LogRhythm SIEM Reviews

It's a next-generation SIEM solution. We use it for our clients. 

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

It's not easy for someone new to the solution. There are some complexities involved with the initial onboarding. It needs to have more user-friendly dashboards and onboarding processes. 

It is a premium solution which means it is quite expensive. 

I've used the solution for the last three years. 

The solution is scalable. I'd rate it eight out of ten. There are no bugs or glitches. It's reliable, and the performance is good. 

The solution is very scalable vertically as well as horizontally. It is great for big setups. You can scale as per your requirements. There's no issue with expansion. I'd rate the solution nine out of ten in terms of ease of scaling if a company has multiple locations or has a setup across countries. 

We are a gold partner. We've never faced any support issues. They are very helpful and responsive. 

Positive

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved. 

A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup. 

The solution is moderately priced. Sometimes they give good deals if there is a larger requirement. 

If the solution is on-prem, there is a cost to investment. If it is on cloud, this is not the case. 

We are a gold partner. 

I'd recommend the solution to others. It has a lot of new features and offers AI and ML. There is good support, scalability, and flexibility on offer. 

I'd rate the solution seven out of ten. 

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network.

LogRhythm really helps with our cybersecurity exposure because it gives us insights to make us more proactive versus reactive regarding events happening in our environment. LogRhythm gave us so much insight into blind spots that we didn't even know we had.

LogRhythm also really helped our environment in terms of security posture because it gives us so much more information that we can use in a timely manner. Some of our other providers don't give us reports until as late as the next day. With LogRhythm, we can have alarms triggered within seconds that let us know that there are particular things that need to be addressed. This is much quicker than if we just trusted that particular vendor to let us know.

My favorite feature is the Drill Down which allows us to look at several different logs originating off of one particular alarm. If there is suspicious activity, we can use that feature to access one dashboard with different anomalies that might stand out or different places where alarms would've been triggered for particular events. 

We use the Event Log Filtering feature quite often. It makes it much easier to find useful information in our SIEM tool in a quick and efficient manner. There have been several times when we have imported 20,000 plus logs within a matter of minutes and it makes it much easier to find what we're looking for, especially when time matters.

The Event Log Filtering utility also allowed us to find information much quicker in our environment because it simplified the process of finding information. 

Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm. We would like to plug in an API key for another system and have that vendor's information readily available. 

We've been using LogRhythm as our SIEM provider for about five or six years now. I have personally only been using it for the last six months, learning the ins and outs of how it can support our organization. 

LogRhythm is very stable and reliable.

LogRhythm has amazing scalability potential for whatever your particular needs are.

We've had really good experiences with LogRhythm's technical support for things that are already in the environment. When it comes to trying to innovate with some of the newer things, this has been a little bit more difficult. I feel like they could be a little bit more intuitive going forward. I would rate their technical support an eight out of ten.

Positive

I would rate LogRhythm an eight out of ten.

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

We partner with another company to help co-manage LogRhythm SIEM, and it definitely brings everything down to a single pane of glass, especially for people who are coming into the cybersecurity industry and don't have as much experience. It helps to correlate things to where they're more human-readable.

It has also increased our overall rate of efficiency by about 10 to 15%.

The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.

The Event Log Filtering feature filters out certain logs that we don't need, and it has definitely helped decrease costs and increase efficiency for all of the products. With its hardware being on-premises, it reduces resources all around and makes it more efficient.

The Event Log Filtering feature has also helped us reduce our administrative overhead by approximately 10 to 15%.

In terms of managing workflows and cybersecurity exposure, LogRhythm SIEM is very efficient and is a good tool to use for locating and auditing any sort of activity that goes on in the network. It's very helpful for tracking and finding, even down to a granular level or up to events.

It's definitely been helpful with blind spots, especially in terms of vulnerabilities that aren't picked up by the scanners that we have. There were multiple instances where we've had brute force and various types of attacks that were quickly escalated to us via alarms and that were easily read and acted on.

The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be.

I've been using LogRhythm SIEM since 2016.

The stability is great. We had an agent go down on a DC once or twice, and it just involved a restart. That is about it. The stability of the hardware and the software itself is awesome.

We're going to be scaling soon, and there hasn't been any reason to switch away from LogRhythm. So far, scalability-wise, it's been able to fit our environment well.

You would be wrong to think that LogRhythm SIEM is an outdated solution. I use it every day, and it has helped me fix or see vulnerabilities or compromises in our network that I wouldn't have seen before. It's still definitely around.

On a scale from one to ten, I'd rate LogRhythm SIEM an eight.

I found it very useful in our day-to-day operations with monitoring user activity and looking at system analytics and system performance. I found it very useful when investigating threats like IPs, and seeing what's going on with our endpoints, like certain lateral movements that we've noticed. 

I definitely found it very useful when looking at, for example, a compromised host, or a suspicious IP that has been scanning us. I've definitely found it very useful when I look at a log, it'll give me a detailed drill-down of all the information that's needed, including what the rating is, the rating of the threat, and what actions should be taken. 

It gives my team a better idea of what we should do to improve our security posture.

It's improved our organization. For example, if we have a user who's traveling overseas, or we get a suspicious login from the VPN, from a country that we're unfamiliar with, it gives us the ingest logs. The SIEM gives us a better comprehension of what type of threat activity it is and helps us decide if it's benign or legitimate.

Looking at the logs and how much detail each log has when it is ingested into our dashboards is quite useful. I found it very useful when looking at, for example, what emails are inbound and outbound of our networks. 

I like how detail-oriented the logs are in terms of what the origin is and what network it's coming from. 

I also like how the detailed logs give us what host or user it's coming from. On sight, I have a pretty cohesive understanding of what threat intelligence looks like in terms of reviewing what we have to deal with.

I use the Event Log Filtering feature daily. Every day when I look at event logs, I use the filters on certain time ranges and AIU engine rules. Overall, it's had a very positive impact. It helps us expedite certain security incidences very quickly, thanks to how detail-oriented the logs are. It really helps me report threats to my supervisor. For example, if someone's trying to scan us, my boss will ask me, "Can you look into this further?" I'll go ahead, and use the searches and the lists that the LogRhythm console has to offer, and I will get back to him in a timely fashion, with more details on the threat. 

The Event Log Filtering feature has definitely helped reduce administrative overhead. On a scale of one to ten, I would rate it a seven.

It helps us manage workflows and cybersecurity exposure. In terms of managing workflows, it definitely has given us leverage on what our overall security posture is, and gives us a better understanding of what we need to focus on more in terms of what threats are persisting. Our workflows have been pretty seamless so far. I would say our workflow is pretty seamless in terms of static manual investigations.

In terms of blind spots and our ability to shut down attacks, while we don't see all the blind spots, it gives us enough understanding and information about where we can classify a threat. 

Overall, it's had a very positive impact on our security posture. It gives us good visibility of what we need to see right now. It definitely gives us a better understanding of what we deal with, and what we should focus on in terms of what threats are more critical than others. In terms of our daily operations, it's very helpful.

It's positively affected our overall rate of efficiency. It's given us what we need for now. We're looking to improve our efficiency by looking into what LogRhythm offers in its newer products. Still, it's pretty efficient. On a scale of one to ten, I would rate it around eight or nine in terms of efficiency. My immediate coworkers in my department could use what we have right now for looking at critical alerts, user analytics, and overall IT operations since we usually have daily operations where we look at all user activity throughout our organization.

So far, it's pretty robust, and yet, we look for more improvements.

On a day-to-day basis, maybe we could look for more improvements with automation, however, so far, it's good.

In terms of blind spots, we are looking for more improvements since we don't have visibility over everything. Right now, we just use LogRhythm for our on-prem solution, not our cloud solution. We could definitely use more improvements with that in the next product.

Ingesting logs into the web console user interface and probably updating the threat intelligence database are the two places where we'd like to see improvement. We get a lot of noise. Oftentimes, we see a lot of false positives, so possibly using AI or machine learning would be ideal. Implementing that more into the next product would help us actually determine whether it's a false positive or legitimate threat.

I've used the solution for about a year and three months.

In terms of using it on-premises, it is very stable. Granted, we have some hiccups here and there. However, that's what we reach out to tech support for. They're able to provide us with immediate support, and they're willing to really put in the effort to figure out what the cause of the problem is and will work until it's fixed in a timely fashion. 

The scalability is, so far, very robust. I look forward to hearing more about the latest LogRhythm products and what they can do in terms of on-premises and cloud.

The product offers excellent service and technical sport. They're very prompt with getting back to our team regardless of the severity of the incident. Overall, I've had a great experience with this so far.

Positive

I'd rate the solution ten out of ten. 

Those that say SIEM is an outdated security system, don't understand cyber security. SIEM is what allows analysts like myself to be successful. Without a SIEM, how can we see everything? We can't.

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

LogRhythm NextGen SIEM has improved the organization through the alarm system my team has configured. The alarm system is key to looking after all the hardware and endpoints.

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead.

Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.

I've been using LogRhythm NextGen SIEM for one month now.

LogRhythm NextGen SIEM is a stable tool. I didn't find any instability in it.

LogRhythm NextGen SIEM is a scalable tool. Scalability is one of the reasons why my organization uses it.

When I joined the company, a ticket was previously opened with the LogRhythm NextGen SIEM technical support team. Though I didn't directly connect with support, I have information that the problem was resolved and that the support team was very cooperative and very technical in solving the problem.

Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.

Senior management is in charge of purchasing the license for LogRhythm NextGen SIEM, so I have no information on how much it costs.

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version.

My organization uses the on-premise version of the tool, and it's been applied to the data center.

I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain.

The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions.

My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

The solution has the ability to add and compare use cases. 

The log storage capacity should be increased.

I have been using LogRhythm SIEM for three years.

I rate it at 10 out of 10 for stability.

I rate it at 10 out of 10 for scalability.

I rate LogRhythm support 10 out of 10. 

Positive

LogRhythm SIEM is easy to set up, and it took us about two weeks. 

We had help from a person from LogRhythm.

LogRhythm is a costly solution. I rate it five out of 10 for affordability. We have a three-year license, and you need to pay to add features like endpoint licensing, behavior analytics, etc.

We looked at Splunk and IBM QRadar.

I rate LogRythm Siem at 10 out of 10. 

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.

The initial setup is simple. 

The solution is stable.

The product is great for medium to large-scale organizations.

The product can scale. 

Technical support is reportedly quite good.

What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.

The solution is likely not the best option for a smaller organization.

One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.

We've been working with the product since 2018. It's been almost three years at this point.

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

In terms of scaling, the solution is best for medium to large companies. Smaller companies likely do not want to invest in IT security products, however, for medium to large organizations, especially banks, LogRhythm works well.

It's easy to scale. What we do for scalability is we always put the hardware capability higher than the license. For example, if a customer wants a 3,000 MPS license, we always provide 6,000 MPS hardware. If they want to scale the license to 4,000 or 5,000, we just put the license in, and then it works as the size capacity is there. It's easy. It's not that difficult.

We are not an end-user and therefore do not directly deal with technical support. In terms of the support, the end-user would get a response from the technical team, and, so far, from the feedback I've gotten, they are good. Clients seem satisfied with the level of service they receive.

I also work with Oracle. 

The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However,  the deployment of LogRhythm is very easy.

It takes 12 to 15 days for a full deployment.

We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.

It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.

In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.

As an implementor, we can handle the setup for our clients. 

LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm.

The price is in USD. For that reason, when we convert from USD to our currency, the pricing seems quite high.  

Everything is included. We get the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as well. We get everything in one package.

We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer.

We are working with the latest version of the solution. I can't speak to the exact version number, however.

I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.

We use the product for server and event management for the financial sector.

The product's stability needs improvement.

We have been using LogRhythm SIEM since last year.

We encountered some system downtime issues.

The product is scalable. Its scalability is based on specific licensing plans. It is suitable for enterprises. It has a lot of advantageous features for SIEM.

The technical support services are good.

Positive

We used SolarWinds before. We switched to LogRhythm because of specific requirements regarding log information and SOC activities, particularly for government contracts. In comparison to products like IBM and HP, LogRhythm is a cost-effective alternative.

The initial setup process is very user-friendly. It takes 15 days to complete.

Compared to other products,  LogRhythm SIEM generates a return on investment in terms of ease of use.

The product is inexpensive than other tools like IBM, QRadar, etc.

We evaluated six products as per our client’s requirements. They decided to go for LogRhythm, which solves business purposes and has economical pricing.

I rate LogRhythm SIEM an eight out of ten. In comparison, IBM has more features that are essential at the moment. However, it costs three times more than LogRhythm SIEM.