LogicHub SOAR+ [EOL] Reviews

We use this solution for automated orchestration within our environment. Specifically for us that is privileged escalation, detections, and malware detections that we want to have investigated.

This solution has reduced the time it takes for our analyst to do investigations, get alerted for malicious events, or look into any type of system event that might occur.

This solution allows us to easily investigate malicious events, system alerts etc.

We would like this solution to have a higher level of support for SaaS applications.

We would also like some improvement in areas like pre-implementation support, where a better understanding of our network, endpoint, and server environment to see what the specific use cases are that we can improve on. Perhaps they could provide ancillary, or consulting, services that help clients understand exactly why a particular automation would be helpful for SOAR. 

We have been using this solution for around two and a half years.

We have found this solution to be very stable.

This solution is easily, and limitlessly, scalable depending on an organization's budget.

The technical support for this solution is very good.

The setup for this solution is very easy. The vendor team is very good at working with organizations to get an understanding of what would be helpful, and then help you design and review playbooks to make sure that the requirements are feasible.

We would advise organizations to do a proof of concept to really understand what is required from the product before purchasing it, to ensure it covers all needs, and that the implementation is tailored to the specific environment.

We would rate this solution a nine out of ten.

We primarily use the solution for SIEM alerts triage automation and MITRE detection playbooks. We have hundreds of alerts from various detection tools fed into our SIEM. Correlation within the SIEM is difficult for us since our SIEM only supports simple filtering and one level of data sources correlation. Managing and updating correlation rules is a pain. We are now propagating alerts fed into the SIEM directly to LogicHub via a webhook. Within the LogicHub, we have playbooks that automatically enrich the alerts, baseline checking the alerts, risk weighing and scoring the alerts, and then stack ranking the riskiest and impactful ones to be escalated into a case so our analyst can be the human in the loop before we fire off any automated response. 

We no longer need to spend time on false positives. It has improved my detection coverage in areas lacking by the SIEM. A very nice case management system to track and automate tasks. With some of the playbooks automated, our analysts are now spending their time defining newer playbooks either for triage or detection. With the MITRE-based playbooks, we can just import and tweak the detection on areas where our SIEM vendor lacked rules. Our analysts only look at cases, which are less than a handful each day. Our analysts are not looking at alerts, which are 100+ per day. 

The ability to analyze data automatically to make decisions automatically is what I like the most. 

It is also fully integrated with hundreds of other tools. 

Our SIEM has the search capability but it cannot save the dataset for me to merge with the result set of another query. In LogicHub, to join two resultant datasets is super easy because they use SQL operators that I can do left join, right join, inner join, or full cross join. Besides some reporting tools that I used in the past, no other SOAR can do this easily. We automated that whole analytic logic so I don’t need to repeat. 

UI coloring can be improved. The UI resembles an IBM or HP software tool suite. The UI is not fancy like some of the others, however, it does work. The platform is designed for someone who has a logical mindset. The Logic needs to be planned out like any good design. 

The dashboards can be improved. There are basic table, pie, line, and bar data widgets, yet no geo-mapping widget. However, the dashboard does have the good feature of a funnel chart that I can show volumes of alerts vs cases that our team is handling each day. 

I've used the solution for five years.

The stability is good. We haven’t had any major outage yet - fingers crossed. 

LogicHub says they use Apache Spark as their core. I am familiar with Apache Spark as we also have Databricks implemented by other teams in-house on our big data projects. 

We have a customer success manager assigned to us that I have a biweekly meeting with. 

Positive

I used Demisto and Phantom in the past. 

The setup is easy. It’s a cloud-based solution. 

We handled the setup in-house. 

I do not know for sure what our ROI is. The platform is doing the work of two or more security analysts. We are paying the cost of about one analyst. 

LogicHub was the most cost-effective among the three other solutions we looked at. 

We had a bake-off between LogicHub, XSOAR, and Splunk. 

LogicHub engineers took the best of Demisto (CSOAR) and Splunk Phantom and added a threat section and hunting automation to their platform.