No more typing reviews! Try our Samantha, our new voice AI agent.

LogRhythm SIEM vs Microsoft Purview Audit comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm SIEM
Ranking in Log Management
14th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
176
Ranking in other categories
Security Information and Event Management (SIEM) (14th)
Microsoft Purview Audit
Ranking in Log Management
35th
Average Rating
8.2
Reviews Sentiment
5.1
Number of Reviews
4
Ranking in other categories
Microsoft Security Suite (31st)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of LogRhythm SIEM is 2.9%, up from 2.0% compared to the previous year. The mindshare of Microsoft Purview Audit is 1.1%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
LogRhythm SIEM2.9%
Microsoft Purview Audit1.1%
Other96.0%
Log Management
 

Featured Reviews

SumitKumar20 - PeerSpot reviewer
Security Engineer at Granicus Inc.
Tool consistently aids in effective threat detection and monitoring but could benefit from improved log source management and resource optimization
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of gigabytes, terabytes, or petabytes from particular devices or environments. This information is crucial for planning future storage needs and scalability. The system monitor (collector) agent has issues with resource consumption. Even when not actively collecting data, the agent continues to consume significant CPU and memory resources, which can be particularly problematic for small business environments with limited resources. LogRhythm SIEM could improve by adding more default device support. While they have good default settings for devices such as Palo Alto firewalls, custom log sources often require extensive work. Increasing the number of supported devices with built-in policies and functionality would reduce the need for custom work. Competitive SIEM tools often provide more comprehensive coverage for various devices and vendors.
OK
Cloud Solution Engineer at a computer software company with 51-200 employees
Integrated auditing has strengthened data retention and improved incident investigations
I have seen areas for improvement, specifically in Microsoft Purview Audit or in general about Microsoft. I have had a situation with documentation. I had a customer who wanted to create alerts and they had Microsoft 365 Business Premium. In the documentation, it was noted that this license is enough for creating alerts. When we tried to make them, we noticed they cannot do it with Microsoft 365 E3 because the customer had limited features to manage alerts. The customer had to buy E3. We created Microsoft support requests, and they confirmed that the documentation displayed not the real situation and they have been going to update documentation. The same situation occurred now with implementing Microsoft Purview Audit in the last autumn. eDiscovery was combined with search and content search, and the documentation was not clear at the beginning. It was a little difficult to describe to customers that now it is a part of eDiscovery. Content search is a very simple functionality, while eDiscovery is a little difficult. I am not entirely sure why Microsoft is going in the way of combining these services because they are the same. However, for a customer who has never seen these services, it is difficult to understand quickly. The same situation occurs with litigation holds and some other holds. For any mail, I am trying to keep data. For example, emails are held for a year or two years, ten years, it does not matter. It is difficult to understand where to find this data and where these emails are being held. I need to use eDiscovery to find out all deleted data that was kept somewhere in some hidden folders of the mailbox. Regular customers and regular administrators know that on-premises Exchange, for example, allows them to find the data in some repository and review the list of kept data. However, with this hold, we do not have any functionality to review the list of kept data. It is difficult to understand for customers how to work with this. I had a case where I spent three or four hours working deeply with a customer to explain how to work with eDiscovery, why Content Search is not there when it was before, what is an eDiscovery case, and why we are talking about all of this just to review a list of kept emails. This is difficult.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In terms of security, LogRhythm NextGen SIEM is great."
"The product was easy to deploy and easy to learn how to use, and the web console is the best I have seen when compared to other SIEMs."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion."
"Regarding meeting those goals, in the last two months that we've had LogRhythm it's been very good."
"Going from a third-party vendor to an in-house solution, such as the LogRhythm solution, has given us visibility into the entire organization, compared to the limitations, based on budget and whatnot, from a third-party vendor."
"The user interface is pretty good compared to other SIEM tools."
"For the same price, we have been able to go from a SIEM that could only manage about 20 percent of our environment to a full 100 percent coverage of all the devices on our network."
"The main Microsoft feature is that it offers common integration of services, of data, of identity, meaning user accounts, user access, and privileged access."
"The platform has significantly enhanced our operational insight into the overall Microsoft 365 environment."
"We're easily saving at least one hour per day using this solution."
"The overall user experience with Microsoft Purview Audit is of higher quality than when it was branded as Compliance Center, and Microsoft consistently updates and evolves functionalities and the overall experience."
 

Cons

"We usually do end up having to remind technical support about our issues, get back in touch with them to see what the status is on our tickets."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"We've had issues with scaling and local support."
"One of the things I find that would be helpful is the GLPR information, to be able to understand what is actually being processed."
"We were having some challenges initially, especially ingesting those standard log sources. We ran into issues where it was not parsing correctly."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"Scalability-wise, it's not that great."
"I had a case where I spent three or four hours working deeply with a customer to explain how to work with eDiscovery, why Content Search is not there when it was before, what is an eDiscovery case, and why we are talking about all of this just to review a list of kept emails."
"We are still in the early stages of leveraging Microsoft Purview Audit. Currently, it's primarily used for the audit function."
"We do have a Denial of Access happening."
"Areas for product improvement include enhancing customization options and integrating more comprehensive compliance features."
 

Pricing and Cost Advice

"We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
"I think the tool is reasonably priced. There is a need to pay per year towards the licensing costs of the tool."
"In the context of our country, the price of this solution is too high."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent."
"The pricing is very reasonable and accessible compared to other products in the market but I am not very sure about the exact licensing cost per year for our company."
"Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product."
"Everything is expensive with LogRhythm, and you don't get anything for free."
Information not available
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
13%
Financial Services Firm
10%
Manufacturing Company
7%
Comms Service Provider
7%
Financial Services Firm
13%
Computer Software Company
11%
Construction Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise39
Large Enterprise83
No data available
 

Questions from the Community

What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
LogRhythm SIEM could learn from Wazuh, as Wazuh has a built-in mechanism that allows you to write custom scripting and scripts through languages that Wazuh can then trigger, which is somewhat bette...
What is your experience regarding pricing and costs for LogRhythm SIEM?
I find LogRhythm SIEM affordable, as it is a bit less costly than QRadar, although I have not been involved in negotiation charges; however, from the manager's approval, I see it as affordable.
What is your experience regarding pricing and costs for Microsoft Purview Audit?
It is not so expensive in comparison with other products, but I can tell you about an example.
What needs improvement with Microsoft Purview Audit?
I have seen areas for improvement, specifically in Microsoft Purview Audit or in general about Microsoft. I have had a situation with documentation. I had a customer who wanted to create alerts and...
What is your primary use case for Microsoft Purview Audit?
I work with Defender for IoT by chance because I see that we have enough reviews for Defender for Office 365 today, and we need reviews for some Azure products. I work with Azure products such as L...
 

Also Known As

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
No data available
 

Overview

 

Sample Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Information Not Available
Find out what your peers are saying about LogRhythm SIEM vs. Microsoft Purview Audit and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.