We performed a comparison between i-SIEM and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The machine learning and artificial intelligence on offer are great."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"It's positively affected our overall rate of efficiency."
"Their customer support is friendly and willing to help."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"In terms of security, LogRhythm NextGen SIEM is great."
"The most valuable features would be the automation, reporting, and the support."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"The feature that makes it usable is the web interface."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"The troubleshooting has room for improvement."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sentinel's reporting is complex and can be more user-friendly."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We'd like to see more connectors."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"I would really like to see some type of group or global management for RIM policies,"
"The solution is likely not the best option for a smaller organization."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"I would like to see APIs well-documented and public facing, so we can get to them all."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. i-SIEM is rated 9.0, while LogRhythm SIEM is rated 8.4. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.