LogRhythm Axon [EOL] Reviews

Right now, in our company's back-end, we use a platform from an MSSP that provides LogRhythm. Our site was initially in two thousand eighteen. In our company, we use components from LogRhythm, considering the current MSSP environment we have.

If I look at how other SIEM service providers in the market, like ArcSight or QRadar, provide licenses, I have seen others offer separate components for licenses. Most SIEM solutions treat UBA or SOAR as a separate component, causing users to rely on third-party solutions to incorporate SOAR elements into the main solution. In ArcSight, as a part of EPS, users get the inclusion of everything in a single tool. Multiple components, like UBA, SOAR, and the analytics part, are provided by LogRhythm. LogRhythm NDR is available as a separate component, and the customer can choose whether NDR or NetMon should be a part of their environment, but ArcSight doesn't provide such a solution, causing users to rely on third-party solutions while in QRadar, IBM provides QNI.

In my company, we have built up a LogRhythm-based environment in a shared model, or better to describe it as in an MSSP platform, and so we have LogRhythm AI Engine and LogRhythm XM appliance, which are deployed in such a way that all fall under HA cluster. My company provides services to customers in India, so if some of our customers want a cloud or SaaS-based model, then we can fulfill their requirements at a minimum price. If one of my company's customers doesn't want to go with the dedicated solution and if they are okay with a multi-tenant or MSSP platform, we can ask them to consider LogRhythm. LogRhythm has some SOAR features and some basic UBA features that a user can use in their day-to-day activities or use cases. With LogRhythm, one of its good features stems from the fact that it makes available out-of-the-box connectors for users.

LogRhythm Axon has come up with the AI cloud concept in the market. When it comes to the AI cloud concept, you need to consider that every region has differences when it comes to data sovereignty. The AI cloud concept from LogRhythm Axon was based on real-time AI and ML concepts, along with analytics parts that were carried out. The AI cloud concept from LogRhythm Axon is not something that is available in India, so I want it to be introduced in India soon with data sovereignty compliance in place. LogRhythm should focus more on Axon and its cloud platform, which can be helpful in the future to compete with players like Sentinel and Splunk, which currently offer cloud models to users.

With LogRhythm Axon, stability and support are areas with shortcomings where improvements are required.

I have been using LogRhythm Axon for the last three to four years.

Stability is an area with a little bit of a challenge regarding LogRhythm Axon. The hardware component that LogRhythm refers to, including the compute side, falls on the higher side.

Scalability-wise, LogRhythm Axon is a good product. If you have a compute or cloud in your own environment or cloud, scalability won't be a challenge.

When it comes to LogRhythm Axon, I can say that my company has more than 70 customers on its MSSP platform. My company has a total of 100 customers who use LogRhythm.

Apart from the response delay, the solution's technical support is good. My company has opted to take dedicated time from the support team so that they can address our issues. I rate the technical support a seven out of ten.

Neutral

My company had procured ArcSight in 2018, but in 2020, we migrated to LogRhythm.

The time required for the deployment of LogRhythm Axon depends on the skill set of the engineers involved in the deployment process. With the right skill sets, engineers can deploy LogRhythm Axon in two or three weeks, and at some places, my company had to carry on with the deployment process for around a month. The time taken for the deployment process depends on how well-versed the people involved in the deployment process are with the technology in the market. It is not the tool that makes the deployment process challenging. In general, the complexities around the deployment process of the product stem from the people who work around the deployment phase of the solution.

My company has technical people working in more than 50 environments in relation to the deployments and maintenance of LogRhythm Axon.

During the first and second years, when we were using the solution in our company, we used the sources offered by LogRhythm to carry out the deployment processes. In terms of deployment, whatever our company is involved in currently in terms of deployment is managed internally.

I know that there are certain payments to be made towards the licensing costs attached to the product. LogRhythm Axon is neither a cheap nor an expensive solution, especially when compared to products like Sentinel or Splunk. The pricing of LogRhythm Axon falls under the mid-range, in my opinion.

A lot of people connected with LogRhythm Axon who work in our region are very supportive and helpful, including the managers and technical people from LogRhythm with whom my company currently works. LogRhythm Axon is a tool that is priced at a very competitive rate, especially if you take into consideration the price of other products in the market. LogRhythm Axon is a good product since it offers a good console, dashboard, and technical support to help users of the solution who work in back-end processes.

Due to some of the challenges posed by the product and some issues related to the support, I rate the overall product an eight and a half out of ten.

We're using the solution to identify future needs that we are going to have to provide our customers as solution providers. We are also learning how to integrate it into the environments, build the rules, mirror what's in the current LogRhythm solution into the new product, and develop that technology for our customers.

The biggest way by which Axon is going to improve our organization is the cloud because we're an integration and solution provider. It's going to reduce the amount of workflow for our engineers, and we'll be able to focus more on customer needs for security knowledge and on getting data and applying domain expertise to the SIEM product versus working on hardware and troubleshooting software.

Right now, we use more resources to manage and maintain logs because we're running Axon in parallel, but I can accurately guess that Axon is going to reduce the amount of resources needed because of the cloud. It's going to eliminate the hardware and software support requirements. We are already spending less time in Axon than we do in our current on-premises solution.

For me, the most valuable feature of LogRhythm Axon is the log parsing technology it has. With my company, I'm the current policy builder, so not having to know an archaic, cryptic format and being able to visually grab a log and assign an element to a particular meta tag quickly and easily, and being able to run tests on that have been super useful. It's going to revolutionize the way the logs are identified and classified.

It's super easy to navigate workflows on the user interface. It is intuitive, and Axon uses a lot of industry-standard icons. You can quickly identify where you need to go to find the tool you need to use, whether it's creating new policies, creating widgets on the dashboard, or doing administrative tasks such as creating users or assigning permissions.

Regarding Axon's impact on our investigation time, the investigations are extremely fast, intuitive, and easy to use. You just have to click and drag. We can quickly drill down into things versus that with the current solution, which requires a little bit of training and understanding of the query languages. Axon provides a much better way. The fact that your investigations can be saved into a single query string that you can copy and share with your teammates is going to be a game changer.

The GUI's intuitive nature and ease of use, along with being able to quickly go in and create accounts for new users in the application, have streamlined our onboarding process. It's much faster and easier than that with the existing tool. My hope is that they're going to actually integrate Axon with Active Directory so that it can be automated within your environment and you can handle that at user onboarding.

The visibility provided by Axon is great. The number of widgets that it has currently, the proposed widgets that they hope to add, the number of meta tags, and the way you can manipulate and change the way that you view the data are really useful. You can create multiple dashboards with different views, pivots, and ways to analyze the data. It gives you good visibility into what's going on.

It's critical for any organization, including ours, to have centralized visibility across a variety of log sources. By using different dashboards and widget configurations and by changing the way that you analyze and look at the data, you can quickly have different views. You will be able to see things that are not normally visible in current products and have a more holistic view.

The Axon log management searchable database has significantly improved the way that we create investigations. The ability to click, choose, create queries, modify those queries, save them, and share them among people has been a significant improvement compared to that with the existing LogRhythm product which is very GUI driven. You have to understand the logic behind it. It's going to be a good change to be able to quickly copy, paste, and send an investigation and have the person run it rather than having to recreate it or be locked into using a shared investigation that you've created.

The cloud-based architecture is going to really reduce the number of resources for SOC engineers because they're going to be able to focus more on data analysis and data concepts rather than on supporting software problems or hardware issues.

It's a very beta solution right now, and there are so many features that we would like to see added in, such as integration with Active Directory, which is essential for user management and for streamlining that process significantly.

Another feature that's not currently available is silent log source detection, which lets you know when something that should be reporting in isn't and that you need to investigate why.

Some parsing policies are currently lacking but are in development. I'm definitely looking forward to seeing the increase in parsing policies to match the level of the current LogRhythm product.

It's been about eight or nine months since we started using this solution.

It's a beta solution right now. There are times when we want to work in it, play, and test things, and it won't be available because they're updating something or adding new features. When it's not being updated, it's rock solid.

I think that the cloud is the way to go for scalability. The underlying cloud architecture is so much better than the LogRhythm architecture stuck in the early 2000s. Those SQL Server roots are limiting.

I've got a long history of working with LogRhythm, and currently, I'd give technical support a seven. I'd like to see them continue to improve to get up to the 10 level at which they once were.

Time-to-response needs to be improved. Currently, the biggest challenge is that you'll send in a ticket, you'll provide all of the information you possibly can, and, six or seven hours later, you'll get a response asking you to provide some more information when the information is already in the ticket. Then, we end up playing email tag back and forth.

However, one of the things that they've implemented recently that I really like is the ability to schedule a time when we can work together with technical support staff.

Neutral

The initial deployment was easy. Because it is on the cloud, there was zero work on our part to get the cloud-based system. We have an existing on-premises solution, and the agent provided the data so that we could do this in parallel and split the data both into our existing system and into Axon. This allowed us to see how it's going to work before going live in the future and made it a seamless transition in parallel.

I'm going to give Axon a solid six out of ten because it's so new. I'm hopeful that they are going to continue to release features and functionalities that will knock it up to a nine or a ten.

Because we have a business relationship with LogRhythm, our use cases involve evaluating their new platform and giving them feedback to assist them in making the best product possible.

The search feature within Axon is pretty robust. It's actually very fast in comparison to that in the previous platform. It's going to really help with investigations when they get rules put into the system.

The user interface is very easy to navigate. Everything is very dashboard driven. If you want to go ahead and drill down deeper into something within your dashboards, all you have to do is hover and click a little magnifying glass. It will automatically kick into search for you the last 24 hours of that specific piece of metadata.

Right now, there are no analytics rules with Axon, so Axon's ease of use hasn't really made an impact yet on our investigation and resolution time. Once they do get that baked in, with the speed of the searches it is going to be very helpful for analysts and for investigations.

Because of the GUI's ease of use, onboarding new employees within Axon is incredibly simple. All you do is just go to the user's tab and input their name and email address, and then, hit "Okay." It will then send them an email with a link to go ahead and create their user accounts.

In terms of the impact of the Axon log management searchable database on investigations, the speed of the search is just incredibly fast in comparison to that of the older platform. You can search tens of thousands of logs within just a couple of seconds. It is going to exponentially help the investigation times for the SOC analysts and for just pulling logs and getting data. You can run a freeform search, or you can go ahead and just leverage the dashboard information to run a search from there.

Axon can be improved by LogRhythm releasing more updates for it more frequently. I know that it takes a lot to build a platform like this. However, we're all very excited about it, and we would like to see it be fully completed so that we can actually start leveraging it to its full potential.

We've been using LogRhythm Axon for approximately six months.

So far, the stability seems pretty great. I haven't run across a lot of problems. There was one issue a while back when searches weren't working, but they were already aware of the issue and were working on the backend to get it fixed.

I'd give technical support a five out of ten. There are definitely areas that they can improve upon. Faster response times would be wonderful, and having more knowledgeable staff who provide the support would also be great.

Neutral

It's a very straightforward deployment. Essentially, you leverage the current LR7 collector, and then, you make a couple of modifications to a SIP file with the API key for Axon for your agents. Then, you go ahead and take that little CONFIG file that you have and toss it in the system monitor configuration folder. Then, it will just start sending data that the collector is currently collecting up to Axon. You can dual-feed to your current SIEM solution if you're using LR7, you can go ahead and send it to Axon, or you can do both at the same time.

If you are a security professional at a small company considering Axon as your log management solution, I would advise you to definitely wait until it's a little bit more baked than it currently is. Right now, it's just the log observation platform.

On a scale from one to ten, I'd rate Axon at seven right now. It has a lot more room to grow, and I look forward to seeing what it can become.