LogRhythm SIEM Reviews

It's a next-generation SIEM solution. We use it for our clients. 

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

It's not easy for someone new to the solution. There are some complexities involved with the initial onboarding. It needs to have more user-friendly dashboards and onboarding processes. 

It is a premium solution which means it is quite expensive. 

I've used the solution for the last three years. 

The solution is scalable. I'd rate it eight out of ten. There are no bugs or glitches. It's reliable, and the performance is good. 

The solution is very scalable vertically as well as horizontally. It is great for big setups. You can scale as per your requirements. There's no issue with expansion. I'd rate the solution nine out of ten in terms of ease of scaling if a company has multiple locations or has a setup across countries. 

We are a gold partner. We've never faced any support issues. They are very helpful and responsive. 

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved. 

A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup. 

The solution is moderately priced. Sometimes they give good deals if there is a larger requirement. 

If the solution is on-prem, there is a cost to investment. If it is on cloud, this is not the case. 

We are a gold partner. 

I'd recommend the solution to others. It has a lot of new features and offers AI and ML. There is good support, scalability, and flexibility on offer. 

I'd rate the solution seven out of ten. 

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network.

LogRhythm really helps with our cybersecurity exposure because it gives us insights to make us more proactive versus reactive regarding events happening in our environment. LogRhythm gave us so much insight into blind spots that we didn't even know we had.

LogRhythm also really helped our environment in terms of security posture because it gives us so much more information that we can use in a timely manner. Some of our other providers don't give us reports until as late as the next day. With LogRhythm, we can have alarms triggered within seconds that let us know that there are particular things that need to be addressed. This is much quicker than if we just trusted that particular vendor to let us know.

My favorite feature is the Drill Down which allows us to look at several different logs originating off of one particular alarm. If there is suspicious activity, we can use that feature to access one dashboard with different anomalies that might stand out or different places where alarms would've been triggered for particular events. 

We use the Event Log Filtering feature quite often. It makes it much easier to find useful information in our SIEM tool in a quick and efficient manner. There have been several times when we have imported 20,000 plus logs within a matter of minutes and it makes it much easier to find what we're looking for, especially when time matters.

The Event Log Filtering utility also allowed us to find information much quicker in our environment because it simplified the process of finding information. 

Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm. We would like to plug in an API key for another system and have that vendor's information readily available. 

We've been using LogRhythm as our SIEM provider for about five or six years now. I have personally only been using it for the last six months, learning the ins and outs of how it can support our organization. 

LogRhythm is very stable and reliable.

LogRhythm has amazing scalability potential for whatever your particular needs are.

We've had really good experiences with LogRhythm's technical support for things that are already in the environment. When it comes to trying to innovate with some of the newer things, this has been a little bit more difficult. I feel like they could be a little bit more intuitive going forward. I would rate their technical support an eight out of ten.

Positive

I would rate LogRhythm an eight out of ten.

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

We partner with another company to help co-manage LogRhythm SIEM, and it definitely brings everything down to a single pane of glass, especially for people who are coming into the cybersecurity industry and don't have as much experience. It helps to correlate things to where they're more human-readable.

It has also increased our overall rate of efficiency by about 10 to 15%.

The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.

The Event Log Filtering feature filters out certain logs that we don't need, and it has definitely helped decrease costs and increase efficiency for all of the products. With its hardware being on-premises, it reduces resources all around and makes it more efficient.

The Event Log Filtering feature has also helped us reduce our administrative overhead by approximately 10 to 15%.

In terms of managing workflows and cybersecurity exposure, LogRhythm SIEM is very efficient and is a good tool to use for locating and auditing any sort of activity that goes on in the network. It's very helpful for tracking and finding, even down to a granular level or up to events.

It's definitely been helpful with blind spots, especially in terms of vulnerabilities that aren't picked up by the scanners that we have. There were multiple instances where we've had brute force and various types of attacks that were quickly escalated to us via alarms and that were easily read and acted on.

The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be.

I've been using LogRhythm SIEM since 2016.

The stability is great. We had an agent go down on a DC once or twice, and it just involved a restart. That is about it. The stability of the hardware and the software itself is awesome.

We're going to be scaling soon, and there hasn't been any reason to switch away from LogRhythm. So far, scalability-wise, it's been able to fit our environment well.

You would be wrong to think that LogRhythm SIEM is an outdated solution. I use it every day, and it has helped me fix or see vulnerabilities or compromises in our network that I wouldn't have seen before. It's still definitely around.

On a scale from one to ten, I'd rate LogRhythm SIEM an eight.

It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.

It's improved our organization in a number of ways. 

Before we got the current SIEM, for example, the previous SIEM was not our primary threat-hunting tool. It was a data point we would go to occasionally.  Today, LogRhythm SIEM is our primary threat-hunting tool thanks to the user-friendly interface, which is much better compared to what we've had previously.

The ability to return relevant information from a search to provide either corroborating evidence for an investigation we were already undergoing or just being in a better place to go hunt for threats has made me feel that the environment is safer than what we had previously. 

Previously, with McAfee SIEM, we had no confidence that it would help us in an investigation, so we frequently did not lean on it. It let us down so many times. LogRhythm SIEM gives us a sense of confidence that, during an investigation, it's a solid source of information that we can use to complement the investigation or perhaps complete the entire investigation within the SIEM.

Our previous SIEM did not have dashboards, so there wasn't a starting point. With our previous SIEM, we had to have a specific thing we were looking for, and only then we could find it. 

The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation. The dashboards, therefore, are our favorite feature of the SIEM.

The solution helped with productivity and the ability to process logs. We do Event Log Filtering for certain log types, which we don't want in our SIEM as they're just too noisy. Having too much noise in the SIEM makes it harder to find relevant things. Therefore, we use Log Filtering to limit the noise. It's also given us the ability to bring more logs in, so we bring them all from all of our workstations and servers. Doing the log filtering this way allowed us to bring in other log sources and keep the noise manageable.

It's helped reduce our administrative overhead. Before we started doing the log filtering, we exceeded our license capacity for what we were licensed in terms of logs in our SIEM. The filtering allowed us to bring the noise down and helped us with the removal of junk logs that are not useful. We have a lot of firewalls, and anytime you're traversing internally inside of the firewall, it generates a lot of traffic. That kind of traffic is the type of traffic we took out, allowing us to bring our workstation traffic logs in to give us a better view of our environment.

It's very big for us that the solution is out-of-the-box. To have the solution be turnkey was significant as it enabled us to ramp up and get the logs onboarded immediately. There wasn't a lot of configuration to get to a point where we could bring logs in. It was essentially turnkey.

We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM. 

I've heard that in a future release, it may come to a point where the Windows systems would be dedicated log sources, so you can choose just that log source. That would greatly improve our ability to threat hunt with our SIEM.

We've been using this LogRhythm SIEM for about three and a half years.

The solution's been very stable for us. We bought a high-availability solution, so we have two systems in a high-availability pair. That redundancy gives us resilience. It comforts us to know that if we lose one data center, we've still got logs going into our SIEM in the second data center.

The hardware we bought has the ability to process logs at twice the limit that we are licensed for, and we've not had to increase that. We've had it for three and a half years, and it's robust and keeps up with our needs.

I've had to engage LogRhythm technical support on many occasions. They've always been quick to respond and are very knowledgeable, professional, and helpful.

Positive

The previous SIEM we have was McAfee Nitro. There were a couple of reasons why we switched. We switched due to the fact that it wasn't easy to just stumble into finding things. You had to know what you're looking for and we didn't like that aspect of it. Also, we had a really bad support case that was the catalyst for making the move to a different SIEM.

We have a different setup, and we keep the SIEM in our PCI environment to limit our PCI scope. We had to think through the architecture so that we had the logs in the places we needed them without having our firewalls wide open. It was very quick to deploy since we used Windows Event Log Forwarding. We were able to use a GPO to have logs sent to a centralized server and, from there, ingested directly into the SIEM, so we were onboarded in less than a week's time. We were able to onboard the majority of our log sources quickly.

When we bought the SIEM, we bought a block of professional service hours that we utilized to help implement the SIEM. They were a tremendous help with adding dashboards and getting our fingers in it enough to where we learned our way around it before we actually even got training. It was LogRhythm professional services, and I highly recommend them. They were excellent.

We've absolutely seen an ROI. We felt it immediately since the out-of-the-box dashboards gave us visibility into our environment that we had not seen before, as we didn't have a SIEM that presented the data in a usable manner.

The license model is similar to other SIEM solutions that we looked at, which is a log volume pricing model. That pricing model works well, especially being able to filter the logs and get less important logs in so we have the ability and the headroom to put in other log sources.

We evaluated a few other options. Since we're a government entity, procurement rules limited us to just a handful of options, and of the options that we had, LogRhythm was clearly the better choice for us. 

We had the option to renew and get a refreshed McAfee SIEM, which we didn't feel good about. The other two options that we were able to use were IBM and Rapid7. IBM was just another vendor I've not had good luck with in the past. Rapid7 was a smaller player. We didn't feel they had the ecosystem, the robust ecosystem, to support what we were looking to implement.

I'm a senior security analyst. I work at a government organization that employs between 500 and 1000 people.

We are on-prem with high availability, so we have two self-contained systems, sequel logs, and everything, and they can run either box.

In terms of helping us manage workflows and cybersecurity exposure, we haven't leveraged smart responses in the SIEM. It looks like a powerful asset. We have some automated responses with a different tool for ransomware detection and prevention. However, the workflow ability in the SIEM is actually quite powerful. We just haven't leveraged it since we haven't felt that the right use case presented itself to us yet.

When it comes to affecting our rate of efficiency, we don't measure those metrics, so it's kind of hard to say there's a measurable amount or how much it's improved. It has given us a threat-hunting tool previously unavailable to us. We are very happy to have the SIEM be our primary threat-hunting tool.

Those who say SIEM is an outdated security solution should note that SIEM technology has been around for a very long time. It's still relevant thanks to the continual development that companies have done to bring more usability to extracting threats from logs. That's timeless. That's not something that's going to go away over time. The LogRhythm SIEM continues to add features, and improvements and makes finding and presenting data from raw logs easier. Digging through logs before we had a SIEM was tedious and very time-consuming. It's made it a big-time saver. To have the way it presents the logs in a usable manner has been a tremendous help for us.

I'd rate it a solid nine out of ten.

I found it very useful in our day-to-day operations with monitoring user activity and looking at system analytics and system performance. I found it very useful when investigating threats like IPs, and seeing what's going on with our endpoints, like certain lateral movements that we've noticed. 

I definitely found it very useful when looking at, for example, a compromised host, or a suspicious IP that has been scanning us. I've definitely found it very useful when I look at a log, it'll give me a detailed drill-down of all the information that's needed, including what the rating is, the rating of the threat, and what actions should be taken. 

It gives my team a better idea of what we should do to improve our security posture.

It's improved our organization. For example, if we have a user who's traveling overseas, or we get a suspicious login from the VPN, from a country that we're unfamiliar with, it gives us the ingest logs. The SIEM gives us a better comprehension of what type of threat activity it is and helps us decide if it's benign or legitimate.

Looking at the logs and how much detail each log has when it is ingested into our dashboards is quite useful. I found it very useful when looking at, for example, what emails are inbound and outbound of our networks. 

I like how detail-oriented the logs are in terms of what the origin is and what network it's coming from. 

I also like how the detailed logs give us what host or user it's coming from. On sight, I have a pretty cohesive understanding of what threat intelligence looks like in terms of reviewing what we have to deal with.

I use the Event Log Filtering feature daily. Every day when I look at event logs, I use the filters on certain time ranges and AIU engine rules. Overall, it's had a very positive impact. It helps us expedite certain security incidences very quickly, thanks to how detail-oriented the logs are. It really helps me report threats to my supervisor. For example, if someone's trying to scan us, my boss will ask me, "Can you look into this further?" I'll go ahead, and use the searches and the lists that the LogRhythm console has to offer, and I will get back to him in a timely fashion, with more details on the threat. 

The Event Log Filtering feature has definitely helped reduce administrative overhead. On a scale of one to ten, I would rate it a seven.

It helps us manage workflows and cybersecurity exposure. In terms of managing workflows, it definitely has given us leverage on what our overall security posture is, and gives us a better understanding of what we need to focus on more in terms of what threats are persisting. Our workflows have been pretty seamless so far. I would say our workflow is pretty seamless in terms of static manual investigations.

In terms of blind spots and our ability to shut down attacks, while we don't see all the blind spots, it gives us enough understanding and information about where we can classify a threat. 

Overall, it's had a very positive impact on our security posture. It gives us good visibility of what we need to see right now. It definitely gives us a better understanding of what we deal with, and what we should focus on in terms of what threats are more critical than others. In terms of our daily operations, it's very helpful.

It's positively affected our overall rate of efficiency. It's given us what we need for now. We're looking to improve our efficiency by looking into what LogRhythm offers in its newer products. Still, it's pretty efficient. On a scale of one to ten, I would rate it around eight or nine in terms of efficiency. My immediate coworkers in my department could use what we have right now for looking at critical alerts, user analytics, and overall IT operations since we usually have daily operations where we look at all user activity throughout our organization.

So far, it's pretty robust, and yet, we look for more improvements.

On a day-to-day basis, maybe we could look for more improvements with automation, however, so far, it's good.

In terms of blind spots, we are looking for more improvements since we don't have visibility over everything. Right now, we just use LogRhythm for our on-prem solution, not our cloud solution. We could definitely use more improvements with that in the next product.

Ingesting logs into the web console user interface and probably updating the threat intelligence database are the two places where we'd like to see improvement. We get a lot of noise. Oftentimes, we see a lot of false positives, so possibly using AI or machine learning would be ideal. Implementing that more into the next product would help us actually determine whether it's a false positive or legitimate threat.

I've used the solution for about a year and three months.

In terms of using it on-premises, it is very stable. Granted, we have some hiccups here and there. However, that's what we reach out to tech support for. They're able to provide us with immediate support, and they're willing to really put in the effort to figure out what the cause of the problem is and will work until it's fixed in a timely fashion. 

The scalability is, so far, very robust. I look forward to hearing more about the latest LogRhythm products and what they can do in terms of on-premises and cloud.

The product offers excellent service and technical sport. They're very prompt with getting back to our team regardless of the severity of the incident. Overall, I've had a great experience with this so far.

Positive

I'd rate the solution ten out of ten. 

Those that say SIEM is an outdated security system, don't understand cyber security. SIEM is what allows analysts like myself to be successful. Without a SIEM, how can we see everything? We can't.

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

LogRhythm NextGen SIEM has improved the organization through the alarm system my team has configured. The alarm system is key to looking after all the hardware and endpoints.

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead.

Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.

I've been using LogRhythm NextGen SIEM for one month now.

LogRhythm NextGen SIEM is a stable tool. I didn't find any instability in it.

LogRhythm NextGen SIEM is a scalable tool. Scalability is one of the reasons why my organization uses it.

When I joined the company, a ticket was previously opened with the LogRhythm NextGen SIEM technical support team. Though I didn't directly connect with support, I have information that the problem was resolved and that the support team was very cooperative and very technical in solving the problem.

Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.

Senior management is in charge of purchasing the license for LogRhythm NextGen SIEM, so I have no information on how much it costs.

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version.

My organization uses the on-premise version of the tool, and it's been applied to the data center.

I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain.

The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions.

My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

The solution has the ability to add and compare use cases. 

The log storage capacity should be increased.

I have been using LogRhythm SIEM for three years.

I rate it at 10 out of 10 for stability.

I rate it at 10 out of 10 for scalability.

I rate LogRhythm support 10 out of 10. 

Positive

LogRhythm SIEM is easy to set up, and it took us about two weeks. 

We had help from a person from LogRhythm.

LogRhythm is a costly solution. I rate it five out of 10 for affordability. We have a three-year license, and you need to pay to add features like endpoint licensing, behavior analytics, etc.

We looked at Splunk and IBM QRadar.

I rate LogRythm Siem at 10 out of 10. 

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.

The initial setup is simple. 

The solution is stable.

The product is great for medium to large-scale organizations.

The product can scale. 

Technical support is reportedly quite good.

What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.

The solution is likely not the best option for a smaller organization.

One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.

We've been working with the product since 2018. It's been almost three years at this point.

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

In terms of scaling, the solution is best for medium to large companies. Smaller companies likely do not want to invest in IT security products, however, for medium to large organizations, especially banks, LogRhythm works well.

It's easy to scale. What we do for scalability is we always put the hardware capability higher than the license. For example, if a customer wants a 3,000 MPS license, we always provide 6,000 MPS hardware. If they want to scale the license to 4,000 or 5,000, we just put the license in, and then it works as the size capacity is there. It's easy. It's not that difficult.

We are not an end-user and therefore do not directly deal with technical support. In terms of the support, the end-user would get a response from the technical team, and, so far, from the feedback I've gotten, they are good. Clients seem satisfied with the level of service they receive.

I also work with Oracle. 

The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However,  the deployment of LogRhythm is very easy.

It takes 12 to 15 days for a full deployment.

We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.

It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.

In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.

As an implementor, we can handle the setup for our clients. 

LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm.

The price is in USD. For that reason, when we convert from USD to our currency, the pricing seems quite high.  

Everything is included. We get the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as well. We get everything in one package.

We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer.

We are working with the latest version of the solution. I can't speak to the exact version number, however.

I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.