Overview
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified…
AlienVault OSSIM - very useful for threat hunting
Lego block SIEM
Alienvault - the friend from another world
A dinosaur aging gracefully!
AlienVault OSSIM is the bomb!
AlienVault OSSIM: Best Bang for Your Buck Hands Down!
AlienVault OSSIM
- SIEM
- Reporting
- Asset management
OSSIM allows all this to be …
A robust yet lightweight SIEM in a single package
A hands-on proper security solution!
Popular Features
- Centralized event and log data collection (9)9.494%
- Deployment flexibility (10)8.282%
- Event and log normalization/management (10)8.181%
- Correlation (10)7.070%
Pricing
What is AlienVault OSSIM?
OSSIM leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts. AlienVault OSSIM is an open source Security Information and Event Management (SIEM) product. It is a unified platform…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
23 people also want pricing
Alternatives Pricing
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
What is InsightIDR?
In addition to their incident response service, Rapid7 offers InsightIDR, a combined XDR and SIEM that provides user behavior and threat analytics.
Product Demos
Archie Webster - AlienVault OSSIM Demo
Explore OSSIM - demo HIDS
OSSIM Demo (5.1) - Improved Threat Detection, Security Visibility, and Usability
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 9.4Centralized event and log data collection(9) Ratings
Effectiveness of real-time centralized event and log data collection
- 7Correlation(10) Ratings
Correlation of logs and events to pinpoint significant threats
- 8.1Event and log normalization/management(10) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 8.2Deployment flexibility(10) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 9.3Integration with Identity and Access Management Tools(6) Ratings
Integration with access control tools like Active Directory and LDAP
- 9.4Custom dashboards and workspaces(9) Ratings
dashboards that can be customized to meet the needs of specific groups
- 9.2Host and network-based intrusion detection(9) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 5.3Data integration/API management(2) Ratings
Ease and quality of data integrations between SIEM and other systems
- 5.4Behavioral analytics and baselining(2) Ratings
How effectively activity and behavior baselines are established and maintained
- 5.3Rules-based and algorithmic detection thresholds(3) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 6.3Response orchestration and automation(2) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 8.4Reporting and compliance management(4) Ratings
Ease and quality of reporting and compliance functions
- 6.4Incident indexing/searching(3) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Tech Details
What is AlienVault OSSIM?
- Asset discovery
- Vulnerability assessment
- Intrusion detection
- Behavioral monitoring
- SIEM
It also leverages the power of the AlienVault Open Threat Exchange by allowing users to both contribute and receive real-time information about malicious hosts.
AlienVault OSSIM Video
AlienVault OSSIM Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(29)Community Insights
- Business Problems Solved
- Pros
- Cons
AlienVault OSSIM has proven to be an invaluable tool for organizations looking to centralize their logs and effectively manage security events. Users have praised its ability to collect and analyze security data from various sources, allowing them to monitor for unusual activity, devices, and potential threats on a daily basis. With its IDS capabilities, both network-based and hardware-based, AlienVault OSSIM has helped users detect and prevent suspicious activity on their networks.
The Netflow feature of AlienVault OSSIM has also been highly regarded by users. It enables them to diagnose spikes of activity in the network and detect any unusual behavior, aiding in the identification of potential threats. Additionally, the intelligent analytic engine of AlienVault OSSIM helps determine these potential threats with clear presentation of alerts and the ability to drill down for detailed information.
One of the key business problems that AlienVault OSSIM addresses is the need for a single management platform that combines SIEM, reporting, and asset management capabilities. Users have found this to be a significant time and money-saving aspect of the product as it eliminates the need for multiple tools. The customizable dashboard allows users to create rules and receive email notifications, enhancing their ability to effectively manage security incidents.
AlienVault OSSIM is commonly used by IT departments for a range of tasks including intrusion detection, asset discovery, SIEM correlation, and behavior analytics. It has proven particularly useful in identifying machines that are behind on patches and updates. Furthermore, it facilitates threat hunting by collecting events from all machines, providing a comprehensive view of potential security risks.
Overall, AlienVault OSSIM has garnered positive feedback from users who appreciate its log centralization capabilities, effective threat detection features, and comprehensive reporting and analytics capabilities. Its versatility in addressing multiple use cases makes it a valuable tool for organizations seeking to enhance their network security posture.
User-Friendly Installation Process: Many users have found that AlienVault OSSIM has a user-friendly installation process. Reviewers have mentioned that the software is self-contained in an ISO file, allowing for quick and easy deployment. They appreciate the automated installation process and options for customization, such as setting a static IP and configuring email messaging.
Seamless User Experience Across Devices: Several reviewers have praised AlienVault OSSIM's accessibility across different devices. The software can be accessed via a web browser on desktops, workstations, and mobile devices. Users have noted that the dashboard and other features automatically adapt to the device being used, providing a seamless and consistent user experience regardless of the platform.
Out-of-the-Box Configuration and Customization Options: Many reviewers have highlighted the out-of-the-box configuration of AlienVault OSSIM as well-suited for most environments, making the initial setup process straightforward. The included wizard provides a guided experience, enabling users to have the system up and running within a few hours. Additionally, users appreciate the ability to customize or add new widgets to tailor the monitoring experience according to their specific needs. This flexibility allows them to optimize their environment's monitoring capabilities efficiently.
Limited log management capabilities: Some users have mentioned that OSSIM lacks robust log management features compared to the full USM version. Several reviewers have expressed a desire for more comprehensive log management capabilities in OSSIM.
Absence of support for Cloud-based servers and apps: The lack of support for Cloud-based servers and applications in OSSIM has been noted as a limitation by multiple users. This feature, which is available in the USM version, could be beneficial for those who rely on cloud infrastructure.
Limited integration with third-party solutions: Integration with third-party solutions like BMC Remedy and ServiceNow is limited in OSSIM, leading to inconvenience for some users who heavily depend on these ITSM solutions. Although email alerts can emulate this functionality, several reviewers have expressed their dissatisfaction with the current level of integration.
Attribute Ratings
Reviews
(1-2 of 2)AlienVault OSSIM: Best Bang for Your Buck Hands Down!
- Scan network for anomalies once you've established a baseline.
- Excellent job of showing unusual connections or file transfers
- Excellent job of showing the health of network, congestions, etc.
- It only comes with 10 canned reports. These reports are good, but a little more flexibility would be nice. The data is stored in a database, so it is possible to roll your own reports, just very clunky.
- Log ingestion. The OSSIM product doesn't have a separate log server, so you either have to have a really, really beefy system to do both analysis and log ingestion, or just do log ingestion with something else.
- Aggregation of data. Actually, it does this really well, but if you have more then two sites, it can slow your analysis down a little.
Each of MyBuildings is routed back to the core - reduces overall traffic and adds one more layer to the network for security reasons. So having an "eye" in each building is necessary at this point. Not sure what I would do if I had to stop using them. The only other thing I plan on doing, in the process of rolling it out right now, is to add some netflow analysis.
- Centralized event and log data collection
- 90%9.0
- Correlation
- 70%7.0
- Event and log normalization/management
- 70%7.0
- Deployment flexibility
- 100%10.0
- Integration with Identity and Access Management Tools
- 90%9.0
- Custom dashboards and workspaces
- 80%8.0
- Host and network-based intrusion detection
- 100%10.0
- It's free, so a very positive impact. Most products out there are in the thousands of dollars, and for a K12 School District, money is always tight.
- It allowed me to actually gain invaluable insight.
FortiSIEM is an awesome package but it's more then I need (or can afford). I would need to add staff, for at least the first year or so, just to get it setup and configured correctly.
A robust yet lightweight SIEM in a single package
- Asset discovery. Once installed in a centric, network-accessible server, OSSIM can poll all your endpoints with common protocols (SSH, SNMP, WMI) to detect and discover site-wide assets to monitor. You only need to group them by your own criteria once added to the product.
- SIEM Event Correlation. You can define quite complex correlation rules to detect possible suspicious or malicious actions or attempts in your network, in order to categorize them as real threats or as false positives, thus streamlining your risk assessment and management.
- Ease of installation. The entire AlienVault OSSIM is self-contained in an ISO file, which can be burned into a DVD or just mounted in your server of choice (physical or virtual) for deployment. The installation process is automated and quote verbosed, with options for static IP, email messaging and others.
- Ease of access. Being AlienVault OSSIM a self-contained appliance, it can be accessed via web by any device that supports a web browser, being that desktops, workstation, mobile devices, etc. The OSSIM dashboard and other features are automatically rearranged to adapt to the particular device being in use.
- OSSIM, being an open source solution, lacks log management (a treat that the full USM has). Perhaps a feature to include a lightweight version inside the SIEM Correlation engine can be appreciated.
- The appliance also lacks support for Cloud-based servers and apps. This feature is also present in USM, so it's unlikely this will appear in OSSIM, but I'd suggest also a reduced version of it included in this appliance.
- More integration with third-party solutions such as BMC Remedy and ServiceNow, although this can be emulated through email alerts, as most ITSM solutions have the ability of converting incoming email messages into tickets.
- Centralized event and log data collection
- 80%8.0
- Correlation
- 80%8.0
- Event and log normalization/management
- 80%8.0
- Deployment flexibility
- 100%10.0
- Integration with Identity and Access Management Tools
- 80%8.0
- Custom dashboards and workspaces
- 70%7.0
- Host and network-based intrusion detection
- 100%10.0
- The ROI of OSSIM itself is, obviously, immediate, being that it's a free, open-source product. However, you must take into account other inherent investments to cover up for the lack of official support, such as certified agents or consultants that take care of the management and maintenance of the product once in production.
- On the other hand, the potential loss of information and interruption of operativity due to malware and other threats is really unmeasurable. The implicit savings in OSSIM as a SIEM (Security Information and Event Management) are really the major positive impact on your organization's revenue.
- Finally, and from a reseller's point of view, reselling OSSIM has the big plus of being a professional services-only asset, given that the appliance itself is free of charge. The only thing to consider is the initial investment in team members with the required capacitation and knowledge to address such professional services to potential customers.
- HIDS and NIDS agents
- Reporting
- Alarms
- SIEM Log Correlation