We performed a comparison between Elastic Beats, IBM Security QRadar, and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."The security aspects in general have been very useful to use."
"There's a whole spectrum of features on the solution that users can take advantage of. It's a very robust product."
"Search capabilities are sufficient for most tasks."
"It can analyze event logs, event security, and give a good consult."
"I think the QDI is very good."
"The stability is good."
"The most valuable feature is the machine learning module."
"The most valuable feature is the searching capability and real-time operational use."
"An engineer can live-monitor all the flow happening in real-time. This would help us a lot while investigating a case, and it would even help us with preventive actions."
"It is really helpful to us from the compliance point of view."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"The product is great for medium to large-scale organizations."
"The most valuable feature is that we can alternate incident automations."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"At some level, the documentation, the information as far as the components, it's sometimes a little difficult to find the information necessary to implement aspects."
"The dashboard is not user-friendly. The solution, in general, isn't great from a user's perspective."
"The architecture could be improved. I got stuck for a long time trying to understand the architecture, as it is quite challenging."
"The only challenge is that IBM has been a closed enterprise. It should be more open to integrating with other providers at an enterprise level. We're a bank and the core banking system integration is not way straightforward and there is no integration between IBM and these products. If IBM could open up and provide a way of integrating it seamlessly, without charging more for it, that would make a big difference."
"QRadar's performance has room for improvement because it cannot handle the volume. I need massive amounts of logs from various devices in our existing network architecture. IBM needs to improve QRadar's capacity to handle more logs."
"I would like to see a more user-friendly product."
"The solution lacks vendor support."
"The reporting system could use some upgrading."
"They need to improve their threat intelligence feed and they need to improve their user behavior analytics modules."
"The whole process for support is something that needs to be improved."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"Scalability-wise, it's not that great."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"Appliance-based setups can sometimes pose scalability issues"
Earn 20 points