Try our new research platform with insights from 80,000+ expert users

LogRhythm SIEM vs Rapid7 InsightIDR vs Trellix ESM comparison

LogRhythm and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. LogRhythm is ranked #12 with an average rating of 7.7, while Rapid7 is ranked #13 with an average rating of 8.2. LogRhythm holds a 3.3% mindshare in SIEM, compared to Rapid7’s 2.5% mindshare. Additionally, 89% of LogRhythm users are willing to recommend the solution, compared to 95% of Rapid7 users who would recommend it.
LogRhythm SIEM
Read 173 LogRhythm SIEM reviews
  • 6,003 Views
  • 3,756 Comparison Views
89% willing to recommend
Rapid7 InsightIDR
Read 32 Rapid7 InsightIDR reviews
  • 4,038 Views
  • 2,556 Comparison Views
95% willing to recommend
Trellix ESM
Read 36 Trellix ESM reviews
  • 2,027 Views
  • 858 Comparison Views
75% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between LogRhythm SIEM, Rapid7 InsightIDR, and Trellix ESM based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Information and Event Management (SIEM) Report (Updated: April 2025).
Buyer's Guide
Security Information and Event Management (SIEM)
April 2025
Download the complete report
Helped 850,671 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

As of May 2025, in the Security Information and Event Management (SIEM) category, the mindshare of LogRhythm SIEM is 3.3%, down from 4.3% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.5%, down from 2.7% compared to the previous year. The mindshare of Trellix ESM is 0.9%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Mokhammad Rakhman - PeerSpot reviewer
User-friendly dashboard and machine learning capabilities improve threat hunting efficiency
LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.
Read full review
Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.
Read full review
Daniel Durian - PeerSpot reviewer
Helps to monitor and detect cyberattacks
The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick. Trellix ESM provides situation awareness. On the dashboard, I can see outbound and inbound communications to known threat hosts, IPS/IDS activity, and threat intelligence of the perimeter defense in the firewall. This information helps preempt attacks.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"The most valuable features would be the automation, reporting, and the support."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The user interface is pretty good compared to other SIEM tools."
More LogRhythm SIEM pros
"The solution's initial setup is easy."
"Very intuitive and easy to set up."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"I like the tool's user analysis feature."
"I like that it's a cloud-based solution."
More Rapid7 InsightIDR pros
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"It is easy to use."
"Compared to other solutions, the user interface is good."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
More Trellix ESM pros
 

Cons

"The responses provided by the cloud team are inefficient."
"Move it to Linux. I would like to see it get off the SQL Server."
"It's not easy for someone new to the solution."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"The pricing is the only problem."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
More LogRhythm SIEM cons
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Lacks a mobile application."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"The main problem lies in the processes within the client's operating systems."
"Inability to get access to compliance reports within the solution."
"They should add more configuration and security features to it."
"The dashboard is an area that could be simplified."
More Rapid7 InsightIDR cons
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"The solution needs to improve case management. The UI is confusing."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"I would like to see improvements to the user interface."
"The product’s alert response feature needs improvement. It could be more flexible and secure."
"There's no software support from McAfee."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
More Trellix ESM cons
 

Pricing and Cost Advice

"It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that."
"LogRhythm's pricing and licensing is extremely competitive and it's one of the top three reasons we continue to invest in the platform."
"The pricing is very reasonable and accessible compared to other products in the market but I am not very sure about the exact licensing cost per year for our company."
"If you don't have your staff, absolutely look into the co-pilot and factor that into your cost evaluation."
"The license cost is around $10 per MPS."
"Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget."
More LogRhythm SIEM pricing and cost advice
"Rapid7 InsightIDR is priced very well and is cost-effective."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"The pricing of the solution depends on the user. But there is a yearly licensing cost."
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"The pricing is good, and it is not very expensive."
"The solution has a mid-range price point in the market"
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
More Rapid7 InsightIDR pricing and cost advice
"The cost is dependent on the customer's environment and requirements."
"The product is slightly expensive."
"The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."
"The licensing cost is based on EPS."
"McAfee is the right choice for a low-budget solution."
"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
"It is an inexpensive product. We purchase its yearly license."
More Trellix ESM pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
850,671 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
11%
Financial Services Firm
8%
Government
7%
Computer Software Company
16%
Financial Services Firm
9%
Manufacturing Company
7%
Government
7%
Educational Organization
70%
Financial Services Firm
5%
Computer Software Company
4%
Comms Service Provider
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon you...
See all answers
What needs improvement with LogRhythm NextGen SIEM?
The SOAR capabilities need improvements as they currently require programming knowledge. A more user-friendly user in...
See all answers
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
See all answers
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, ...
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightIDR?
The product pricing is very cheap.
See all answers
What do you like most about McAfee ESM?
The solution's technical support is great.
See all answers
What is your experience regarding pricing and costs for McAfee ESM?
Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar.
See all answers
What needs improvement with McAfee ESM?
The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.
See all answers
 

Comparisons

IBM Security QRadar vs LogRhythm SIEM Logo
IBM Security QRadar vs LogRhythm SIEM
Compared 13% of the time
Splunk Enterprise Security vs LogRhythm SIEM Logo
Splunk Enterprise Security vs LogRhythm SIEM
Compared 13% of the time
Fortinet FortiSIEM vs LogRhythm SIEM Logo
Fortinet FortiSIEM vs LogRhythm SIEM
Compared 7% of the time
Wazuh vs LogRhythm SIEM Logo
Wazuh vs LogRhythm SIEM
Compared 5% of the time
LogRhythm Axon vs LogRhythm SIEM Logo
LogRhythm Axon vs LogRhythm SIEM
Compared 3% of the time
More LogRhythm SIEM Competitors
Darktrace vs Rapid7 InsightIDR Logo
Darktrace vs Rapid7 InsightIDR
Compared 10% of the time
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
Compared 9% of the time
Rapid7 InsightVM vs Rapid7 InsightIDR Logo
Rapid7 InsightVM vs Rapid7 InsightIDR
Compared 8% of the time
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Compared 5% of the time
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Compared 5% of the time
More Rapid7 InsightIDR Competitors
ArcSight Enterprise Security Manager (ESM) vs Trellix ESM Logo
ArcSight Enterprise Security Manager (ESM) vs Trellix ESM
Compared 26% of the time
Splunk Enterprise Security vs Trellix ESM Logo
Splunk Enterprise Security vs Trellix ESM
Compared 17% of the time
IBM Security QRadar vs Trellix ESM Logo
IBM Security QRadar vs Trellix ESM
Compared 10% of the time
Fortinet FortiSIEM vs Trellix ESM Logo
Fortinet FortiSIEM vs Trellix ESM
Compared 10% of the time
SentinelOne Singularity Complete vs Trellix ESM Logo
SentinelOne Singularity Complete vs Trellix ESM
Compared 9% of the time
More Trellix ESM Competitors
 

Product Reports

Buyer's Guide
LogRhythm SIEM
April 2025
LogRhythm SIEM reportDownload LogRhythm SIEM product report
Buyer's Guide
Rapid7 InsightIDR
April 2025
Rapid7 InsightIDR reportDownload Rapid7 InsightIDR product report
Buyer's Guide
Trellix ESM
April 2025
Trellix ESM reportDownload Trellix ESM product report
 

Also Known As

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
InsightIDR
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Overview

LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM is for organizations that require an on-premises solution and offers:

● Streamlined workflow

● Secure data access

● Real-time visibility

● A unified user experience

● Management customization

Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology addresses threats before they become significant financial risks while simultaneously helping better manage an organization’s assets.

LogRhythm SIEM has many key features and capabilities, including:

High-Performance Log Management: LogRhythm SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

SmartResponse™ Automation: LogRhythm SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

Automated Machine Analytics: LogRhythm SIEM's AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

Case and Security Incident Management: LogRhythm SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

User and entity behavior analytics (UEBA): Embedded deterministic UEBA monitoring helps protect against insider threats.

Security orchestration, automation, and response (SOAR): LogRhythm SIEM includes our embedded SOAR solution to increase efficiency and higher-quality incident response with low mean time to response (MTTR).

Benefits to Using LogRhythm SIEM

The platform offers great value to security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

Reviews from Real Users

LogRhythm SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

Jason G., a senior cybersecurity engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

LogRhythm

Parsing hundreds of trivial alerts. Managing a mountain of data. Manually forwarding info from your endpoints. Forget that. InsightIDR instantly arms you with the insight you need to make better decisions across the incident detection and response lifecycle, faster.

Rapid7

Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

Trellix
 

Sample Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Liberty Wines, Pioneer Telephone, Visier
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Buyer's Guide
Security Information and Event Management (SIEM)
April 2025
Download Free Report
Find out what your peers are saying about Splunk, Wazuh, Microsoft and others in Security Information and Event Management (SIEM). Updated: April 2025.
DOWNLOAD NOW
850,671 professionals have used our research since 2012.