LogRhythm UEBA Reviews

Name: LogRhythm UEBA
Brand: LogRhythm
Rating: 3.5 (11 reviews)

3.5 out of 5

11 reviews
55% willing to recommend

What is LogRhythm UEBA?

LogRhythm UEBA enables your security team to quickly and effectively detect, respond to, and neutralize both known and unknown threats. Providing evidence-based starting points for investigation, it employs a combination of scenario analytics techniques (e.g., statistical analysis, rate analysis, trend analysis, advanced correlation), and both supervised and unsupervised machine learning (ML).

Get the User Entity Behavior Analytics (UEBA) Buyer's Guide and find out what your peers are saying about LogRhythm UEBA, IBM Security QRadar, Splunk User Behavior Analytics and more!

LogRhythm UEBA is the #11 ranked solution in top User Entity Behavior Analytics (UEBA) solutions and #25 ranked solution in XDR Security products. PeerSpot users give LogRhythm UEBA an average rating of 7.0 out of 10. LogRhythm UEBA is most commonly compared to IBM Security QRadar: LogRhythm UEBA vs IBM Security QRadar. LogRhythm UEBA is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.

Buyer's Guide

User Entity Behavior Analytics (UEBA)

April 2025

Get the category report

Helped 849,686 peers since 2012

Featured LogRhythm UEBA reviews

Sheikh Abu Ayub Azad

CEO at Trustaira

The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.

Read full review

Hanan Syed

Senior Cyber Cons at MDS

In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the use cases LogRhythm has. It does not have a very large use case library, so the content engineer needs to develop use cases rapidly alongside emerging threats.

Read full review

Hanan Syed

Senior Cyber Cons at MDS

The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs. Consequently, presenting this information to a CSO or senior manager often requires manual reporting rather than relying on the dashboard. I recall experiencing integration challenges with LogRhythm UEBA, particularly when connecting with products not listed in its predefined integrations. These issues often manifest as parsing errors, even when attempting to integrate with cloud logs.

Read full review

LogRhythm UEBA mindshare

Product category:

As of May 2025, the mindshare of LogRhythm UEBA in the User Entity Behavior Analytics (UEBA) category stands at 2.1%, down from 3.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

User Entity Behavior Analytics (UEBA)

Key learnings from peers

Last updated Feb 5, 2025

Valuable Features

LogRhythm UEBA's valuable features include CloudAI for anomaly detection, a customizable dashboard, an intuitive graphical user interface, and detailed reporting. Users appreciate file and registry activity monitoring, server threat hunting, and the system's ease of configuration. The tool's machine learning capabilities excel in detecting unusual logins and tracking compromised account usage. Its ability to pinpoint cyber incidents and analyze user behaviors is highly valued for infrastructure monitoring.

"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"I can investigate attacks more quickly using machine learning tools."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."

Room for Improvement

LogRhythm UEBA requires better dashboards, including real-time updates. Users find the pricing high, especially in Asia, and seek improvements in automation, filtering, and integration with unsupported devices. The user interface and documentation, particularly for open-source users, need enhancement. It also lacks a comprehensive use case library and efficient machine-learning capabilities. Users face challenges integrating with certain products, and cloud performance is seen as lagging. Improved data aggregation and risk presentation are also needed.

"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."

Pricing

Enterprise buyers evaluating LogRhythm UEBA note that while the solution offers flexible subscription-based licensing with various module options, it is generally considered expensive, particularly for cloud versions. Initial setup requires professional services, which add to costs. Opinions vary, with some finding it budget-friendly and others rating it costly compared to competitors like IBM QRadar. Pricing is typically on a yearly basis and may include technical support.

"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"It is quite a budget-friendly product."

Popular Use Cases

LogRhythm UEBA is primarily used for identifying identities, monitoring anomalous user behavior, and enhancing visibility. Companies use it for network monitoring, security analytics, threat hunting, and event logging. They employ machine learning tools for reducing cyber risk and investigating attacks swiftly. This tool is developed and provided by partners, with its use case depending on customer requirements. User logs play an essential role in securing infrastructure through constant monitoring and analysis.

Service and Support

LogRhythm UEBA's support is rated mixed by users. Some appreciate guidance during configuration issues, while others find reaching support and response time challenging. Beta team interactions are generally positive. Many note slow response times and needing repeated contacts. While some praise helpfulness, others expect more efficiency. Support is not deemed as strong as industry peers.

Deployment

LogRhythm UEBA's initial setup is often described as straightforward, although complexity varies. Some users find it quick due to precompiled applications and Windows-based deployment, while others require extensive tuning and multiple deployment phases. Challenges exist, particularly with troubleshooting post-deployment tasks involving agents. Deployment typically takes from a week to several months depending on resource availability, with organizations noting the importance of requirement analysis and familiarity with architecture for successful implementation.

Scalability

LogRhythm UEBA is mostly considered easy to scale, with high ratings from users. However, there are concerns about resource consumption and the limitations of the on-premises version. Many appreciate the flexible scaling options available, such as scaling at log collection, processing, or correlation. Adoption of cloud solutions is often suggested due to cost concerns with on-premises setups. The cloud option's pricing is compared unfavorably with competitors.

Stability

LogRhythm UEBA displays mixed stability feedback. Some find it very stable and trouble-free if properly deployed, while others encounter issues like agents stopping automatically. Ratings vary, with some giving it a 7.5 out of 10 and others a 7, indicating differing experiences. Stability is described as good by some users, though one suggests it's not too great. Overall, stability satisfaction ranges from acceptable to concerning.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our User Entity Behavior Analytics (UEBA) Buyer's Guide for additional reliable information.