LogRhythm works within the core of our SOC. It's where our analysts work every day and where we do all of our investigatory work for security incidents.

It created our security posture. It is the central component of all of our security tools and it is the heartbeat of our SOC and our daily operations. It sets the tone for everything that we do.

We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.

LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.

In my company, we use LogRhythm SIEM for integrations. We use the product for SOC use cases. If we have SOC implementations, LogRhythm is the SIEM solution we use since it can also offer a SOAR solution.

We use multiple instances as dark sites. We have roughly 350-400 hosts per site consisting of 4K to 5K log sources.

Our organisations have data centres which are in need of multiple server security devices, network devices and various other solutions. We utilise this solution to integrate Oracle security logs and use another solution to collaborate between these logs and receive alerts based on configured use cases. 

My work is currently in the government sector and my aim is to enhance the organisation's threat detection and response capabilities. I try to utilise the solution in order to provide comprehensive reports with minimum false positives.

It's a next-generation SIEM solution. We use it for our clients. 

The solution is used for threat hunting. We also use it as an SIEM for our SOC.

I found it very useful in our day-to-day operations with monitoring user activity and looking at system analytics and system performance. I found it very useful when investigating threats like IPs, and seeing what's going on with our endpoints, like certain lateral movements that we've noticed. 

I definitely found it very useful when looking at, for example, a compromised host, or a suspicious IP that has been scanning us. I've definitely found it very useful when I look at a log, it'll give me a detailed drill-down of all the information that's needed, including what the rating is, the rating of the threat, and what actions should be taken. 

It gives my team a better idea of what we should do to improve our security posture.

Our primary use case is for general log monitoring. We do not use it as a SIEM.

I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project.

LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.

We have been using LogRhythm for the last seven to eight years. About a year-and-a-half ago we made a push, which is why I was brought on, to go global with it. The global use case is security only, we're not getting back to the business. It's the first time I've done SIEM that works that way. It's all about feeding the SOC and IR teams and letting them do their job.

It is an SIEM tool. It gathers logs, parses and normalizes them, and correlates the logs with the rules we write. For example, if an account tries to log in multiple times with the same username, I can write a rule for it. The SIEM tool would analyze the logs and generate alerts based on the rule.

We work on a dark site. It's the next generation ground station for the Air Force's GPS system. Our use cases are based mostly on an insider-threat perspective.

We utilize a lot of AI Engine rules within the LogRhythm SIEM to detect different types of privileged-user actions, whether it be escalation of privileges, creation of user accounts, or modification of user accounts. We also use it for IDS rules and firewall rules that are met, in terms of the IDS finding signature attacks.

It came in as a compliance package. Now, it is more of a security analytics platform for us, so we try to route relevant security and computer logs. We also have some use cases that we came up with and some of the stuff that LogRhythm provided, which has been the basis of our use of this security platform. 

The company is dedicating me to working on this solution exclusively, so it has been great.

I'm a user, administrator, and analyst. We are using version 7.4.

The solution is deployed on-premise. Three people are working with this product in our company.

The primary use case is to provide security analytics for the SOC and empowering all of our SOC operations for day to day business.

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.

The primary use case for our LogRhythm product is to maintain PCI compliance across all of our environment. We also use it to monitor authentication and monitor our perimeter for security threats.

Primary use case for the SIEM would be for log collection and threat identification.

We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist. 

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

Its primary use cases are log aggregation, security information, and event management correlation.

All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

My primary use case is to alert to any anomalies that may have security relevance as far as some of the industry regulations that apply to our health care, as well as payment card industry.

We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.

The primary use case is looking at our security as a whole, as an organization, trying to get all the logs collected, see how things can be integrated or what's happening through the different products. We also use it to see how people are trying to potentially circumvent security and what we can do to prevent people from doing that. Finally, we use it to get training out to end-users for certain things that they may be doing inaccurately.

We don't currently use the full-spectrum analytics or the built-in playbooks.

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

Our primary use case would be for compliance. We needed a check in the box for compliance. Right now, it's performing and doing its job, allowing us to say that we are compliant with HIPAA, PCI, etc.

There are multiple use cases for the solution, such as long log formatting, log consolidation, data isolation, malware detection, identifying suspicious attacks, and locating ISU records across the network.

We are consultants providing governance solutions for the banking sector. We have a lot of use cases. We have more than 400 use cases for the client side.

This solution's use case is abnormal administrative lockouts, most of the time.

Our primary use case for bringing on a SIEM in general was the need to correlate our data across dozens of different solutions that were spitting out logs. We got to a level of complexity where it became mandatory.

It's our central security monitoring platform. It's where we bring all of our events together so we can monitor our network.

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.

We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm.

It's a general SIEM system for us, gathering the logs into one area.

LogRhythm NextGen SIEM is great. We use it for log management for security purposes.

Our primary use case is for fraud detection and infrastructure, so we use the SIEM to detect frauds in the banking side of the house as well as infrastructure. I use it for security and UEBA purposes. 

It monitors any potential security threats within any of our important network security appliances, like our firewall, or any of our important databases. The idea being that you can't look at all the logs at once, so we now have a central point of monitoring for all potential threats.

We use the product for server and event management for the financial sector.

My primary use case is for log retention. I've been using it for analysis, and to troubleshoot potential issues on my network and infrastructure. To find out what I have in my network that may be causing problems.

My primary use case for this solution is to basically monitor the network to make sure that we don't have unknown users or individuals that should not be in our network. So we use it basically to aggregate our logs within our system and to watch it for possible threats.

Our primary use case for using the LogRhythm SIEM product is reviewing alarms, events, and managing our cases for forensic investigation.

We use it for centralized log management and for alerting. It's been working pretty well. We're on the beta program so what we're on right now has not been working quite as well lately. We're helping them find the bugs, but before this we didn't have any really major issues with it.

We collect from our primary devices and our endpoints and we look to identify any concerns around regulatory requirements in business use. We have payment card industry regulations that we are monitoring, to make sure everything's going the way it's supposed to, as well as for HIPAA, HITECH, and general security practices.

It is for security monitoring.

We use it for all of our log correlations and event management. We try to do some external troubleshooting for other groups, like WebOps, but it's primarily our security and event manager.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

We use it for log ingestion and monitoring activity in our environment.

Our primary use case is for looking at daily logs, drawing conclusions, and making relationships and correlations to investigate particular event IDs, investigate particular alarms that we have, and just viewing normal data use. I'm new to the system so I'm still getting used to it. 

We utilize the LogRhythm solution to monitor most of our servers and our users to make sure that nothing anomalous is happening. What I really love about the LogRhythm platform is the fact that when something anomalous happens, I can see it almost immediately through the ability to collect a massive amount of logs in a very small footprint as far as hardware goes.

We do utilize everything. I think one of the most recent things that I've really enjoyed about LogRhythm is the ability to utilize smart responses published by LogRhythm. For example, one of our use cases is that when we have a termed users group, that when someone is placed in there, we want to monitor to see if their account is ever activated again. So we have a smart response set up that when a termed user is enabled, the smart response immediately activates and says bam, that user is getting disabled again. We don't want anyone to have access to that at all.

The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.

I use the solution for logistics and metrics. We use LogRhythm SIEM for our company and our clients. The solution is deployed on separate machines.

Mostly, the use cases involve detecting lateral movements, malware infections, and insider threats.

We serve small, medium, and large companies, mostly in the finance sector, here in Sri Lanka.

The primary use is monitoring logs, to see what's going on.

Our company manages the solution as a threat hunting platform for a semi-government client in the Hong Kong insurance industry. We collect logs for video, active directories, antivirus, and firewalls to consolidate them in the solution. 

From the central log collector, we build detection policies to identify threats or possible breaches. The solution also serves as a data storage platform to troubleshoot issues and find root causes.

In addition, logs that include performance data are created for devices such as routers and switches to monitor the availability of the office network. 

We also perform ongoing maintenance of the solution and all components to ensure everything runs smoothly. 

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

We use it to alarm our help desk. 

We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.

We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior. 

The primary use case for this solution is to monitor our environment and ensure that we are not having any breaches. In addition, this solution allows us to maintain compliance with HIPAA .

I'm an admin and analyst, so use cases cover a lot of log sources for applications, mostly.

Our primary use case is incident response and alerting. In terms of performance, it's pretty awesome.

My primary use case is threat detection.

The primary use case is compliance requirements. 

It is performing at the moment, but we are still in the process of implementing it.

We have a small population of users, but we are large physically and geographically spread out with a lot of devices on our network. We need all that login capability going into one spot where we can see it and correlate events across all our infrastructure with a small staff.

Our primary use case for LogRhythm is using the log ingestion and analytic features.

The primary use case is to monitor for compliance and the behavioral analytics of our users, tracking for potential threats to the company's infrastructure.

We are using both products. We are using NetMon integrated with the LogRhythm platform.

LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access. 

We typically consult with our clients and help them with necessary services.

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

Our primary use case is for financial companies and telcos.

NextGen SIEM is primarily used by the SOC team to detect attacks. 

Private monitoring is our primary use case.

The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.