We performed a comparison between AlienVault OSSIM and ArcSight Enterprise Security Manager (ESM) based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The connectivity and analytics are great."
"The pricing of the product is excellent."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Log aggregation and data connectors are the most valuable features."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The most valuable feature is the logging capability."
"There are a lot of people you will find using OSSIM since they are also offering OTX as a service"
"The dashboard is the solution's most valuable aspect. It brings everything into one central point where I can actually look at it and go, "Okay, I understand what's going on.""
"The solution is very stable. Compared to Qradar and Splunk, it's very stable."
"The initial setup is straightforward."
"The threat policies of the solution are always very advanced and the best in the market. They are very persistent in terms of keeping up with security protocols."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"Its user-friendliness is the most valuable. It is very easy to use and explore. The dashboard is very well packaged and integrated. You don't have to spend a lot of time in configuring it and checking out the RPM etc. It is also free and very powerful."
"It has absolutely improved the efficiency of our security team. We use it internally as well. It is such a powerful tool that our internal security team became a customer of our ArcSight managed service."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"Feature-rich solution which provides better network visibility for improved security"
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"I am satisfied with the solution's stability."
"It gives better overall visibility. Before, we didn't have a unified system for managing security alerts. ArcSight introduced various alerts, giving us a better visibility of potential problems."
"The tool sends an automated mail to all the operators, which makes it easy to share the information and reporting."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel's reporting is complex and can be more user-friendly."
"The troubleshooting has room for improvement."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The only thing is sometimes you can have a false positive."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"AlienVault OSSIM should improve the deployment and make it unified like the USM."
"The incidence reporting could be better."
"The correlation engine needs to be improved."
"They can add more compliance templates."
"AlienVault OSSIM is costly."
"The user interface needs to be friendlier across the board."
"There needs to be more support or some kind of training program so users can self-learn the system more effectively."
"HPE ArcSight has a quite steep learning curve."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"The analytics feature is not reliable and needs improvement for more detailed analysis."
"The customer experience could be improved."
"Deployment typology could be improved. Difficult to scale across all the different lines of businesses."
"The visualization is not very good compared to Splunk."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"ArcSight ESM is lacking cloud scalable technology."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews. AlienVault OSSIM is rated 7.4, while ArcSight Enterprise Security Manager (ESM) is rated 7.8. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". AlienVault OSSIM is most compared with Wazuh, Elastic Security, USM Anywhere, Splunk Enterprise Security and Fortinet FortiSIEM, whereas ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM. See our AlienVault OSSIM vs. ArcSight Enterprise Security Manager (ESM) report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.