We performed a comparison between Graylog, LogRhythm SIEM, and Snare based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."Graylog's search functionality, alerting functionality, user management, and dashboards are useful."
"One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview."
"The ability to write custom alerts is key to information security and compliance."
"Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature."
"Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps."
"The most valuable features would be the automation, reporting, and the support."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"AXON has the ability to add and compare use cases."
"NextGen SIEM's best feature is how it presents logs."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"Snare has good agents, especially for Windows."
"The best thing about Snare is its format and consistency."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"More complex visualizations and the ability to execute custom Elasticsearch queries would be great."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"I would like to see some kind of visualization included in Graylog."
"Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best case deployment scenario-"
"Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable."
"Dashboards, stream alerts and parsing could be improved."
"There should be some user groups and an auto sign-in feature."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful."
"I don't think the cloud model in LogRhythm is developed enough."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"Move it to Linux. I would like to see it get off the SQL Server."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"Users will initially find it difficult to identify the event types and installation in Snare."
"Snare should modernize its GUI a little bit."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."