LogRhythm SIEM Reviews

Name: LogRhythm SIEM
Brand: LogRhythm
Rating: 4.2 (173 reviews)

4.2 out of 5

173 reviews
89% willing to recommend

6,349 followers

What is LogRhythm SIEM?

LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM is for organizations that require an on-premises solution and offers:

Get the LogRhythm SIEM Buyer's Guide and find out what your peers are saying about LogRhythm SIEM, CrowdStrike Falcon, Wazuh and more!

LogRhythm SIEM is the #7 ranked solution in top Security Information and Event Management (SIEM) solutions and #11 ranked solution in Log Management Software. PeerSpot users give LogRhythm SIEM an average rating of 8.4 out of 10. LogRhythm SIEM is most commonly compared to CrowdStrike Falcon: LogRhythm SIEM vs CrowdStrike Falcon. LogRhythm SIEM is popular among the midsize enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 36% of all views.

Helped 849,686 peers since 2012

Featured LogRhythm SIEM reviews

Mokhammad Rakhman

Product Development - Security Solutions Manager at Aplikanusa Lintasarta

LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis. The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient. Analytics and behavioral analysis help me save time with rule creation. Its scalability allows me to add components as needed. Overall, LogRhythm SIEM offers end-to-end visibility with a reasonable price.

Read full review

Joe Benjamin

SIEM Architect at Marsh & McLennan Companies, Inc.

My biggest complaint is documentation. Everyone tells me, "We have documentation on the LogRhythm Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable. We're running an HA situation and we wanted to do an upgrade. There was "Oh, and do this," in the documentation. It didn't give you an order, step one, step two. It was just, "You've got to do this and this and this." We decided to do it as they wrote it and it totally messed us up. We had to then reinstall. It just was a mess. Also, I can't really talk about features I would like until I have a stable environment. Once I have that, there are things that we would like. For example, we're doing a lot of things in-house. We're doing auto-acceptance; LogRhythm doesn't do it quickly enough. We develop something because LogRhythm is taking a long time in developing things, and then we want to present it to LogRhythm and say, "What do you think?" We don't even mind if they steal it and use it. But at the same time, we're getting a response of, "No, you're probably not doing it right. You're probably missing stuff." We're still going to do it. My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue. Finally, writing parsers is much easier - and I can tell you a few things about it - in Security Analytics. I would love LogRhythm to get something similar to that, instead of having to write out RegEX. That's very old-school.

Read full review

Jim Mohr

Principal Security Analyst at a healthcare company with 501-1,000 employees

There are two improvements we'd like to see. I mentioned these last year and they haven't implemented them yet. The first one is service protection. I have Windows administrators who will remove the agent when they think that that is what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that. Why does the LogRhythm agent not have that built-in so that I don't have well-intended admins removing things or shutting off agents? I don't like that. The second one is, you can imagine my logging levels vary. We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak?" I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF. I have to analyze it and say, "Well, last month, Exchange entity was only averaging this many logs. Now it jumped up this much. It could have been that." But then, if I find something that spiked, I still have to make sure nothing else bottomed out, because there might be a 600,000 log delta if something else wasn't producing as many logs as it normally does. I would like to see like profiling behavior awareness around systems, like they've been gunned to do around users with UEBA.

Read full review

LogRhythm SIEM mindshare

Product category:

As of May 2025, the mindshare of LogRhythm SIEM in the Security Information and Event Management (SIEM) category stands at 3.3%, down from 4.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on LogRhythm SIEM reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	LogRhythm SIEM vs Splunk Enterprise Security	Apr 30, 2025	Download
Comparison	LogRhythm SIEM vs Wazuh	Apr 30, 2025	Download
Comparison	LogRhythm SIEM vs Microsoft Sentinel	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	126 interviews Add to research
Wazuh	3.7	13.9%	79%	46 interviews Add to research

Valuable Features

LogRhythm SIEM offers valuable features like the Advanced Intelligence Engine for threat intelligence, centralization of logs, real-time monitoring, user-friendly web interface, comprehensive dashboards, and robust compliance reporting. The AI Engine enhances security analytics by correlating events, while its ease of deployment and integration with diverse log sources improves efficiency. Its usability, ease of administration, and ability to provide end-to-end visibility in a secure environment are appreciated by users.

"Overall, my rating for LogRhythm SIEM is nine out of ten."
"LogRhythm SIEM has strong machine-learning capabilities with behavioral rules and analysis."
"LogRhythm SIEM has some valuable features, including its ability to maintain backups of events and manage alerts separately through an engine that handles content and administration tasks."

Room for Improvement

LogRhythm SIEM needs improvements in integration with other applications and platforms, customization capabilities, and user interface design for enhanced usability. There are challenges with log retrieval, parsing, and automation features, as well as performance issues when handling large volumes of data. Reporting functions are limited, and more efficient database management is desired. Support and community resources are inadequate, and there is a need for better cross-platform compatibility and a more streamlined onboarding process.

"I face stability issues every quarter that necessitate corrective maintenance."
"The SOAR capabilities need improvements as they currently require programming knowledge."
"LogRhythm SIEM needs improvement in data grouping and manipulation capabilities."

ROI

Users have noted improved visibility and mean time to detect and respond after implementing LogRhythm SIEM. Many observe enhanced productivity and consistency due to automated workflows and valuable features, contributing to reduced response times. Several anticipate a return on investment, highlighting its benefits for infrastructure and security. PCI compliance and peace of mind are recognized advantages, with some mentioning a tangible return due to cost-effective operations for medium-sized or smaller organizations.

Pricing

Enterprise buyers evaluate LogRhythm SIEM as having competitive pricing, though it can be high compared to other solutions. Licensing is transparent and straightforward, often based on MPS, and they provide flexibility with a perpetual option to avoid annual renewals. LogRhythm's initial setup cost includes professional services, which can be expensive, yet deemed valuable for complex environments. Overall, it is seen as more affordable than some competitors, particularly in markets where cost is challenging.

"The license cost is around $10 per MPS."
"I think the tool is reasonably priced. There is a need to pay per year towards the licensing costs of the tool."
"On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either.Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution."

Popular Use Cases

LogRhythm SIEM is primarily utilized for compliance, security monitoring, and threat detection. Users leverage it to correlate and analyze server logs, ensuring visibility across networks. Organizations depend on it for regulatory compliance such as HIPAA and PCI, incident response, and centralized log management. It aids in identifying potential security threats, integrates disparate log sources for anomaly detection, and supports security operations centers in optimizing cybersecurity measures.

Service and Support

LogRhythm SIEM's customer service and support receive high praise for their promptness, knowledge, and helpfulness. Users frequently report timely and effective communication, with quick responses often within 24 hours. Some users experience longer wait times or suggest improvements in initial support levels, but escalations are usually well-handled. The support team's ability to resolve technical issues is appreciated, although newer users sometimes find initial guidance lacking. Overall, LogRhythm SIEM is considered responsive and efficient.

Deployment

LogRhythm SIEM's initial setup is generally described as straightforward by many users, especially with Professional Services assistance, but can become complex depending on specific deployment scenarios, log sources, and configurations. Training and precise planning are often recommended to streamline the process. Users appreciate its user-friendly interface but acknowledge that expertise and experience are beneficial. Various users mention that the environment's characteristics influence the complexity and time required for full implementation.

Scalability

LogRhythm SIEM is highly scalable, accommodating various organizational needs, from small to large enterprises. The platform supports high-volume log ingestion through modular components, hardware upgrades, and licensing adjustments. Users appreciate its horizontal and vertical scalability, augmenting with additional hardware or moving to cloud environments. While some note challenges with appliance-based setups, many find it easy to expand through virtual servers. LogRhythm is recommended for enterprises needing flexible, extensive scalability options.

Stability

LogRhythm SIEM exhibits robust stability for many users, although some have encountered hardware and scalability challenges. Initial deployment sometimes presents minor bugs or performance issues; however, support teams are quick to resolve these. High availability setups and recent updates have enhanced performance. Many experience seamless operation, while a few face hiccups with log processing under heavy load. Redundancy in infrastructure helps maintain uptime, contributing to positive feedback on its dependability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our LogRhythm SIEM Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Educational Organization

36%

Computer Software Company

10%

Financial Services Firm

Government

Manufacturing Company

Healthcare Company

Comms Service Provider

University

Energy/Utilities Company

Retailer

Real Estate/Law Firm

Insurance Company

Construction Company

Media Company

Non Profit

Legal Firm

Hospitality Company

Performing Arts

Aerospace/Defense Firm

Outsourcing Company

Pharma/Biotech Company

Wholesaler/Distributor

Transportation Company

Consumer Goods Company

Recreational Facilities/Services Company

Compare LogRhythm SIEM with alternative products

Learn more about LogRhythm SIEM

● Streamlined workflow

● Secure data access

● Real-time visibility

● A unified user experience

● Management customization

Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology addresses threats before they become significant financial risks while simultaneously helping better manage an organization’s assets.

LogRhythm SIEM has many key features and capabilities, including:

● High-Performance Log Management: LogRhythm SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

● Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

● SmartResponse™ Automation: LogRhythm SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

● Automated Machine Analytics: LogRhythm SIEM's AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

● Case and Security Incident Management: LogRhythm SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

● User and entity behavior analytics (UEBA): Embedded deterministic UEBA monitoring helps protect against insider threats.

● Security orchestration, automation, and response (SOAR): LogRhythm SIEM includes our embedded SOAR solution to increase efficiency and higher-quality incident response with low mean time to response (MTTR).

Benefits to Using LogRhythm SIEM

● The platform offers great value to security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

Reviews from Real Users

LogRhythm SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

Jason G., a senior cybersecurity engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

LogRhythm SIEM was previously known as LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM.