LogRhythm SIEM Primary Use Case
KM
Kevin Merolla
Global Security Manager at Chart Industries Inc
LogRhythm works within the core of our SOC. It's where our analysts work every day and where we do all of our investigatory work for security incidents.
It created our security posture. It is the central component of all of our security tools and it is the heartbeat of our SOC and our daily operations. It sets the tone for everything that we do.
View full review »We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.
LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.
View full review »
Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
769,599 professionals have used our research since 2012.
YI
Yassine Ibnoucheikh
Regional Technical Manager at HTBS
In my company, we use LogRhythm SIEM for integrations. We use the product for SOC use cases. If we have SOC implementations, LogRhythm is the SIEM solution we use since it can also offer a SOAR solution.
JG
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
We use multiple instances as dark sites. We have roughly 350-400 hosts per site consisting of 4K to 5K log sources.
View full review »Our organisations have data centres which are in need of multiple server security devices, network devices and various other solutions. We utilise this solution to integrate Oracle security logs and use another solution to collaborate between these logs and receive alerts based on configured use cases.
My work is currently in the government sector and my aim is to enhance the organisation's threat detection and response capabilities. I try to utilise the solution in order to provide comprehensive reports with minimum false positives.
View full review »
SK
reviewer2104419
Manager Solutions Architect at a comms service provider with 10,001+ employees
It's a next-generation SIEM solution. We use it for our clients.
View full review »SR
reviewer2344221
Sr Manager - Information Security at a computer software company with 1,001-5,000 employees
The solution is used for threat hunting. We also use it as an SIEM for our SOC.
View full review »DH
DylanHaddad
SOC Analyst at PLS Financial
I found it very useful in our day-to-day operations with monitoring user activity and looking at system analytics and system performance. I found it very useful when investigating threats like IPs, and seeing what's going on with our endpoints, like certain lateral movements that we've noticed.
I definitely found it very useful when looking at, for example, a compromised host, or a suspicious IP that has been scanning us. I've definitely found it very useful when I look at a log, it'll give me a detailed drill-down of all the information that's needed, including what the rating is, the rating of the threat, and what actions should be taken.
It gives my team a better idea of what we should do to improve our security posture.
View full review »AS
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
Our primary use case is for general log monitoring. We do not use it as a SIEM.
View full review »AG
reviewer1402677
Cybersecurity Solutions Architect at a tech vendor with 10,001+ employees
I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project.
LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.
View full review »JB
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
We have been using LogRhythm for the last seven to eight years. About a year-and-a-half ago we made a push, which is why I was brought on, to go global with it. The global use case is security only, we're not getting back to the business. It's the first time I've done SIEM that works that way. It's all about feeding the SOC and IR teams and letting them do their job.
View full review »LV
Likhith Varma
Security Analyst at Secure-24
It is an SIEM tool. It gathers logs, parses and normalizes them, and correlates the logs with the rules we write. For example, if an account tries to log in multiple times with the same username, I can write a rule for it. The SIEM tool would analyze the logs and generate alerts based on the rule.
View full review »JG
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
We work on a dark site. It's the next generation ground station for the Air Force's GPS system. Our use cases are based mostly on an insider-threat perspective.
We utilize a lot of AI Engine rules within the LogRhythm SIEM to detect different types of privileged-user actions, whether it be escalation of privileges, creation of user accounts, or modification of user accounts. We also use it for IDS rules and firewall rules that are met, in terms of the IDS finding signature attacks.
View full review »KS
Kurt Schroeder
Senior Security Engineer at a manufacturing company with 5,001-10,000 employees
It came in as a compliance package. Now, it is more of a security analytics platform for us, so we try to route relevant security and computer logs. We also have some use cases that we came up with and some of the stuff that LogRhythm provided, which has been the basis of our use of this security platform.
The company is dedicating me to working on this solution exclusively, so it has been great.
View full review »KB
Karim Bondok
Senior Cyber Security Engineer at a logistics company with 10,001+ employees
I'm a user, administrator, and analyst. We are using version 7.4.
The solution is deployed on-premise. Three people are working with this product in our company.
View full review »GC
Gene Cupstid
Security Engineer at a logistics company with 10,001+ employees
The primary use case is to provide security analytics for the SOC and empowering all of our SOC operations for day to day business.
View full review »AS
Austin Spell
Information Technology with 501-1,000 employees
We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.
View full review »RC
reviewer1992084
Senior Security Analyst at a transportation company with 501-1,000 employees
It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.
View full review »DS
David Schell
IT Security Analyst at a hospitality company with 10,001+ employees
The primary use case for our LogRhythm product is to maintain PCI compliance across all of our environment. We also use it to monitor authentication and monitor our perimeter for security threats.
View full review »RH
Rob Haller
Security Engineer at U.S. Acute Care Solutions
Primary use case for the SIEM would be for log collection and threat identification.
We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist.
View full review »We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.
View full review »RO
reviewer1326963
FSE at a computer software company with 1,001-5,000 employees
Its primary use cases are log aggregation, security information, and event management correlation.
All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.
View full review »JM
JimMohr
Principal Security Analyst at a healthcare company with 10,001+ employees
My primary use case is to alert to any anomalies that may have security relevance as far as some of the industry regulations that apply to our health care, as well as payment card industry.
View full review »JH
Jacob Hinkle
Security Engineer at Managed Technology Services, LLC fka LexisNexis
We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.
DO
SecEng3904
Senior Security Engineer at a healthcare company with 10,001+ employees
The primary use case is looking at our security as a whole, as an organization, trying to get all the logs collected, see how things can be integrated or what's happening through the different products. We also use it to see how people are trying to potentially circumvent security and what we can do to prevent people from doing that. Finally, we use it to get training out to end-users for certain things that they may be doing inaccurately.
We don't currently use the full-spectrum analytics or the built-in playbooks.
View full review »AA
reviewer1973901
Assistant Manager Enterprise Security
We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.
View full review »WF
Wadson Fleurigene
Information Security Engineer at Seminole Tribe of Florida
Our primary use case would be for compliance. We needed a check in the box for compliance. Right now, it's performing and doing its job, allowing us to say that we are compliant with HIPAA, PCI, etc.
View full review »There are multiple use cases for the solution, such as long log formatting, log consolidation, data isolation, malware detection, identifying suspicious attacks, and locating ISU records across the network.
View full review »We are consultants providing governance solutions for the banking sector. We have a lot of use cases. We have more than 400 use cases for the client side.
View full review »JM
Janaka Munasinghe
Senior System Administrator at DP Infotech Pvt Ltd
This solution's use case is abnormal administrative lockouts, most of the time.
View full review »KM
Kevin Merolla
Global Security Manager at Chart Industries Inc
Our primary use case for bringing on a SIEM in general was the need to correlate our data across dozens of different solutions that were spitting out logs. We got to a level of complexity where it became mandatory.
View full review »AW
Alex Wood
Systems CSO at a manufacturing company with 1,001-5,000 employees
It's our central security monitoring platform. It's where we bring all of our events together so we can monitor our network.
View full review »TG
Tyler Goss
Cybersecurity Analyst with 201-500 employees
We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.
View full review »SB
SANJAI BOSCO
Technology Solutions Head at MANTRA TECHNOLOGIES LTD
Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.
AB
Ashlish Baria
Manager of Information Security at a real estate/law firm with 51-200 employees
The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.
View full review »GW
Gordon Wallum
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm.
It's a general SIEM system for us, gathering the logs into one area.
View full review »MR
Moshiur Rahman Khan
CEO at a tech services company with 51-200 employees
LogRhythm NextGen SIEM is great. We use it for log management for security purposes.
PP
Punit Patel
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
Our primary use case is for fraud detection and infrastructure, so we use the SIEM to detect frauds in the banking side of the house as well as infrastructure. I use it for security and UEBA purposes.
View full review »MN
Mike Natale
Information Security Analyst at Endicott College
It monitors any potential security threats within any of our important network security appliances, like our firewall, or any of our important databases. The idea being that you can't look at all the logs at once, so we now have a central point of monitoring for all potential threats.
MR
Moshiur Rahman Khan
CEO at a tech services company with 51-200 employees
We use the product for server and event management for the financial sector.
View full review »JW
James Whistler
Security Administrator at a non-profit with 501-1,000 employees
My primary use case is for log retention. I've been using it for analysis, and to troubleshoot potential issues on my network and infrastructure. To find out what I have in my network that may be causing problems.
View full review »DH
reviewer748821
Information Security Analyst at a non-profit with 1,001-5,000 employees
My primary use case for this solution is to basically monitor the network to make sure that we don't have unknown users or individuals that should not be in our network. So we use it basically to aggregate our logs within our system and to watch it for possible threats.
View full review »EH
Eric Hart
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
Our primary use case for using the LogRhythm SIEM product is reviewing alarms, events, and managing our cases for forensic investigation.
View full review »BH
Briane Harris
SOC Analyst at a financial services firm with 1,001-5,000 employees
We use it for centralized log management and for alerting. It's been working pretty well. We're on the beta program so what we're on right now has not been working quite as well lately. We're helping them find the bugs, but before this we didn't have any really major issues with it.
View full review »JM
Jim Mohr
Principal Security Analyst at a healthcare company with 501-1,000 employees
We collect from our primary devices and our endpoints and we look to identify any concerns around regulatory requirements in business use. We have payment card industry regulations that we are monitoring, to make sure everything's going the way it's supposed to, as well as for HIPAA, HITECH, and general security practices.
View full review »AB
SeniorSe307d
Senior Security Analyst at a consultancy with 1,001-5,000 employees
It is for security monitoring.
View full review »We use it for all of our log correlations and event management. We try to do some external troubleshooting for other groups, like WebOps, but it's primarily our security and event manager.
View full review »GN
productm1010136
Head Of Technical Services at a tech services company with 51-200 employees
I am a distributor and not an end-user of the product, so I cannot comment on use cases.
MC
reviewer1283208
Information Security Officer, Network Analyst at a university with 1,001-5,000 employees
We use it for log ingestion and monitoring activity in our environment.
View full review »JD
Vp9875
Vice President at a financial services firm with 201-500 employees
Our primary use case is for looking at daily logs, drawing conclusions, and making relationships and correlations to investigate particular event IDs, investigate particular alarms that we have, and just viewing normal data use. I'm new to the system so I'm still getting used to it.
View full review »JA
Jeremy Alder
Security Lead at a financial services firm with 201-500 employees
We utilize the LogRhythm solution to monitor most of our servers and our users to make sure that nothing anomalous is happening. What I really love about the LogRhythm platform is the fact that when something anomalous happens, I can see it almost immediately through the ability to collect a massive amount of logs in a very small footprint as far as hardware goes.
We do utilize everything. I think one of the most recent things that I've really enjoyed about LogRhythm is the ability to utilize smart responses published by LogRhythm. For example, one of our use cases is that when we have a termed users group, that when someone is placed in there, we want to monitor to see if their account is ever activated again. So we have a smart response set up that when a termed user is enabled, the smart response immediately activates and says bam, that user is getting disabled again. We don't want anyone to have access to that at all.
View full review »SB
Steve Bonek
Information Security Manager at a tech vendor with 1,001-5,000 employees
The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.
View full review »I use the solution for logistics and metrics. We use LogRhythm SIEM for our company and our clients. The solution is deployed on separate machines.
View full review »Mostly, the use cases involve detecting lateral movements, malware infections, and insider threats.
We serve small, medium, and large companies, mostly in the finance sector, here in Sri Lanka.
View full review »SK
Security40a8
Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
The primary use is monitoring logs, to see what's going on.
View full review »PC
PH Chiu
Consultant at RIPEN
Our company manages the solution as a threat hunting platform for a semi-government client in the Hong Kong insurance industry. We collect logs for video, active directories, antivirus, and firewalls to consolidate them in the solution.
From the central log collector, we build detection policies to identify threats or possible breaches. The solution also serves as a data storage platform to troubleshoot issues and find root causes.
In addition, logs that include performance data are created for devices such as routers and switches to monitor the availability of the office network.
We also perform ongoing maintenance of the solution and all components to ensure everything runs smoothly.
View full review »SR
Sadat Mohammad Rifat
Senior System Engineer at a tech services company with 11-50 employees
We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.
View full review »MS
MarkSemkiw
Senior Network Engineer with 201-500 employees
We use it to alarm our help desk.
We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.
View full review »MB
Mark Baksh
IT Specialist at a healthcare company with 51-200 employees
We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.
View full review »KM
KatMcMillian
Sr IT Security Engineer at Puget Sound Energy
We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior.
View full review »DK
David Kehoe
Information Security Analyst at a retailer with 201-500 employees
The primary use case for this solution is to monitor our environment and ensure that we are not having any breaches. In addition, this solution allows us to maintain compliance with HIPAA .
KW
Security9162
Security Engineer at a financial services firm with 1,001-5,000 employees
I'm an admin and analyst, so use cases cover a lot of log sources for applications, mostly.
View full review »AO
SeniorSe0355
Senior Security Analyst at a leisure / travel company with 10,001+ employees
Our primary use case is incident response and alerting. In terms of performance, it's pretty awesome.
View full review »EC
Security7ef8
Security Admin with 1,001-5,000 employees
My primary use case is threat detection.
View full review »AW
Anthony Workman
Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees
The primary use case is compliance requirements.
It is performing at the moment, but we are still in the process of implementing it.
View full review »CO
SnrArchi4b5a
Senior Architect at a energy/utilities company with 201-500 employees
We have a small population of users, but we are large physically and geographically spread out with a lot of devices on our network. We need all that login capability going into one spot where we can see it and correlate events across all our infrastructure with a small staff.
View full review »TS
Timothy Sueck
Security Analyst at a financial services firm with 201-500 employees
Our primary use case for LogRhythm is using the log ingestion and analytic features.
View full review »HM
ITSecuri3467
IT Security Architect at a construction company with 10,001+ employees
The primary use case is to monitor for compliance and the behavioral analytics of our users, tracking for potential threats to the company's infrastructure.
We are using both products. We are using NetMon integrated with the LogRhythm platform.
View full review »AW
Andy-Wijaya
Principal Consultant at ITSEC Asia
LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access.
View full review »SB
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
We typically consult with our clients and help them with necessary services.
View full review »SS
reviewer1306557
Systems Administrators at a tech services company with 201-500 employees
I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.
View full review »CE
Chamini Ellawala
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.
Our primary use case is for financial companies and telcos.
View full review »RJ
reviewer1115169
Consultant at a tech services company with 11-50 employees
NextGen SIEM is primarily used by the SOC team to detect attacks.
View full review »SB
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
Private monitoring is our primary use case.
LM
Lindsay Mieth
CISO at a religious institution with 501-1,000 employees
The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.
View full review »Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
769,599 professionals have used our research since 2012.