LogRhythm UEBA [EOL] Reviews

My main use case for LogRhythm UEBA [EOL] is detecting insider threats and anomalous user behavior, and I rely on it most often to identify deviations from normal access patterns, such as unusual login times, privilege misuse, or abnormal data access, so the SOC team could investigate potential security incidents early and reduce the response time.

The best features LogRhythm UEBA [EOL] offers are its behavioral balancing, baselining, risk scoring, and correlation with SIEM events, and what stands out most is risk scoring, which gives clear visibility into which user behaviors are genuinely risky and helps our team to focus on the highest priority threats without drowning in noise.

Risk scoring helps us to quickly identify which users' activity needs immediate attention by clearly ranking threats based on impact and likelihood; it changes our day-to-day operations by reducing time spent on low-risk alerts and allowing the team to prioritize investigations and response actions more effectively and consistently.

LogRhythm UEBA [EOL] has positively impacted our organization by improving our ability to detect insider threats and compromised accounts earlier, resulting in better security visibility, reduced false positives, and faster investigations and response times, which helped the team operate more effectively with greater confidence.

I observed a noticeable reduction in false positive alert volume, which shortened the investigation time per incident, improving the mean time to detect and respond, and helping identify high-risk user activities earlier, which prevented potential security incidents from escalating.

LogRhythm UEBA [EOL] could be improved with more flexible tuning options and clearer model transparency to better understand why certain behaviors are flagged; enhanced integrations with additional data sources and more intuitive dashboards would also help improve usability and investigation efficiency.

More automation around alert triage and response would make daily work smoother, along with simpler tuning to reduce manual effort; better reporting and easier customization of risk thresholds would also help align the tool more closely with our operational workflows.

I have been using LogRhythm UEBA [EOL] for the last three years.

In my experience, LogRhythm UEBA [EOL] is very stable.

LogRhythm UEBA [EOL] has scaled reliably for our needs, as it has been able to handle increased user activity and log volumes as the organization grew, although scaling typically requires some planning and tuning to maintain performance and accuracy.

My experience with LogRhythm UEBA [EOL] support team has been positive overall; the support team has been responsive and helpful when we needed assistance with tuning or troubleshooting, which helped keep our deployments running smoothly.

Negative

We previously relied on basic SIEM correlation rules without a dedicated UEBA solution; we switched to LogRhythm UEBA [EOL] to gain deeper behavior analytics, reduce false positives, and improve detection of insider threats and compromised accounts.

I would advise others looking into using LogRhythm UEBA [EOL] to carefully plan their deployment and integrate UEBA with existing SIEM workflows from the start; they should focus on tuning risk scores and behavioral baselines to reduce false positives and take advantage of platform analytics to productively detect insider threats and account compromises.

Our company relationship with LogRhythm is strictly as a customer; we do not have any partnership or reseller agreement.

Before choosing LogRhythm UEBA [EOL], we evaluated a few other UEBA options, including Splunk UEBA and Exabeam; LogRhythm UEBA [EOL] was chosen because it integrated more smoothly with our existing LogRhythm SIEM environment and offered a better balance of functionality and operational complexity for our team.

LogRhythm UEBA [EOL] helped me detect an unusual after-hours login and abnormal data access from a user account that normally followed standard business hours, allowing the SOC team to investigate quickly and confirm the compromised account before any major impact occurred.

Risk behavior and better context around the user activity helped our team make faster decisions, quicker commitments, and improved confidence in handling potential insider or account compromise incidents.

LogRhythm UEBA [EOL] has been a valuable addition to our security operations, especially for detecting insider threats and anomalous user behavior; continued improvements in automation, usability, and integration would make it even more effective, but it already significantly enhances our visibility and response capabilities. I would rate this product an 8 out of 10.

I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools.

It is more about tracking the usage of compromised accounts. All old accounts are the accounts that integrators can use. The solution is used for user entity behavior analysis, however, it is not heavily used due to other alerts. I have started to use it more recently.

In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the use cases LogRhythm has. It does not have a very large use case library, so the content engineer needs to develop use cases rapidly alongside emerging threats.

I have been using it for about six to seven years.

The agents stop troubleshooting automatically after a certain period of time, even when they are installed fresh or reinstalled. It is a definite problem.

The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products. The cost increases too much for the on-prem boxes, eventually leading to a transition to the cloud, where LogRhythm Cloud is too costly compared to competitors.

The response time is the issue at hand and needs improvement.

Neutral

I used the RSA RSSM solution, which is a combination of both NDR and ADA solutions.

I'm also aware of Splunk's capabilities.

It should be ready within a week or more. I need to consider all the requirement analyses and complete all purchases. With everything ready, it should be ready within a week or more. It can provide real-time monitoring, however, enhancements in endpoint tuning are necessary.

One person is not enough; at least two people are needed for the setup. One should handle requirement analysis, and another should be an end-to-end deployment engineer who understands the organization's architecture.

I would not necessarily recommend LogRhythm due to its complexity and lack of modularity. I would always recommend Splunk to users since it is a powerful solution. Combining it with other solutions, such as Vectra, would be a great addition because of the extensive use case library. It is a solution for companies focused on balancing budget rather than performance. 

Overall product rating: six out of ten.

Using machine learning tools, we use the product to reduce cyber risk and investigate attacks more quickly. We use it mainly for user entity behavior analysis.

The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location.

The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs. Consequently, presenting this information to a CSO or senior manager often requires manual reporting rather than relying on the dashboard. I recall experiencing integration challenges with LogRhythm UEBA, particularly when connecting with products not listed in its predefined integrations. These issues often manifest as parsing errors, even when attempting to integrate with cloud logs. 

I have been using the product for six to seven years. 

I rate the product's stability a seven out of ten. It is not too great. 

The on-prem version is not scalable. I rate it a six out of ten. 

LogRhythm UEBA's technical support is slow. 

Neutral

We chose LogRhythm UEBA due to budget constraints. 

The tool's deployment process is not overly complex, but troubleshooting and post-deployment tasks can be challenging, especially when dealing with agent-related issues. Troubleshooting agents often involves removing configuration files and making host configuration changes, which can be more cumbersome than other solutions. As for deployment time typically takes around a week or more, considering all the requirements analysis and preparation.

You need two resources to handle the deployment. One person can focus on requirement analysis, while the other person, preferably an end-to-end deployment engineer, is familiar with the organization's architecture.

I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive. 

I wouldn't recommend LogRhythm UEBA due to its lack of modularity and complexity. I rate it a six out of ten. 

We have the standard use cases for this product including monitoring of any kind. I'm the company CEO and we are partners with LogRhythm. 

The capability of pinpointing specific cyber incidents is a valuable feature for us. It's very good in correlation and it can pinpoint exactly what happened in terms of a cyber incident. I also think they have an impressive dashboard that can be customized quite easily.

We're now exploring the cloud version but unfortunately we've found that they are lagging in that space.

I've been using this solution for four years. 

The stability is good.

One of the major features of LogRhythm is its scalability. You can always scale it to your requirements. Scaling can be done at log collection or processing, or at correlation.

This kind of solution sometimes needs a quick response from support, and it can often take a while for them to respond and also some time to resolve an issue. 

Neutral

The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.

We do have ROI but it's difficult to quantify. 

For our market, licensing costs are on the high side. In comparison to other solutions like IBM QRadar, LogRhythm is actually quite expensive. Their licensing is subscription-based and is quite flexible with various module options that enable a subscription based on your requirements. The support model that we have includes technical support.

LogRhythm is a good solution and my only suggestion to potential customers is to study their internal requirements and then select the features and modules they need for this particular solution spec. If the requirements are well-set and well-defined, then I believe the investment will give a good return.

I rate this solution seven out of 10. 

We use the product as a security program for threat hunting, user behavior, and analytics. It helps us with constant monitoring. We use user logs to secure our infrastructure. 

The tool's most valuable feature is server threat hunting. 

LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users. 

I have been using the solution for four years. 

I rate the solution's stability a seven point five out of ten. 

I rate LogRhythm UEBA's scalability an eight out of ten. 

LogRhythm UEBA's tech support is good. 

Positive

I used Splunk before. 

We encountered challenges during the tool's implementation. 

We sought the support of the vendor to help with the implementation. 

We have seen ROI with the tool's use. 

LogRhythm UEBA's pricing is affordable for small and medium businesses. 

I rate LogRhythm UEBA an eight out of ten. 

I use the solution for a bit of user monitoring and analysis, and logging events.

It is easy to monitor users and that is how the solution is adding value to our firm.

I think almost all the features in terms of how they assist us in monitoring what is going on in our infrastructure are valuable, and I find them useful in monitoring our day-to-day activities.

The UI could be improved a little bit.

I have been working with LogRhythm UEBA for about a year or two.

We have not faced any issues with stability.

The solution is scalable.

The solution was deployed through a third party. Not a lot of people were required for the initial deployment.

I would rate the solution an eight out of ten, because I think it addresses most of our issues. The user interface issues take away some points.

I used the product for monitoring logs.

LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs for 30 to 60 days. 

The product could be user-friendly for someone who doesn’t have any prior experience working with it.

I used LogRhythm UEBA for a year.

It is a stable product.

We have five to six LogRhythm UEBA users in our organization. It is very scalable. I can add as many servers as required.

I have used Microsoft Sentinel. It is a clutter-free solution. In comparison, LogRhythm UEBA is difficult to use for a beginner. It is easier for someone who has experience working with it.

According to a review by one of my colleagues, it is quite a budget-friendly product.

I rate LogRhythm UEBA a seven out of ten. If you are looking for on-premise and budget-friendly tools, you should go for it.

The use case for LogRhythm UEBA depends on the requirement of the customer. My company provides and develops it, and it's up to the customer how he'll use it.

What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems.

I also like that the product is easy to manage and user-friendly.

What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in LogRhythm UEBA.

I've been working on LogRhythm UEBA for more than four years.

LogRhythm UEBA is very stable as long as you deploy it correctly.

LogRhythm UEBA is easy to scale, so I'd give it a ten out of ten.

LogRhythm UEBA has very responsive technical support.

Setting up LogRhythm UEBA is straightforward because my company just integrates the product.

LogRhythm UEBA is easy to set up compared to other technologies, so it's a ten out of ten in terms of setup.

Deploying the product is a quick process, but what takes longer is building the use cases and developing LogRhythm UEBA. It's the same process, duration-wise, in on-premise and cloud deployments.

As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten.

My company is a local distributor of LogRhythm UEBA here in India. It also distributes the product to Sri Lanka, Maldives, and Cambodia. I'm focused on the deployment and development side of LogRhythm UEBA.

I deployed the latest version of the product.

My company has around ten LogRhythm UEBA customers.

Maintaining or upgrading the product requires a professional, and in my region, it's costly.

LogRhythm UEBA is a product I'd recommend to others.

My rating for the product is nine out of ten. It's a very good solution, and only the pricing for LogRhythm UEBA needs improvement.

We are a solution provider and this is one of the products that we implement for our clients.

Customers in Sri Lanka generally purchase this product for network monitoring. 

Implementing this provides greater visibility into the network, as well as client activities.

This solution is really easy to configure.

The most valuable features are file activity monitoring and registry activity monitoring. Users like to have insight as to what is being modified while certain processes are running.

There is a large number of supported devices.

It would be helpful if there were more guidance provided for integrating with unsupported devices.

I have been working with this solution from LogRhythm for about three years.

We have had no bugs, glitches, or other problems with stability.

Scalability has not been an issue for us.

I have been in contact with technical support and they are really good. They have guided us when we've had problems with misconfiguration.

It took us about a month and a half to deploy this solution. The first month involved the setup and then there were two weeks of fine-tuning. In total, after six weeks we were able to bring up the system without any issues.

The deployment for our customers is usually on-premises, although there is a cloud version as well.

The pricing is nice when compared to other products in the industry.

Overall, this is a really good product and I recommend it.

I would rate this solution an eight out of ten.

Our primary use case is to identify the identities and anomalous user behavior and to enhance visibility. 

It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved. 

I have been using LogRhythm Enterprise UEBA for five years. 

The scalability is quite good. We don't have any issues with it. The only problem is that the agents consume too much memory and system resources. The memory and resource consumption is high. 

We have contacted technical support. On a scale from one to ten, I would rate them a six. They respond but it's time-consuming to contact support. We repeatedly call them and they don't respond. They're not as good as other support in the industry. 

It's straightforward. It takes a few days to find anomalies and abnormal behavior. In general, it's of medium level complexity. 

Licensing is on a yearly basis. It's not expensive compared to its competitors. 

We also evaluated CrowdStrike. 

I would rate it a seven out of ten. 

I would recommend this solution so long that LogRhythm does something about the memory and resource consumption. It has a lot of features. It has file integration monitoring but when it's applied it consumes too many resources. It's a big problem with the agents. 

They should improve the interface to make it a better rating.