OSSIM (Open Source)

What do you like best?

A free central tool to pull together logs, data, information, threats, and vulnerability scans. This gives you a lot of power in one small package, especially if you are a smaller organization that does not have an excessive amount of logs and information.

What do you dislike?

There is a significant amount if a disjointed feel between the different portions of the application software. You can definitely tell that this product, ultimately, is a Frankenstein's monster of security tools which have been stitched together into a singular, "unified" product. If you want this product to be effective, you will need to have a staff member who is willing to learn and show initiative because your success will be limited if you are expecting things to be simple or straightforward.

Recommendations to others considering the product:

You need to approach this software with the knowledge that it is open source, and while this product has the unofficial backing of AT&T as they have purchased their for-fee Alienvault USM product, this really is a best-effort support kind of situation.

What problems are you solving with the product? What benefits have you realized?

Have a central dashboard and repository which will showcase system and security alerts, along with the easy ability for staff members to search system and firewall logs for system events for not only security threat hunting but regular troubleshooting and root cause analysis.