We performed a comparison between LogRhythm SIEM, Quest InTrust, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"Provides visibility into the network."
"AXON has the ability to add and compare use cases."
"NextGen SIEM's most valuable feature is its user-friendliness."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"The initial setup is pretty easy."
"I would rate the technical support very well as they are knowledgeable and quick to respond."
"You can check up on security from the dashboards."
"Visualizations helped the organisation with a better understanding of its KPIs."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
"It's better than IBM, in my opinion, because it's an independent entity."
"We did not encounter any issues with scalability. It is almost seamless to add new index (storage) or search (used to analyze the data) nodes to the cluster."
"The integration is seamless with many devices and operating systems."
"The Splunk user community and forum are most valuable."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"Move it to Linux. I would like to see it get off the SQL Server."
"Scalability-wise, it's not that great."
"The solution is likely not the best option for a smaller organization."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"I would like to see case management become more independent from LogRhythm itself."
"My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome."
"It needs to have better reporting. "
"It was very complex. There was poor native correlation. "
"The difficult part is related to integration with sources of data that are used to create the logs as this depends on the infrastructure of the client."
"It is a challenge to manage the environment in such a way, that one’s log, even with the bandwidth license, isn’t exceeded."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"It could be more user friendly, in terms of the end-user experience."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"I find that the learning curve for Splunk is relatively lengthy."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
Earn 20 points