No more typing reviews! Try our Samantha, our new voice AI agent.

Darktrace vs LogRhythm UEBA [EOL] comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
112
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Darktrace
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
LogRhythm UEBA [EOL]
Average Rating
7.2
Reviews Sentiment
6.5
Number of Reviews
12
Ranking in other categories
No ranking in other categories
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Pasan Jayarathna - PeerSpot reviewer
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Venda E - PeerSpot reviewer
Cloud Option Engineer at a tech vendor with 10,001+ employees
Behavior analytics has improved insider threat detection and reduces false positives for our team
The best features LogRhythm UEBA [EOL] offers are its behavioral balancing, baselining, risk scoring, and correlation with SIEM events, and what stands out most is risk scoring, which gives clear visibility into which user behaviors are genuinely risky and helps our team to focus on the highest priority threats without drowning in noise. Risk scoring helps us to quickly identify which users' activity needs immediate attention by clearly ranking threats based on impact and likelihood; it changes our day-to-day operations by reducing time spent on low-risk alerts and allowing the team to prioritize investigations and response actions more effectively and consistently. LogRhythm UEBA [EOL] has positively impacted our organization by improving our ability to detect insider threats and compromised accounts earlier, resulting in better security visibility, reduced false positives, and faster investigations and response times, which helped the team operate more effectively with greater confidence. I observed a noticeable reduction in false positive alert volume, which shortened the investigation time per incident, improving the mean time to detect and respond, and helping identify high-risk user activities earlier, which prevented potential security incidents from escalating.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"The good thing about the product is that it's always scanning."
"The tool is designed to scale for large enterprises and handle large volumes of data."
"Cortex is a very good total solution on the endpoints."
"The best feature of Cortex XDR by Palo Alto Networks is that it collects logs from different sections such as the endpoint, the network, and the cloud, making it easy to investigate alerts, collect some of the investigation packages related to the infected machines, and provide live response."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"We liked their approach to identifying intrusions or network anomalies using AI."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
"The Antigena feature is very useful."
"I find it very good in the way that they show the past events, including the attack history, and you are able to visualize all of the attack paths and connectivity to see what's happened."
"The most valuable features of Darktrace are its full capabilities, as you have visibility of everything happening on your network, emails, and SaaS applications."
"The most valuable feature is the endpoint protection."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The capability of pinpointing specific cyber incidents is a valuable feature for us."
"Licensing is on a yearly basis, and it's not expensive compared to its competitors."
"I definitely think that it's good at finding things automatically, versus trying to define it."
"Overall, this is a really good product and I recommend it."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"The tool's most valuable feature is server threat hunting."
"LogRhythm UEBA [EOL] has positively impacted our organization by improving our ability to detect insider threats and compromised accounts earlier, resulting in better security visibility, reduced false positives, and faster investigations and response times, which helped the team operate more effectively with greater confidence."
 

Cons

"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"The tool needs to be improved in terms of integration and interface."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."
"It would be good to have a better way to search for a file within the UI."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Impact on system performance is horrible, adding a lot of delays for users."
"The pricing is a bit high for the region."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."
"The management user interface needs improvement."
"The price point for the product was too high for what our possible use case could be."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"The initial setup is a bit complex."
"The technical support is not very good."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"We're now exploring the cloud version but unfortunately we've found that they are lagging in that space."
"The UI could be improved a little bit."
"Better dashboarding. At the moment, the dashboard only has an hour."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The search feature needs to be improved."
"The only problem is that the agents consume too much memory and system resources; the memory and resource consumption is high."
"LogRhythm UEBA [EOL] could be improved with more flexible tuning options and clearer model transparency to better understand why certain behaviors are flagged; enhanced integrations with additional data sources and more intuitive dashboards would also help improve usability and investigation efficiency."
 

Pricing and Cost Advice

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"Its pricing is kind of in line with its competitors and everybody else out there."
"The pricing is a little bit on the expensive side."
"I am using the Community edition."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"Darktrace is expensive. You can pay for the license yearly."
"Darktrace is quite an expensive solution."
"The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
"The pricing is subscription-based and it is high."
"It is expensive. I don't have the price for other competitors."
"It is inexpensive considering what it can do and the competition."
"In the ballpark, we're talking about $30K, $50K, and up. It can even be as much as $50K or $100K."
"It's an expensive solution."
"It is quite a budget-friendly product."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"The pricing is nice when compared to other products in the industry."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
900,644 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Government
7%
Retailer
10%
Construction Company
10%
Computer Software Company
10%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise20
Large Enterprise52
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise4
Large Enterprise4
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solut...
What is your primary use case for LogRhythm UserXDR?
I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learnin...
What advice do you have for others considering LogRhythm UserXDR?
I would not necessarily recommend LogRhythm due to its complexity and lack of modularity. I would always recommend Sp...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
LogRhythm UserXDR, LogRhythm Enterprise UEBA
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, TrendAI and others in Extended Detection and Response (XDR). Updated: June 2026.
900,644 professionals have used our research since 2012.