We performed a comparison between ArcSight Logger and LogRhythm SIEM based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's a robust, mature product and you can do some really complex operations and analytics."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"The ESM use cases are the most valuable. It enables us to use the big data collection inside our company. We are able to create use cases for whatever it suits and I find that the most interesting part of any SIEM solution."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"You have limited reporting capabilities and I wouldn't choose ArcSight Logger for this purpose."
"The platform is quite expensive. They should reduce its cost."
"We have had problems with archiving."
"The initial setup was a little bit complex."
"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."
"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."
"In the next release, I want to see more intelligence."
"The solution must provide readymade connectors for different applications."
"I would like to see case management become more independent from LogRhythm itself."
"The installation was a bit complex because we are running a virtual infrastructure."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
ArcSight Logger is ranked 29th in Log Management with 30 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. ArcSight Logger is rated 7.8, while LogRhythm SIEM is rated 8.4. The top reviewer of ArcSight Logger writes "A scalable and stable solution that enables users to see all the event logs in one place". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". ArcSight Logger is most compared with Splunk Enterprise Security, IBM Security QRadar, Elastic Security, Wazuh and VMware Aria Operations for Logs, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Fortinet FortiSIEM. See our ArcSight Logger vs. LogRhythm SIEM report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
