Features comparison WAZUH | AlienVault | RSA

1,315 views
Skip to first unread message

Azhar Hj.Mohd Ghazali

unread,
Feb 26, 2021, 2:59:46 AM2/26/21
to Wazuh mailing list
Hi,

If you dont mind, can share me the features comparison for above products.

Thanks


Facundo Orsi

unread,
Mar 2, 2021, 5:35:10 PM3/2/21
to wa...@googlegroups.com, resp...@gmail.com
Hi Azhar, I hope you are doing well.

I've prepared the following comparison between Wazuh, Alienvault OSSIM (Open Source alternative), Alienvault USM (Commercial version) and RSA Netwitness. Have in mind that the commercial alternatives (NW and USM) need other components to obtain full functionality or the same features that you can get with the unified Wazuh platform. 

FeaturesWazuhAlienvault OSSIMAlienvault USMRSA Netwitness
Open-source platform
Auditable code
Public roadmap
Endpoint / Container
oriented solution
High Availability /
Cluster deployment
Horizontal scalability
and auto-scaling
Lightweight modular
components
Log data collection
Signed archival data
storage
Correlation and
cross-correlation
File integrity monitoring
(FIM)
Auditing who-data
Anomaly and malware
detection
Security configuration
assessment
Monitoring system callswith Endpoint component
Command monitoring
Active responsewith Endpoint component
Anti-flooding
mechanism
Automated system
inventory		with Endpoint component
Host-based
vulnerability detection		with Endpoint component
VirusTotal integration
Osquery
Fluentd forwarder
Native JSON support
NIDS Integration
(Suricata, Snort, Zeek,
etc)
Elastic stack integration
Kibana visualizations
/ Advanced Dashboards
Cloud-based alternative
Monitor cloud
environments (AWS,
Google
Orchestration and
deployment integration
(Ansible, chef, puppet,
etc)


Let me know if you find this information helpful!

Regards.
--
Facundo Orsi 
Security Engineer
WazuhThe Open Source Security Platform


--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAPqNNT1p3F7-O-BcfqsCjNbxfURuy8Luz3KWvkJ_XxBWFJJT2A%40mail.gmail.com.

Blason R

unread,
Mar 2, 2021, 11:34:22 PM3/2/21
to Facundo Orsi, Wazuh mailing list, resp...@gmail.com
Nice man!! Looks like much effort put there to prepare those.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAG65QjZ9tWJzGDPSYfoR95X8bLhvsuVJQk9SQ%2B4W69qFXt2tRQ%40mail.gmail.com.

Azhar Hj.Mohd Ghazali

unread,
Mar 3, 2021, 6:20:29 AM3/3/21
to Blason R, Facundo Orsi, Wazuh mailing list
Hi facundo

Greats matrix of comparison.
Really appreciate it.

Thank you.

Facundo Orsi

unread,
Mar 3, 2021, 11:24:05 AM3/3/21
to Davide Bozzelli, wa...@googlegroups.com
Hello Davide, it means that the archived (cold storage) files have a checksum calculated (signature) against it and stored on a related file to check if the file has been tampered with. For example:

- Historic compressed alert file with its corresponding checksum file:
image.png

- Content of the checksum file:
image.png

Hope this clarifies!

Regards.
--
Facundo Orsi 
Security Engineer
WazuhThe Open Source Security Platform


On Wed, Mar 3, 2021 at 10:35 AM Davide Bozzelli <davide....@gmail.com> wrote:
Hi

What you mean with "Signed archival data storage" ?

tHX 

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAG65QjZ9tWJzGDPSYfoR95X8bLhvsuVJQk9SQ%2B4W69qFXt2tRQ%40mail.gmail.com.


--
Got problems with Windows? - ReBooT
Got problems with Linux? - Be RooT

Facundo Orsi

unread,
Mar 3, 2021, 11:26:17 AM3/3/21
to Azhar Hj.Mohd Ghazali, Blason R, Wazuh mailing list
No problem! Just let us know if you need anything else and, as always, thank you very much for posting on the community!

Regards.
--
Facundo Orsi 
Security Engineer
WazuhThe Open Source Security Platform

Reply all
Reply to author
Forward
0 new messages