in a weekly basis. The AlienVault OTX (Open-Threat Exchange), a sort of global threat forum in which the latest information on security is broadcasted (in "pulses"), always keeps us up to date and well informed of what's happening globally in terms of IT Security.

AlienVault OSSIM review by Administrator in Government Administration
Administrator in Government Administration
Validated Reviewer
Verified Current User
Review Source

"OSSIM Review"

What do you like best?

OSSIM is great as a starter SIEM. I feel that it offers a good interface for collecting and viewing logs over a tradition solution such as Syslog.

What do you dislike?

I don't dislike anything in particular, I think for a free options this is great. What I would point out is that it leaves some features to be desired, but if you want them then simply move up to their paid product AlienVault USM.

Recommendations to others considering the product

OSSIM will take more administration than using the paid product USM, however know their is a great open source community behind this product. Assistance is out there if you need it, and as you feel you need to upgrade you can go right to AlienVault USM which has both support and many additional features.

What business problems are you solving with the product? What benefits have you realized?

Log collection for appliances and servers. Basic reporting and alerting based on these logs. Vulnerability scanning and server agents to assist in log collection / vuln scanning.

AlienVault OSSIM review by <span>Rhett N.</span>
Rhett N.
Validated Reviewer
Review Source

"A good product for Open Source SIEM (OSSIM) "

What do you like best?

My company really liked Alien Vaults features. Items like Intrusion detection, which is very important this day and age with so many cyber threats. Behavioral monitoring which also helps with cyber threats. Lastly the thing we liked best was SIEM event connections.

What do you dislike?

There was not a lot that we didn't like, I think we preferred better Asset Discovery. Client support could have been a little better, it wasn't bad but could have been better.

Recommendations to others considering the product

I think it was a good product, my company went a different direction so I didn't have long term use of the product. I do believe it is headed in the right direction and it has all the basics.

What business problems are you solving with the product? What benefits have you realized?

We were using Alien Vault as extra cyber security protection a long with using it for SIEM event connections.

AlienVault OSSIM review by Administrator in Information Technology and Services
Administrator in Information Technology and Services
Validated Reviewer
Review Source

"BEST OPEN SOURCE NSM TOOL"

What do you like best?

EVERYTHING OPENSOURCE , get alert when incident is happen.

and the thing i like most is the OTX (Open Threat Exchange) that provide the info about latest virus,malware,and suspicious IP reputation details to prevents such threats in company premises to avoid the hazardous effect.Also get vulnerabilities report of every asset using alienvault in-built OPENVAS scanner.

What do you dislike?

only think is that threat intelligence not updated in open source so otherwise everything is cool for small scale companies.

And the other thing log management is not possible in OSSIM

and less documentation and support

Recommendations to others considering the product

BEST OPEN SOURCE TOOL FOR SECURITY MONITORING IN SMALL SCALE ENVIRONMENT.IF YOU HAVE BIG INFRASTRUCTURE AND WANT ALL IN ONE SOLUTION THEN GO WITH ALIENVAULT USM.

What business problems are you solving with the product? What benefits have you realized?

its resolve the network incidents that may impact the network availability by some anonymous users or company employees. It help to detect the INTERNAL as well as external threat that create huge business impact .

Kate from G2 Crowd

Learning about AlienVault OSSIM?

I can help.
* We monitor all AlienVault OSSIM reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.