Professional Documents
Culture Documents
AlienVault OSSIM vs. Wazuh Report From PeerSpot 2023-07-02 1rnl
AlienVault OSSIM vs. Wazuh Report From PeerSpot 2023-07-02 1rnl
vs
Wazuh
Note that this is a generic report based on reviews and opinions from the entire PeerSpot
community. We offer a customized report personalized for you based on:
• Your industry
• Company size
• Which solutions you're already considering
It includes recommendations for you based on what other people like you are researching and
using.
It takes 2-3 minutes to get the report using our shortlist builder wizard. We recommend it!
2
AlienVault OSSIM and Wazuh
Contents
Overview 12
Vendor Directory 19
Top Security Information and Event Management (SIEM) 5 Solutions by Ranking Factor 23
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
3
AlienVault OSSIM and Wazuh
AlienVault OSSIM
PROS
"The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation." [Full Review]
Steven
Sheehy
Khadija
Salam Saleh
Al-Harrasi
"The most valuable features of AlienVault OSSIM are vulnerability assessment, network intrusion detection system, response to
critical events, and awareness of the whole network." [Full Review]
Danilo Tiberi
Hakeem
Olufadi
"The paid version of the solution has reporting and better scalability options." [Full Review]
Idris Aliyu
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
4
AlienVault OSSIM and Wazuh
AlienVault OSSIM
CONS
"AlienVault OSSIM could improve by having better integration with some of the newer tools." [Full Review]
Steven
Sheehy
"It's so hard to configure and explore something new on it." [Full Review]
Khadija
Salam Saleh
Al-Harrasi
"AlienVault OSSIM on-premise version is more difficult to implement than the cloud version." "Additionally, they should add
integration between several different environments at once and improve their online knowledge base." [Full Review]
Danilo Tiberi
Hakeem
Olufadi
"When comparing AlienVault OSSIM to other solutions it looks a bit outdated." "Additionally, they need to improve their
integration." [Full Review]
Idris Aliyu
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
5
AlienVault OSSIM and Wazuh
AlienVault OSSIM
"When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price
structure." "If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current
pricing of Microsoft Sentinel." [Full Review]
Steven
Sheehy
"The price of AlienVault OSSIM is too high sometimes for us to present to our customers." "The price should be lower." "We are
on a three-year license to use the solution." "We had to pay extra for the support." [Full Review]
Danilo Tiberi
"We are using a free version of the solution." "If you purchase a license there are more features available but the price is a little
high." "The solution should be cheaper to allow more customers to be able to afford it." [Full Review]
Idris Aliyu
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
6
AlienVault OSSIM and Wazuh
Wazuh
PROS
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering
behaviors." [Full Review]
Muhammad
Muaaz Bin
Zaka
Youssef EL
AZZOUZI
Robert
Cheruiyot
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs." "Inventory
is probably the most important feature." "It tells us when processes and packages were installed and what they are, which is
helpful." [Full Review]
Pathick
Kerketta
"Wazuh offers an enhanced HDR version that outperforms its competitors." [Full Review]
Akash
Majumder
Ali Ahangari
"Good for monitoring, active response, and for vulnerabilities." [Full Review]
Rizwan Alam
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
7
AlienVault OSSIM and Wazuh
Wazuh
CONS
"The only challenge we faced with Wazuh was the lack of direct support." [Full Review]
Muhammad
Muaaz Bin
Zaka
Youssef EL
AZZOUZI
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux." [Full Review]
Robert
Cheruiyot
Pathick
Kerketta
Akash
Majumder
Ali Ahangari
Rizwan Alam
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
8
AlienVault OSSIM and Wazuh
Wazuh
Youssef EL
AZZOUZI
Pathick
Kerketta
Shubham
Kumar
"Wazuh has a community edition, and I was using that." "It's free and open source." [Full Review]
Dr. Sushan
Banerjee
"Wazuh is totally free and open source." "There are no licensing costs, only support costs if you need them." [Full Review]
Shaamil
Ashraff
"Wazuh is open-source, therefore it is free." "You can purchase support for $1,000 a year." [Full Review]
Wajih Ul
Hasan
"Wazuh is open-source, but you must consider the total cost of ownership." "It may be free to acquire, but you spend a lot of
time and effort supporting the product and getting it to a point where it's useful." [Full Review]
Gary Starling
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
9
AlienVault OSSIM and Wazuh
VALUABLE
FEATURES Hakeem Olufadi Muhammad Muaaz Bin Zaka
The self-paced training is pretty good. The initial The most valuable features include file integrity
setup is straightforward. We've found the solution monitoring, Wazuh engines, Wazuh rulesets
to be very stable. You can scale the solution. (including rulesets for Apache and firewall routers),
Technical support is excellent. They are very and vulnerability detection. [Full Review]
helpful and responsive. [Full Review]
Vikrant Puranik
Danilo Tiberi
Akash Majumder
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
10
AlienVault OSSIM and Wazuh
ROOM FOR
IMPROVEMENT Steven Sheehy Muhammad Muaaz Bin Zaka
AlienVault OSSIM could improve by having better There is room for improvement in Wazuh, but it's
integration with some of the newer tools. Ina possible they are already working on it. The only
future releases, it would be beneficial to challenge we faced with Wazuh was the lack of
modernize some of their UI features. [Full Review] direct support. They charge for support, whether
it's five days a week or seven days a week. We
don't expect it to be free because revenue is
generated through the support they provide. In
future releases, I would like to see a feature.
Hakeem Olufadi There is one feature we observed in a premium
tool in the industry called Dynatrace. It provides
automatic relations b... [Full Review]
ArcSight works better than AlienVault right now.
The incidence reporting could be better. We'd like
to be able to better privatize certain logs that
handle certain detections. It's really important to Vikrant Puranik
us. The integration capabilities could be improved.
[Full Review]
Scalability is a constraint in the on-prem version of
Wazuh in terms of the volume of logs we can
manage. There are some minor glitches, but that's
Danilo Tiberi part of every tool, and they usually get addressed
in subsequent updates. I would like to see more
Kubernetes security and log integrations. That will
be one of the good things. Wazuh supports AWS
AlienVault OSSIM on-premise version is more or GCP cloud-native service integration, but it
difficult to implement than the cloud version. would be great if they added support for
Additionally, they should add integration between Kubernetes security and AWS or Azure-managed
several different environments at once and Kubernetes solutions. [Full Review]
improve their online knowledge base. [Full
Review]
Akash Majumder
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
11
AlienVault OSSIM and Wazuh
Overview
SOLUTION AlienVault OSSIM Wazuh
OVERVIEW AlienVault OSSIM, Open Source Security Wazuh is an enterprise-ready platform used for
Information and Event Management (SIEM), security monitoring. It is a free and open-source
provides you with a feature-rich open source SIEM platform that is used for threat detection, incident
complete with event collection, normalization and response and compliance, and integrity
correlation. Launched by security engineers monitoring. Wazuh is capable of protecting
because of the lack of available open source workloads across virtualized, on-premises,
products, AlienVault OSSIM was created containerized, and cloud-based environments.
specifically to address the reality many security
professionals face: A SIEM, whether it is open It consists of an endpoint security agent and a
source or commercial, is virtually useless without management server. Additionally, Wazuh is fully
the basic security controls necessary for... integrated with the Elastic Stack, allowing users
the ability to navigate...
Elastic Security vs. AlienVault OSSIM Splunk Enterprise Security vs. Wazuh
Compared 21% of the time Compared 20% of the time
Splunk Enterprise Security vs. AlienVault OSSIM USM Anywhere vs. Wazuh
Compared 17% of the time Compared 11% of the time
TOP INDUSTRIES, Comms Service Provider ... 13% Comms Service Provider ... 7%
BASED ON Financial Services Firm ... 13% Financial Services Firm ... 13%
REVIEWERS*
Insurance Company ... 13% Security Firm ... 20%
Educational Organization ... 13% Computer Software Company ... 27%
TOP INDUSTRIES, Educational Organization ... 7% Educational Organization ... 7%
BASED ON Government ... 10% Government ... 7%
COMPANIES
READING REVIEWS* Comms Service Provider ... 11% Comms Service Provider ... 11%
Computer Software Company ... 18% Computer Software Company ... 18%
COMPANY SIZE, 201-1000 Employees ... 21% 201-1000 Employees ... 15%
BASED ON 1001+ Employees ... 21% 1001+ Employees ... 30%
REVIEWERS*
1-200 Employees ... 58% 1-200 Employees ... 55%
COMPANY SIZE, 1-200 Employees ... 29% 1-200 Employees ... 30%
BASED ON 201-1000 Employees ... 16% 201-1000 Employees ... 19%
COMPANIES
READING REVIEWS* 1001+ Employees ... 55% 1001+ Employees ... 50%
* Data is based on the aggregate profiles of PeerSpot Users researching this solution.
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
12
AlienVault OSSIM and Wazuh
Steven Sheehy
The most valuable features of AlienVault OSSIM are case management, ease of configuration, and investigation.
AlienVault OSSIM could improve by having better integration with some of the newer tools.
13
AlienVault OSSIM and Wazuh
The solution is stable. However, sometimes the UMS can disappear but overall the stability is good.
The solution scales well. Some of the volumes of data can be done in a way it can scale better.
I have utilized Microsoft Sentinel, which includes a case management system. This system requires the creation of rule sets
using KQL and is primarily pre-configured with AlienVault OSSIM. However, we have made some interesting customizations to
enhance its functionality.
The initial setup of AlienVault OSSIM is straightforward. The deployment takes a few days.
14
AlienVault OSSIM and Wazuh
When comparing AlienVault OSSIM to Microsoft Sentinel, AlienVault OSSIM incurs additional costs due to its licensing price
structure. If you are using AlienVault for security purposes at a certain level it can have a higher price point than the current
pricing of Microsoft Sentinel.
It is simple to configure and use this system as it calculates all the necessary components. Looking ahead, it is crucial for
Microsoft to maintain its position in the top quadrant, as determined by Gartner, considering the investments made by both
Google and Microsoft in this space.
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
15
AlienVault OSSIM and Wazuh
Vikrant Puranik
Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we
could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized
logging solution.
The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable.
Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us,
and Wazuh is a top open source solution.
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for
different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.
Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some
minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.
I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS
or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or
Azure-managed Kubernetes solutions.
16
AlienVault OSSIM and Wazuh
Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect
every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source
solution. You pay for a licensed product or you deal with minor problems in open source.
We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of
the answers you need in the community groups or forums. I rate Wazuh support eight out of 10.
I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned
to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a
commercial product or rely on our skills to deploy an open-source solution.
The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box
functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search
capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.
17
AlienVault OSSIM and Wazuh
I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly
complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment,
the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.
Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the
documentation is excellent, and they have good community support as well.
Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no
more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend
anything except for resources.
I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight
budget, but you need to have an enterprise-level SIEM deployment.
If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your
experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up.
On-premises
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
18
AlienVault OSSIM and Wazuh
19
AlienVault OSSIM and Wazuh
Chart Key
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product PeerSpot on PeerSpot reviews
Bar length
The total ranking of a product in a category, represented by the bar length, is based on a weighted aggregate score. The score is calculated
using the following factors:
ul>
li>Comparisons Views: the product with the highest number of comparisons with other products-in-the-category gets a
maximum of 25 points. Every other product gets assigned points based on its total in proportion to the #1 product
in that ranking factor. For example, if a product has 80% of the number of comparison views compared to the
product with the most reviews then the product's points for reviews would be 25 * 80%./li>
li>Views: We calculate the number of Views based on the percentage of category comparisons out of the total comparisons of the
product./li>
ul>
li>For example, if a product has 100 Comparisons with other products in the category and a total of 1,000 Comparisons,
the product will be assigned 10% of the total number of Views. If the product has a total of 2,000 Views,
it will be assigned 200 Views for this ranking factor./li>
li>The product with the highest number of views gets a maximum of 25 points.
Every other product gets assigned points based on its total in proportion to the #1 product in that ranking factor./li>
li>For example, if a product has 100 Comparisons with other products in the category and a total of 1,000 Comparisons,
the product will be assigned 10% of the total number of Views. If the product has a total of 2,000 Views,
it will be assigned 200 Views for this ranking factor./li>
/ul>
li>Reviews: the product with the highest number of reviews gets a maximum of 15 points. Every other product gets assigned points
based on its total in proportion to the #1 product in that ranking factor. For example, if a product has 80% of the number of
reviews compared to the product with the most reviews then the product's points for reviews would be 15 * 80%./li>
li>Rating: the maximum score is 25 points awarded linearly between 6-10/li>
ul>
li>e.g. 6 or below=0 points; 7.5=7.5 points; 9.0=18 points; 10=25 points./li>
/ul>
li>Words/Review: the maximum score is 10 points awarded linearly between 0-900 words/li>
ul>
li>e.g. 600 words = 4 points; 750 words = 7 points; 900 or more words = 10 points./li>
li>If a product has fewer than ten reviews, the point contribution for Rating and Words/Review is reduced: 1/3 reduction in points
for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews./li>
/ul>
/ul>
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
Rankings for June 2023 and earlier used our previous ranking methodology. Learn more here.
32,443 views 26,900 comparisons 44 reviews 590 words/review 8.2 average rating
2 Microsoft Sentinel
34,829 views 20,255 comparisons 53 reviews 1,445 words/review 8.3 average rating
20
3 IBM Security QRadar
25,899 views 15,299 comparisons 54 reviews 465 words/review 7.7 average rating
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
21
AlienVault OSSIM and Wazuh
4 Elastic Security
17,544 views 14,769 comparisons 19 reviews 424 words/review 7.6 average rating
5 Wazuh
21,653 views 11,302 comparisons 21 reviews 472 words/review 7.3 average rating
6 LogRhythm SIEM
12,757 views 7,664 comparisons 24 reviews 625 words/review 8.1 average rating
7 USM Anywhere
7,974 views 5,751 comparisons 13 reviews 607 words/review 7.9 average rating
8 Fortinet FortiSIEM
9,572 views 4,950 comparisons 26 reviews 367 words/review 7.4 average rating
6,818 views 3,831 comparisons 11 reviews 1,255 words/review 9.2 average rating
6,684 views 3,566 comparisons 24 reviews 438 words/review 7.3 average rating
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
22
AlienVault OSSIM and Wazuh
VIEWS
4 Wazuh 21,653
Reviews
REVIEWS
2 Microsoft Sentinel 53
4 Fortinet FortiSIEM 26
Words / Review
WORDS /
REVIEW
1 Devo 2,182
2 Netsurion 1,862
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
23
AlienVault OSSIM and Wazuh
About PeerSpot
The Internet has completely changed the way we make buying decisions. We now use ratings and review sites to see what other real users
think before we buy electronics, book a hotel, visit a doctor or choose a restaurant. But in the world of enterprise technology, most of the
information online and in your inbox comes from vendors but what you really want is objective information from other users.
We created PeerSpot to provide technology professionals like you with a community platform to share information about enterprise software,
applications, hardware and services.
We commit to offering user-contributed information that is valuable, objective and relevant. We protect your privacy by providing an
environment where you can post anonymously and freely express your views. As a result, the community becomes a valuable resource,
ensuring you get access to the right information and connect to the right people, whenever you need it.
• A list of enterprise level Security Information and Event Management (SIEM) vendors
• A sample of real user reviews from tech professionals
• Specific information to help you choose the best vendor for your needs
PeerSpot
244 5th Avenue, Suite R-230 • New York, NY 10001
www.peerspot.com
reports@peerspot.com
+1 646.328.1944
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/alienvault-ossim_vs_wazuh?tid=pdf_comp_32801-36166
24