We performed a comparison between Rapid7 InsightIDR and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Log aggregation and data connectors are the most valuable features."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The solution is very stable and works very well for what I need it to do."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"Features for user behavior analytics and the rules for attack review are good."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The solution's initial setup is easy."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"We can integrate threat intelligence solutions into the product."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"Technical support is always great."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The playbook is a bit difficult and could be improved."
"We'd like also a better ticketing system, which is older."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Lacks a mobile application."
"The product allows us to make only 30 custom rules."
"The ability to tune the collector for custom logs would greatly help."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"Needs a better ability to customize the check within the console."
"Inability to get access to compliance reports within the solution."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"There are some API gaps that are missing."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"The solution should improve its UI."
"The initial setup is the most stressful, like learning how to use it."
"The integration with multiple sources could be better."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
Rapid7 InsightIDR is ranked 13th in Security Information and Event Management (SIEM) with 29 reviews while Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 17 reviews. Rapid7 InsightIDR is rated 8.4, while Sumo Logic Security is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Next DLP, whereas Sumo Logic Security is most compared with Splunk Enterprise Security, Wazuh, VMware Aria Operations for Logs, IBM Security QRadar and LogRhythm SIEM. See our Rapid7 InsightIDR vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.