We performed a comparison between AlienVault OSSIM and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Sentinel pricing is good"
"The Log analytics are useful."
"Log aggregation and data connectors are the most valuable features."
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to critical events, and awareness of the whole network."
"AlienVault OSSIM's GUI is very user-friendly."
"The tool's security detection is good. It helps us with login tracking and generating reports. We aim to identify potential issues, such as brute-force attacks on user accounts or server-level anomalies. For instance, if I receive a report indicating a server is at an abnormal level, I investigate and address the issue."
"The initial setup was straightforward. I didn't have any problems."
"The solution is free to use."
"You can customize the dashboards as well as the reporting."
"The most valuable feature is the logging capability."
"You pay monthly for the solution. I think it's one of the best products. If you compare with other companies, like LogRhythm, etc., the top 8 or 10 CMs, I think Alien Vault has the best price-performance ratio."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The scalability is good. It can be scaled easily in the production environment."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The correlation engine needs to be improved."
"AlienVault OSSIM is costly."
"The documentation could be improved."
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated. Additionally, they need to improve their integration."
"The user interface could be improved."
"The price of this solution is very high and it could be cheaper."
"It's under heavy traffic. If you have heavy traffic, the system is slow."
"AlienVault OSSIM’s configuration and integration could be a little easier."
"The biggest challenge has been related to the implementation."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Technical support could respond faster."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
AlienVault OSSIM is ranked 14th in Security Information and Event Management (SIEM) with 27 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews. AlienVault OSSIM is rated 7.4, while Elastic Security is rated 7.6. The top reviewer of AlienVault OSSIM writes "An easy-to-scale open-source solution used for monitoring events on devices ". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". AlienVault OSSIM is most compared with Wazuh, USM Anywhere, Splunk Enterprise Security, Fortinet FortiSIEM and AWS Security Hub, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and Graylog. See our AlienVault OSSIM vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.