LogRhythm SIEM Reviews

Our primary use case is for financial companies and telcos.

The most valuable feature is that we can alternate incident automations.

We need to get better training for things like creating code and playlists. The way it's done now takes a long time. 

I have been using LogRhythm NextGen SIEM for two years. 

The stability depends on the client we installing or integrating for based on the server's requirements. We can create them according to that defined time period. It's not that difficult but depending on the customer or the other server requirements.

We can have a dashboard in a single platform, we can get notifications via email or SMS, and we have Smart Response actions. So that kind of possibility is there.

Our clients are mostly on a larger scale. 

You can request support and they respond immediately. They're really good. 

The initial setup is easy. It can take two hours. The first day of deployment is easy. Then depending on the devices and log servers, it can take time. We can give them predefined or pre-created devices and logs. The deployment depends on the devices and systems we are integrating. But the initial stage is easy.

Because we are a developing country, the costs depend on country development. We implement it for large-scale companies because normal companies, startup companies, can't afford products at that price. We mainly focus on large-scale companies.

I would definitely recommend this solution if you can afford it. 

We get customized reports and we get reports including all the details, but when we start using them we couldn't start with the Outlook editor. We can customize a document and we can write a report. The dashboards are very user-friendly and very attractive. But when it comes to the reporting part, I think that could use improvement in the next release. 

I would rate it a seven out of ten. 

I believe the most valuable feature for us has been that we have all the logs together. We can query them, we can find all kinds of different situations that are going on in our network that we wouldn't have knowledge of without searching many different servers and logs.

Quicker ability to troubleshoot the problem, find the problem, get it fixed, and get the customers back up and using our system. 

I'm sure there are always areas, in stability and scaling, that need improvement. I don't have anything right off that I can say I know needs improvement right at this point.

We installed in 2009, and the stability has improved over the years. I consider it to be quite a stable product now. It seems to work day after day, week after week.

With version 7, we feel the scaling improved a lot. We are a large health system and we are quite often adding new businesses, new healthcare offices, new hospitals to our system. We we are able to add those extra logs into our system without causing any issues.

Tech support has always been good from the very first. In most cases the first response is a good one. It does the job, and if not, then you get back to them and they stay with you until they get it fixed.

We thought the setup was very quick and easy, of course we didn't try to boil the ocean all at once. We've been, over the years, adding more and more phases to our system, completed it in phases.

Really figure out what you want it to do for you, because it is very flexible and can be used for many different purposes. Determine what you want to use it for, and then get the assistance from LogRhythm to help implement it in that way. Then you can always expand it and take in other areas. But your primary goals need to be met right up front.

We are very happy with it.

It has helped tremendously when following up on investigations and logs. We often get bogged down with many tasks during the day. We can actually come back to a particular scenario that we are looking into, so it has been very beneficial for that.

Key challenges are our users and network. In our network, we get logs from a particular product called a NetScaler, which hides our source IPs, so that makes it a little challenging. Our goals are to tune LogRhythm further and utilize all the different modules that they do offer us. It is a challenge to get it all done.

• The web console
• The case management

I did hear about the new playbook edition coming up and I am excited about it.

It is excellent.

I have used the tech support and think they are great. I have many vendors that I deal with for other tools and hands down LogRhythm has been the best SIEM solution.

It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion. I definitely think it is worthwhile.

It is very important for me that the solution be a unified end-to-end platform.

The log aggregation is what we use it for.

We don’t have a lot of the reporting configured or the advanced analytics. When the time is right, we will we will make the most of these features.

We need to improve our internal training and use of it. We use it, but we don’t use it to its potential. It’s a very powerful and robust device and application. We don’t use it how we could.

I don’t have a lot of confidence in their support. The support is not first class. I am still working with them with follow ups with the numerous issues we have had. The appliance itself seems to be doing what it’s supposed to, but the support is lacking.

I've used it for six years.

We went through research of multiple products that were similar in nature and selected LogRhythm based on the ability to comply with regulations and the advanced features that it offered. It’s a really deep product and you can do a lot with it, but it just hasn't been realized.

It handles what we throw at it.

I have mixed feelings. We have had some issues with their internal support.

We lost our ability to access the support portal, and it took them around three weeks to resolve it. We had a new upgraded appliance implemented and professional services set it up. They failed to take all of the alerts and bring it to the new appliance.

We implemented it in-house.

The licensing has improved. It has gone down because it is no longer individual monitoring licensing, whereas before it was licensed per collection manager. They have given us decent pricing, they gave us credit for the old appliance.

I find that the ease of installation is a valuable part of the solution.

The consolidation of the logs and being able to manage the items we have coming in -- all in one product -- has really helped this company a lot.

The main area of improvement is that the client must be installed on the computer for all of the functions to work. So if the client doesn't have a customer in their system, they can’t use it.

I have been directly responsible for this install around two years. I worked with LogRhythm at another company for around three years.

We didn’t encounter any issues that were not fixable.

I can’t remember the last time it was down. It’s very stable.

The way it’s set up with agents, we can scale very well and if we need to we can just add more hardware to the system. The only limit is the hardware. We have been happy with it.

Very knowledgeable, though I wouldn’t say proactive. When you speak with technical support you don’t actual speak with someone: you leave a message, which I do not like, although they respond pretty quickly.

The scalability was the main reason for switching. You never know how much you may need and the ability to quickly adapt is great.

The ability to add something quickly is very important. It's more complete than a lot of products, such as Splunk, but you have to put in a lot of work.

With LogRhythm, security feeds and security alerts are just built in.

We did migrate recently and had help from LogRhythm.

I’d say we have an ROI. It helps us identity problems before they become issues.

Always plan for more logs than you think you have. Once you start collecting you will realize that you need more than you thought.

My relationship has been very good. When we updated our software we set up weekly meetings which really helped us with reporting. We don’t directly get in touch with support but when we do they solve our problems.

NextGen SIEM is primarily used by the SOC team to detect attacks. 

NextGen SIEM's most valuable feature is its user-friendliness.

NextGen SIEM's integration with other software is good but could be improved.

I've been working with LogRhythm NextGen SIEM for three years.

NextGen SIEM is stable.

The initial setup was straightforward.

I would recommend NextGen SIEM to those considering implementing it and would rate it eight out of ten.

NextGen SIEM's best feature is how it presents logs. For example, the dashboard view is detachable from other things.

NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms. In the next release, I would like to see the network hierarchy diagram that QRadar offers.

I've been using LogRhythm NextGen SIEM for one year.

NextGen SIEM's performance is quite good.

NextGen SIEM is easy to scale.

I previously used QRadar SIEM.

The initial setup was simple, and it took two days to deploy.

NextGen SIEM's pricing is moderate. There are additional costs for different applications.

I would recommend NextGen SIEM to other users as it is a leading solution with new features at a better price than competitors like Splunk and QRadar.