We performed a comparison between LogRhythm SIEM and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The initial setup is very simple and straightforward."
"NextGen SIEM's most valuable feature is its user-friendliness."
"The feature that makes it usable is the web interface."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"Their customer support is friendly and willing to help."
"The most valuable features would be the automation, reporting, and the support."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"Simple network monitoring that is easy to install and manage."
"Zabbix is scalable."
"I like being able to use proxy servers for different locations. The agents are pretty cool. They're easy to roll out. The standard out-of-the-box templates are also pretty easy to use. The integration with other learning products is also good. I have, in the past, used Slack, but we've integrated it with Microsoft Teams. We also use it for SMS with a service called Redcoat. It is very flexible. It does what I need it to do, and my manager is very happy because it doesn't cost anything. We are nearing 4,000 hosts inside Zabbix, and we've got another 6,000 access points to add to it. We've thrown everything at it, and it has managed to keep going. I am very impressed with the tool, and I'd shake their hand very hard if I got to say the compliments to the Zabbix team. They keep improving it and doing refreshes, which is one good thing about it. There is also online information as well as books that you can purchase if you're willing to read enough. There is a lot to pick up, but it is a pretty complete solution."
"The product is very stable."
"The pricing of the product is reasonable."
"It not only provides the preconfigured item monitoring feature, but it is also easy to configure custom items."
"The best thing about Zabbix is the integration and the APIs that are included are very fast"
"Its overall flexibility is most valuable. When our customers have some custom applications that are not necessarily covered by the community or a standard monitoring tool, we use Zabbix to build our own modules with our own templates. This feature has been useful in using Zabbix for infrastructure and IT monitoring. It has also been useful for industrial equipment monitoring. Zabbix is very lightweight. It is efficient in terms of performance because it doesn't use a lot of resources."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"NextGen SIEM's integration with other software is good but could be improved."
"Right now there is the concern about being able to gather all of the data into the system."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"I would like for this solution to be more cloud-friendly."
"The GUI could be more intuitive. Also, we'd like streaming telemetry. Zabbix might have this feature, but I haven't seen it yet. It took us a long time to get started because the documentation isn't very descriptive. We had to go through various sources like YouTube and forums to get this solution working."
"There are not too much documentation or manuals. We found the tutorials very easy to understand but do not go deep enough in the use of Zabbix. We need more manuals, proper use, documentation, etc."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"There are a lot of areas for improvement, specifically in the dashboards and reports functionalities."
"We would like to monitor other touchpoints such as ATM machines. It would be great if it can provide monitoring of ATM machines. Compatibility with other products would also be great."
"The event correlation could be better."
"Implementation is always tailored to the customer and the kind of information we need from the client to carry it out can make them very uncomfortable. Sometimes the clients are not ready to share it."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. LogRhythm SIEM is rated 8.4, while Zabbix is rated 8.2. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.