LogRhythm SIEM Reviews

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

This product has made it easier for our team to correlate security events and react quicker to incidents.

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

I've used it for five months.

The deployment was very smooth.

There were occasional stability problems, but they were resolved by support in a timely fashion.

No issues encountered.

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

This is our first SIEM.

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

• Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
• LRM for logging and compliance, 8/10

Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.

Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.

• LRM – four years
• AIE – three years

No issues encountered.

There have been issues with the hardware which has resulted in the LRM going down a few times.

No issues encountered.

It's the best there is.

It's the best there is.

We had Tripwire, but we needed logging and SIEM, not just logging.

It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.

We had a mix of an in-house team with one from LogRhythm.

Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.

Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.

• QRadar
• RSA
• Tripwire

Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.

• Investigation
• Advanced Intelligence Engine
• Alarming and Response

We have made this the foundation of our security intelligence within our organization. It has allows us to detect and remediate Advanced Persistent Threats.

I would like to the log management database perform more efficiently.

I've used it for five years.

Some minor bugs with the mediator. Those have been fixed in patch releases a long time ago.

9/10.

9/10.

Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.

We implemented it in-house. Active Directory import makes initial configuration quick and easy.

We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.

We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.

Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.

The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise.

There is room for improvement in the area of File Integrity Monitoring.

I've used it for 15 months.

No issues encountered.

No issues encountered.

No issues encountered.

It's excellent.

It's excellent.

I have used Tripwire, which was a poor SIEM solution.

We used a vendor team. I recommend using LogRhythm's professional services for assistance with implementation.

I highly recommend LogRythm for SIEM.

The Web UI is perhaps the most valuable feature in the solution.

LogRhythm allows our IT/IS teams to quickly identify issues across the enterprise. Searches can be performed using any known value, IP address, hostname, username, event. The results are then used to "open a case". The case is assigned to an analyst, who can add additional info during the research and remediation efforts.

Report-building is in Crystal Reports and has a limitation. A non-editable template must be created, then the report is created against the template. OFI is this. The template needs a preview option, as well as an edit option.

8 months

None that were not easily overcome.

None

No, we right sized the deployment and also deployed as a high-availability environment.

I have been very pleased with customer service. I have only had to contact my CS a couple of times, and he has done a great job of followup to insure my company's needs were met in a timely fashion.

Great support team. Average call pickup time has been less than 1/2 hour. I have had a couple of "scheduled" appointments get delayed when the agent's previous call ran over.

We previously used Juniper STRM, rebranded QRadar. We faced 1. Log processing could not keep up with collection, so events were being dropped. 2. Support was poor. 3. When a ($45 at Bestbuy) disk drive went out, we were sent an entirely new system. 4. When faced with upgrading to support our log collection demands, the estimated cost was several times greater than the LR deployment.

Depending on the size and complexity of the deployment, i recommend paying for the Professional Services team to assist. All work was done in a remote session.

I also recommend not attending the training sessions until a few weeks of bake-in have occurred. Too many topics were covered to fully absorb all the information that was disseminated.

Our internal security team performed the majority of the installation, again working with the PS group at LogRhythm.

We immediately saw benefit on our first investigation.

Depending on the size, number of logs, I recommend deploying VM (or physical) collectors, and have the logs forwarded to the appliance. We are collecting logs from 2500+ systems, and did not want to impact the appliance with collection, but rather, analyzing logs. This solution has worked very well so far.

We reviewed several solutions including Alien Vault (not large enough for our needs), Splunk (would need a full time programmer to write queries), QRADAR (since we already had a previous version. We did a month long POC on Correlog, attempted to POC EIQ Networks.

We are very pleased with the LR solution and are looking forward to the upcoming update.

• Clarity of information
• Ease of deployment

The ability to provide insights and simplification for complex volumes of information.

The ability to customize certain features of the product.

I've used it for one year.

I find that the system is stable and handling our traffic very well.

The customer service teams is excellent and have they resolved anything we have thrown at them in a timely fashion.

The technical support team is excellent and have they resolved anything we have thrown at them in a timely fashion.

We do not have one yet, but we definitely foresee a ROI.

• Reporting - we need to do a lot of security monitoring
• It doesn't have a lot of forensics, but we appreciate fact that it has the capability
• The ability to collect a lot of information, as we have 200 users and a lot of log sources

The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.

Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.

You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.