AlienVault OSSIM was an open source Security Information and Event Management (SIEM). AlienVault was acquired by AT&T Cybersecurity, now LevelBlue, and OSSIM is no longer available for sale.
N/A
FortiSIEM
Score 7.6 out of 10
N/A
Fortinet offers security information and event management via FortiSIEM, their product line featuring asset discovery and rapid assessment for location of threat and their remediation.
N/A
Pricing
AlienVault OSSIM (discontinued)
FortiSIEM
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
AlienVault OSSIM (discontinued)
FortiSIEM
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
AlienVault OSSIM (discontinued)
FortiSIEM
Features
AlienVault OSSIM (discontinued)
FortiSIEM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
AlienVault OSSIM (discontinued)
7.5
Ratings
3% below category average
FortiSIEM
5.3
Ratings
37% below category average
Centralized event and log data collection
9.40 Ratings
6.00 Ratings
Correlation
6.90 Ratings
7.00 Ratings
Event and log normalization/management
8.10 Ratings
6.00 Ratings
Deployment flexibility
8.20 Ratings
3.00 Ratings
Integration with Identity and Access Management Tools
The most obvious scenario in which OSSIM is well suited is in a single office/home office (SOHO) or small business, in which budget is reduced but asset discovery and vulnerability management are greatly needed and appreciated. OSSIM is lightweight and free, so the real challenge to face is to hire or assign an administrator to manage and operate it, instead of any investment on an expensive appliance. Also, as resellers, promoting usage of OSSIM to customers charging for professional services for installation, administration, and maintenance (remember that OSSIM doesn't have official support from AlienVault) is a great asset for the organization.
If budget is an issue then Fortisiem fits well, as it's more than a typical SIEM solution. It can integrate with environmental monitoring systems, UPS HVAC etc. It can be used as the CMDB solution etc. If fine-tuned and looked after it can actually bring a lot of value for less.
The reporting feature is confusing, e.g. you have to click on the "refresh" button to get the result of your inquiry. The report generation process can be much easier, as the user interaction is not pleasant.
AlienVault OSSIM is far easy to use and manage - provided you know what you're doing. As any SIEM application, there is some background knowledge required in order to take advantage of the product's functionalities, such as the log correlation and analysis. Other than that, the application is quite usable and robust.
Everything is done through MSSP and installation pro services. Once those hours are burned up, then you're on your own without a lot of help. Typically the pro services hours aren't enough to get past 60 days and MSSP are hit and miss. We had a miss for installation helpers.
AlienVault OSSIM as the first experience with a SIEM is very fine, especially if your company is an SMB. Every SIEM shares some features in common with other products, features such as log retrieval and normalization. So if you stick with principles, you can learn other SIEM products as well. If your environment is not of a minimum size, LogRhythm might be overkill for your network, same with McAfee Enterprise Security Manager.
OSSIM and the installers didn't really help us optimize at installation. OSSIM went without optimization for almost two years before that fact was noticed. I think this decreased ROI.
Finding and researching incidents is much faster with all data available. Sometimes too much data, though.
