Name: LogRhythm SIEM
Brand: Exabeam
Rating: 4.1 (176 reviews)

it_user320625

Senior Security Engineer at a tech vendor with 10,001+ employees

Sep 30, 2015

The Advanced Intelligence Engine alerts the SOC to potential security issues, though File Integrity Monitoring needs improvement.

Pros and Cons

"The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise."

What is most valuable?

Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.

How has it helped my organization?

The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise.

What needs improvement?

There is room for improvement in the area of File Integrity Monitoring.

For how long have I used the solution?

I've used it for 15 months.

Buyer's Guide

LogRhythm SIEM

March 2026

Free Report: LogRhythm SIEM Reviews and More

Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.

DOWNLOAD NOW

885,264 professionals have used our research since 2012.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and support?

Customer Service:

It's excellent.

Technical Support:

It's excellent.

Which solution did I use previously and why did I switch?

I have used Tripwire, which was a poor SIEM solution.

What about the implementation team?

We used a vendor team. I recommend using LogRhythm's professional services for assistance with implementation.

What other advice do I have?

I highly recommend LogRythm for SIEM.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user317229

Information Security Engineer at a tech vendor with 501-1,000 employees

Sep 27, 2015

Download

Searches can be performed using any known value, IP address, hostname, username, or event, though report-building is limited by its use of Crystal Reports.

Pros and Cons

"LogRhythm allows our IT/IS teams to quickly identify issues across the enterprise."

"Report-building is in Crystal Reports and has a limitation."

What is most valuable?

The Web UI is perhaps the most valuable feature in the solution.

How has it helped my organization?

LogRhythm allows our IT/IS teams to quickly identify issues across the enterprise. Searches can be performed using any known value, IP address, hostname, username, event. The results are then used to "open a case". The case is assigned to an analyst, who can add additional info during the research and remediation efforts.

What needs improvement?

Report-building is in Crystal Reports and has a limitation. A non-editable template must be created, then the report is created against the template. OFI is this. The template needs a preview option, as well as an edit option.

For how long have I used the solution?

8 months

What was my experience with deployment of the solution?

None that were not easily overcome.

What do I think about the stability of the solution?

None

What do I think about the scalability of the solution?

No, we right sized the deployment and also deployed as a high-availability environment.

How are customer service and technical support?

Customer Service:

I have been very pleased with customer service. I have only had to contact my CS a couple of times, and he has done a great job of followup to insure my company's needs were met in a timely fashion.

Technical Support:

Great support team. Average call pickup time has been less than 1/2 hour. I have had a couple of "scheduled" appointments get delayed when the agent's previous call ran over.

Which solution did I use previously and why did I switch?

We previously used Juniper STRM, rebranded QRadar. We faced 1. Log processing could not keep up with collection, so events were being dropped. 2. Support was poor. 3. When a ($45 at Bestbuy) disk drive went out, we were sent an entirely new system. 4. When faced with upgrading to support our log collection demands, the estimated cost was several times greater than the LR deployment.

How was the initial setup?

Depending on the size and complexity of the deployment, i recommend paying for the Professional Services team to assist. All work was done in a remote session.

I also recommend not attending the training sessions until a few weeks of bake-in have occurred. Too many topics were covered to fully absorb all the information that was disseminated.

What about the implementation team?

Our internal security team performed the majority of the installation, again working with the PS group at LogRhythm.

What was our ROI?

We immediately saw benefit on our first investigation.

What's my experience with pricing, setup cost, and licensing?

Depending on the size, number of logs, I recommend deploying VM (or physical) collectors, and have the logs forwarded to the appliance. We are collecting logs from 2500+ systems, and did not want to impact the appliance with collection, but rather, analyzing logs. This solution has worked very well so far.

Which other solutions did I evaluate?

We reviewed several solutions including Alien Vault (not large enough for our needs), Splunk (would need a full time programmer to write queries), QRADAR (since we already had a previous version. We did a month long POC on Correlog, attempted to POC EIQ Networks.

What other advice do I have?

We are very pleased with the LR solution and are looking forward to the upcoming update.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide

LogRhythm SIEM

March 2026

Free Report: LogRhythm SIEM Reviews and More

Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.

DOWNLOAD NOW

885,264 professionals have used our research since 2012.

it_user317892

Senior Information Security Manager with 1,001-5,000 employees

Sep 24, 2015

Download

It's simplified and clarified complex volumes of information, but customizing features could be improved.

Pros and Cons

"The customer service team is excellent and they have resolved anything we have thrown at them in a timely fashion."

"The ability to customize certain features of the product."

Valuable Features

Clarity of information
Ease of deployment

Improvements to My Organization

The ability to provide insights and simplification for complex volumes of information.

Room for Improvement

The ability to customize certain features of the product.

Use of Solution

I've used it for one year.

Stability Issues

I find that the system is stable and handling our traffic very well.

Customer Service and Technical Support

Customer Service:

The customer service teams is excellent and have they resolved anything we have thrown at them in a timely fashion.

Technical Support:

The technical support team is excellent and have they resolved anything we have thrown at them in a timely fashion.

ROI

We do not have one yet, but we definitely foresee a ROI.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

it_user290340

Vice President at a financial services firm with 1,001-5,000 employees

Aug 19, 2015

Download

We're able to create customized monitoring reports that extract info from event logs.

Pros and Cons

"The fact we're able to create customized monitoring reports that extract info from event logs helps us a lot."

"Lots of concern these days regarding vulnerability, and being able to interface with other types of applications when creating event logs."

Valuable Features:

Reporting - we need to do a lot of security monitoring
It doesn't have a lot of forensics, but we appreciate fact that it has the capability
The ability to collect a lot of information, as we have 200 users and a lot of log sources

Improvements to My Organization:

The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.

Room for Improvement:

Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.

Other Advice:

You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Vinod Shankar

Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are :

1. HP ArcSight

2. McAfee Nitro

3. IBM QRadar

4. Splunk SIEM

5. RSA Security Analytic

6. LogRhythm.

SIEM Technology Space

SIEM market analysis of the last 3 years suggest:

Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)

Only products with technology maturity and a strong road map have featured in leaders quadrant.

HP ArcSight & IBM Q1 Labs have maintained leadership in SIEM industry with continued technology upgrade

McAfee Nitro has strong product features & road map to challenge HP & IBM for leadership

HPArcSight

The ArcSight Enterprise Threat and Risk Management (ETRM) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information.

ArcSight Enterprise Security Manager (ESM): Correlation and analysis engine used to identify security threat in real-time& virtual environments
ArcSight Logger: Log storage and Search solution
ArcSight IdentityView: User Identity tracking/User activity monitoring
ArcSight Connectors: For data collection from a variety of data sources
ArcSight Auditor Applications: Automated continuous controls monitoring for both mobile

Strengths	Weaknesses
Extensive Log collection support for commercial IT products & applications	Complex deployment & configuration
Advanced support for Threat Management, Fraud Management & Behavior Analysis	Mostly suited for Medium to Large Scale deployment
Mature Event Correlation, Categorization & Reporting	Requires skilled resources to manage the solution
Tight integration with Big data Analytics platform like Hadoop	Steep learning curve for Analysts & Operators
Highly customizable based on organization’s requirements
Highly Available & Scalable Architecture supporting Multi-tier & Multi-tenancy

IBM QRadar

The QRadar Integrated Security Solutions (QRadar) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information.

QRadar Log Manager – Turn key log management solution for Event log collection & storage

Strengths	Weakness
Very simple deployment & configuration	Limited customizations capabilities
Integrated view of the threat environment using Netflow data, IDS/IPS data & Event logs from the environment	Limited Multi-tenancy support
Behavior & Anomaly Detection capabilities for both Netflow & Log data	Limited capability to perform Advanced Use Case development & analytics
Suited for small, medium & large enterprises
Highly Scalable & Available architecture

McAfee Nitro

The McAfee Enterprise Security Management (formerly Nitro Security) Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information.

McAfee Enterprise Log Manager – turn key log management solution for Event log collection & storage
McAfee Event Receiver – collecting log data & native flow data
McAfee Database Event Monitor – database transaction & Log monitoring
McAfee Application data Monitor – application layer event monitoring
McAfee Advanced Correlation Engine – advanced correlation engine for correlating events both historical & real time

Strengths	Weaknesses
Integrated Application Data monitoring & Deep Packet Inspection	Very basic correlation capabilities when compared with HP & IBM
Integrated Database monitoring without dependence on native audit functions	Limitations in user interface when it concerns navigation
High event collection rate suited for very large scale deployment	Requires a lot of agent installs for Application & database monitoring thereby increasing management complexity
Efficient query performance in spite of high event collection rate	No Big Data Analytics capability
	Limited customization capabilities
	Limited support for multi-tier & multi-tenancy architecture

Splunk

Splunk Enterprise is an integrated set of products that provide Log Collection, management & reporting capabilities using

Splunk Indexer – used to collect and index logs from IT environment
Splunk Search Heads – used to search & report on IT logs
Splunk App for Enterprise Security - used to collect external threat intelligence feeds, parse log sources and provide basic analytics for session monitoring (VPN, Netflow etc.)

Strengths	Weakness
Extensive Log collection capabilities across the IT environment	Pre-SIEM solution with very limited correlation capabilities
Log search is highly intuitive – like Google search	Even though easy to deploy, increasingly difficult to configure for SIEM related functions
Flexible dash boarding & analytics capability improves Log visualization capabilities
Built-in support for external threat intelligence feeds both open source & commercial
“App Store” based architecture allowing development of Splunk Plugins to suit monitoring & analytics requirements

RSA Security

RSA Security Analytics is an integrated set of products that provide Network Forensics, Log Collection, management & reporting capabilities using

Capture Infrastructure
- RSA Security Analytics Decoder – Real time capture of Network Packet and log data with Analysis and filtering capabilities
- RSA Security Analytics Concentrator – Aggregates metadata from the Decoder
- RSA Security Analytics Broker Server – For reporting, management and administration of capture data
Analysis & Retention Infrastructure
- Event Stream Analysis – Correlation Engine
- Archiver – Long term retention, storage, security & compliance reporting
- RSA Security Analytics Warehouse – Big Data Infrastructure for Advanced Analytics

Strengths	Weakness
Great Analytics using Event Log Data & Network Packet Capture	New Product release from RSA, hence advanced Security correlation support is poor
Network forensics, Big Data (Parallel Computing) are cornerstones in SIEM world	Security Analytics Warehouse is a new capability with very little real world use cases
Tightly Integrates with RSA ecosystem for Threat Intelligence, Fraud Detection, Malware Analysis etc. (each requires separate RSA Tools)	Suited only for large enterprises with need for complex deployment and management resources. Poor deployment options for small and midsize customers

LogRhythm

The LogRhythm SIEM 2.0 Security Intelligence Platform is an integrated set of products for collecting, analysing, and managing enterprise Security Event information.

Log Manager – high performance, distributed and redundant log collection and management appliance

Strengths	Weakness
Well balanced log management, reporting, event management, privileged user monitoring and File integrity monitoring capabilities	Suitable for Security event data only, as Operational data sets cause slowing performance for searches and reports
Fast deployment with minimal configuration because of appliance form factor	No Support for Active Directory integration for Role- Based Access Control
Quarterly Health Check programs post-deployment offers great After sales-Service experience	Suited best for small and mid size companies with basic security, regulatory compliance and reporting needs. Not scalable for very large deployments.

A Summary scoring sheet for SIEM Vendors based on their Core capabilities is given below

Capability	RSA Security Analytics	Log Rhythm	Splunk	McAfee Nitro	IBM Qradar	HP ArcSight
Real-time Security Monitoring	3.1	3.2	2.5	3.9	4.2	4.4
Threat Intelligence	3.7	2.5	3.0	2.8	3.5	4.5
Behavior Profiling	2.5	2.3	3.0	3.0	5.0	4.0
Data & End User Monitoring	3.6	3.5	1.7	3.6	3.5	4.0
Application Monitoring	3.8	3.5	1.8	3.7	3.3	3.8
Analytics	2.5	2.5	3.8	4.5	3.5	4.0
Log Management & Reporting	3.5	3.8	3.5	3.8	3.9	4.0
Deployment & Support Simplicity	3.0	4.0	2.5	3.5	3.5	3.0
Total (Weighted Score)	25.7	25.3	21.8	28.8	30.4	31.7

1.0 = Low level of capability

5.0 = High level of capability

SIEM Vendors – Use Cases Score Card

Use Cases	RSA Security Analytics	Log Rhythm	Splunk	McAfee Nitro	IBM Qradar	HP ArcSight
Overall Use Cases	3.2	3.2	2.7	3.6	3.8	4.0
Compliance Use Cases	3.3	3.7	3.0	3.7	3.8	3.8
Threat Monitoring	3.1	3.1	2.9	3.8	3.7	4.0
SIEM	3.2	3.4	2.8	3.6	3.8	3.9
Total (Weighted Score)	12.8	13.4	11.4	14.7	15.1	15.7

1.0 = Low level of capability

5.0 = High level of capability

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user279666IT Security Consultant at a energy/utilities company

Report as inappropriate

Dec 9, 2015

Cost/License should also be part of the criteria, because the capabilities of these solutions depends on how much EPS it is allowed to process. A lot of "events" goes down the drain if its beyond the EPS that customer license so therefore giving it a incomplete view of the network. Some remarketer of these solutions have crimped their proposal just to make a sale. Just my 2 cents.

Nuwan Chathuranga

Head Of Technical And Network Security at Connex Information Technologies

Apr 21, 2023

Download

A user-friendly and straightforward solution with good technical support

Pros and Cons

"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."

"The software needs to work on its pricing."

What needs improvement?

The software needs to work on its pricing.

For how long have I used the solution?

I have been using the tool for five years.

What do I think about the stability of the solution?

The product is very stable. I would rate its stability a nine out of ten.

What do I think about the scalability of the solution?

I would rate the tool's scalability a ten out of ten.

How are customer service and support?

The tool's support is good. They support us 24/7.

How would you rate customer service and support?

Positive

How was the initial setup?

The tool's setup is very straightforward. I would rate the tool's setup a ten out of ten. The tool's deployment depends on the use cases, environment, etc. The tool's deployment takes one month to complete.

What's my experience with pricing, setup cost, and licensing?

I would rate the tool's pricing around eight out of ten.

What other advice do I have?

I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting.

Disclosure: My company has a business relationship with this vendor other than being a customer.

reviewer1115169

Consultant at a tech services company with 11-50 employees

Aug 31, 2022

Download

User-friendly security solution

Pros and Cons

"NextGen SIEM's most valuable feature is its user-friendliness."
"NextGen SIEM's most valuable feature is its user-friendliness."

"NextGen SIEM's integration with other software is good but could be improved."
"NextGen SIEM's integration with other software is good but could be improved."

What is our primary use case?

NextGen SIEM is primarily used by the SOC team to detect attacks.

What is most valuable?

NextGen SIEM's most valuable feature is its user-friendliness.

What needs improvement?

NextGen SIEM's integration with other software is good but could be improved.

For how long have I used the solution?

I've been working with LogRhythm NextGen SIEM for three years.

What do I think about the stability of the solution?

NextGen SIEM is stable.

How was the initial setup?

The initial setup was straightforward.

What other advice do I have?

I would recommend NextGen SIEM to those considering implementing it and would rate it eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

Disclosure: My company has a business relationship with this vendor other than being a customer.

Muhammad Umar Raza

SOC Analyst

Aug 9, 2022

Download

Great dashboards at a competitive price

Pros and Cons

"NextGen SIEM's best feature is how it presents logs."
"I would recommend NextGen SIEM to other users as it is a leading solution with new features at a better price than competitors like Splunk and QRadar."

"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."

What is most valuable?

NextGen SIEM's best feature is how it presents logs. For example, the dashboard view is detachable from other things.

What needs improvement?

NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms. In the next release, I would like to see the network hierarchy diagram that QRadar offers.

For how long have I used the solution?

I've been using LogRhythm NextGen SIEM for one year.

What do I think about the stability of the solution?

NextGen SIEM's performance is quite good.

What do I think about the scalability of the solution?

NextGen SIEM is easy to scale.

Which solution did I use previously and why did I switch?

I previously used QRadar SIEM.

How was the initial setup?

The initial setup was simple, and it took two days to deploy.

What's my experience with pricing, setup cost, and licensing?

NextGen SIEM's pricing is moderate. There are additional costs for different applications.

What other advice do I have?

I would recommend NextGen SIEM to other users as it is a leading solution with new features at a better price than competitors like Splunk and QRadar.