We performed a comparison between Elastic Security and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, but there have been occasional delays and knowledge problems.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"It has basic out-of-the-box integrations with multiple log sources."
"The UI-based analytics are excellent."
"The automation feature is valuable."
"The pricing of the product is excellent."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The initial setup is very simple and straightforward."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable feature for me is Discover."
"It's open-source and free to use."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Stability-wise, I rate the solution a ten out of ten."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"The visualization is very good."
"It's very stable and reliable."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"The log analysis feature is valuable."
"I find LogRhythm's log management capabilities to be beneficial."
"AXON has the ability to add and compare use cases."
"The most valuable feature is that we can alternate incident automations."
"LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The solution could be more user-friendly; some query languages are required to operate it."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"Sometimes the Platform Manager crashes because it's built around Windows."
"I would like a more fuller implementation of STIX/TAXII so I can pull in some of the government lists without having to go implement a whole new STIX/TAXII platform."
"The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
Elastic Security is ranked 5th in Log Management with 58 reviews while LogRhythm SIEM is ranked 8th in Log Management with 166 reviews. Elastic Security is rated 7.6, while LogRhythm SIEM is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and Fortinet FortiAnalyzer, whereas LogRhythm SIEM is most compared with Splunk Enterprise Security, IBM Security QRadar, Wazuh, Fortinet FortiSIEM and Graylog. See our Elastic Security vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.