LogRhythm SIEM Reviews

We're in the process of a rollout right now. But from what I've seen, it will definitely be a huge benefit.

Our impression is the solution will be excellent toward meeting our meeting our existing security challenges.

Our biggest challenge right now, there is a big push towards docker containers and trying to wrap my head around how we are going to monitor and provide security for that.

The artificial intelligence engine.

Focus on open source, long sources like Linux and Docker, and those kind of things. More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it. This seems to be lacking.

It would be a huge help if there were some guidelines or some new technologies that were developed specifically for that.

It seems pretty stable. I'm not had any issues with it.

It seems like you could grow it horizontally. The solution that we have, it is the one that can split out with a couple of different data indexers and data processors. However, we are still in the roll-out phase.

They were excellent and very knowledgeable.

No, just some open source type of things.

We searched for a security solution because it is such a huge surface area to cover for a very small security shop. It is just two of us, and we have about 5,000 servers. It is a lot.

I was involved in the initial setup. It was somewhat straightforward, somewhat complex. There are a lot of moving parts.

If they had some type of a script, which you could run depending on the solution and what boxes you have. A script that would just go and automatically configure things and get that part of it done, then you could focus on getting the events in, things like that.

I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway. Better to do it upfront and have that headroom.

We were evaluating Splunk, and also QRadar.

We chose LogRhythm because the price point was within what we were looking to pay. It seemed like a more mature solution than some of the others.

A unified end-to-end platform solution is important but I understand that there will be different tools for different jobs. LogRhythm, that is their sweet spot and I hope they stay there because they do it really well.

Most important criteria when selecting a vendor: It is about the integrations with all the different products that we are using. LogRhythm seem to have most of those boxes checked. Therefore, it was a good fit for us.

The most valuable feature is the AI engine, as well as the usual SIEM product stuff. The ability to have all of our logs in one place is a big thing for me.

It’s brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device.

The reporting aspect is difficult to use and very difficult to get your own reports. So far this is it; they have a web UI and we had a recent update which fixed a lot of bugs and added a lot of great features. But the reporting is lackluster.

I've used it for 10 months.

We've had no issues with deployment.

Since we purchased one of their boxes, we've had 99% uptime. The only downtime has been for updates and upgrades. So we've had no issues with instability.

We foresee that it's scalable for our future developments. At the moment, we are using half of what it’s able to do.

I've been happy with the support in the initial setup. The support in our environment was well done. For any issues, we have had someone on the phone on that day, so there have been no downtime issue. They are super nice.

We didn’t have a solution before. It's usable out-of-the-box and it covers a lot of holes. It's done its job.

We looked at AlienVault and Qradar.

Definitely do a test run, a proof of concept, so it’s understood how it’s going to work in your environment. Also, take the training that they provide; i t's super valuable.

The advanced intelligence engine -- in fact, the whole suit -- is very powerful. It depends how you use it. Security management is what it's best at. As far I’m concerned, it’s one of the best.

This product is in general for medium-sized companies. For bigger companies with millions of logs coming in, it just cannot support them. The solution is not robust. It depends on the size of the companies and the size of the firewalls you have which will determine if it will work for you. Thus product is really good and easy to use for medium sized companies.

I've used it for three years.

Initially we had a lot of issues. Today it has improved dramatically, and it has no issues in deployment.

It is very stable, but we have to work with it and identify which logs we need. If we don’t, it doesn't handle the traffic well. 

Every tool is different, and you just have to work with it.

It’s one of the best customer services you could find. Everyone is very knowledgeable and helpful. You aren’t waiting around for tickets to be resolved. If they can’t resolve it, they escalate and resolve quickly.

Absolutely we have made a ROI. It resolves a lot of issues. It helps a lot of our infrastructure and everyone is benefiting. It’s absolutely worth the money spent.

They are very transparent about the licensing. They are upfront. They tell you what can handle what. They are honest people.

I have been invited to user group meetings and we have had good conversations. They have been very helpful and they understand my needs. They listen to our input and really take it seriously. They really work with us on different issues. 

Everything is fantastic.

I use the solution for logistics and metrics. We use LogRhythm SIEM for our company and our clients. The solution is deployed on separate machines.

The log correlation is the most valuable feature.

Our clients enjoy having one dashboard to monitor their environments in real time.

The coordination and load bussing has room for improvement. 

There is room for improvement with separate running sources or better integration.

I would like to have a better way to investigate the logs by adding correlations to the dashboard.

I have been using the solution for one and a half years.

The solution is stable.

The solution is scalable.

The technical support is responsive and always resolves our issues.

I previously used IBM Security QRadar and switched to LogRhythm SIEM because it is the best in the market.

The initial setup is straightforward. The deployment takes between nine to twelve hours.

I give the solution an eight out of ten.

The solution is for medium and large organizations.

• Investigation
• Advanced Intelligence Engine
• Alarming and Response

We have made this the foundation of our security intelligence within our organization. It has allows us to detect and remediate Advanced Persistent Threats.

I would like to the log management database perform more efficiently.

I've used it for five years.

Some minor bugs with the mediator. Those have been fixed in patch releases a long time ago.

9/10.

9/10.

Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.

We implemented it in-house. Active Directory import makes initial configuration quick and easy.

We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.

We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.

Our company manages the solution as a threat hunting platform for a semi-government client in the Hong Kong insurance industry. We collect logs for video, active directories, antivirus, and firewalls to consolidate them in the solution. 

From the central log collector, we build detection policies to identify threats or possible breaches. The solution also serves as a data storage platform to troubleshoot issues and find root causes.

In addition, logs that include performance data are created for devices such as routers and switches to monitor the availability of the office network. 

We also perform ongoing maintenance of the solution and all components to ensure everything runs smoothly. 

The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network. 

The engine accurately and quickly identifies problem areas as it correlates events from various devices. 

Without this engine, logs would have to be built individually for each device. 

The security playbook could be pre-defined and available to other analysts with similar security issues. Currently, playbooks are individually written for various actions and threats. 

It would be faster and easier to react to issues if pre-defined playbooks were accessible to all analysts. 

I have been using the solution for seventeen years. 

The solution is stable. 

The solution is scalable. 

I have escalated issues to technical support and rate the assistance I received an eight out of ten. 

Positive

The initial setup is complex and I rate it a six out of ten. 

We implement the solution for our customers. 

The solution remains a top choice for our customers because of its performance, indexing rate, and coalition engine speed. Customers trying to use SIEM to collect logs and identify threats require a solution that responds quickly. 

The solution's correlation engine is very important because it uses machine learning to automatically collect and analyze quite a bit of data. 

When choosing a solution, it is important to determine what you want to achieve instead of how the solution works. Most solutions have a method for collecting logs, relaying information, and identifying issues so selection is more about the speed and accuracy of end results.

I rate the solution an eight out of ten. 

Our primary use case is for financial companies and telcos.

The most valuable feature is that we can alternate incident automations.

We need to get better training for things like creating code and playlists. The way it's done now takes a long time. 

I have been using LogRhythm NextGen SIEM for two years. 

The stability depends on the client we installing or integrating for based on the server's requirements. We can create them according to that defined time period. It's not that difficult but depending on the customer or the other server requirements.

We can have a dashboard in a single platform, we can get notifications via email or SMS, and we have Smart Response actions. So that kind of possibility is there.

Our clients are mostly on a larger scale. 

You can request support and they respond immediately. They're really good. 

The initial setup is easy. It can take two hours. The first day of deployment is easy. Then depending on the devices and log servers, it can take time. We can give them predefined or pre-created devices and logs. The deployment depends on the devices and systems we are integrating. But the initial stage is easy.

Because we are a developing country, the costs depend on country development. We implement it for large-scale companies because normal companies, startup companies, can't afford products at that price. We mainly focus on large-scale companies.

I would definitely recommend this solution if you can afford it. 

We get customized reports and we get reports including all the details, but when we start using them we couldn't start with the Outlook editor. We can customize a document and we can write a report. The dashboards are very user-friendly and very attractive. But when it comes to the reporting part, I think that could use improvement in the next release. 

I would rate it a seven out of ten. 

My primary use case is threat detection.

LogRhythm SIEM has improved our organization by allowing us to bring in very widely diverse log sources, correlate them, and very easily create rules around alerting. We also use the case management features of the product to easily integrate both products into a single pane of glass for our analysts so they don't have to use two different products for alarming, as well as case management.

I would say we have seen a decrease in mean time to detect and respond over our previous SIEM. Basically, I think it can be attributed to the integrated case management. We are able to create cases, get eyes on those cases much more quickly than we were before.

The most valuable features are probably the AI Engine is very valuable, as well as Netmon.

We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks.

Definitely expansion on log parsing. There are some obscure log sources that we don't currently have parses for. We needed a new solution when our previous solution, the licensing expired on it. Hardware was out of life, as well as it wasn't scaling very well. Didn't provide a lot of the features that we needed.

Stability has been pretty good. We've had some road blocks, or some, I'm sorry, some road bumps, in terms of A&E stability, as well as with some log parsing with some of our larger log sources.

Scalability seems great. We actually did an expansion recently, and so far, it seems to be scaled well.

Tech support has been extremely helpful. They are generally very quick to respond. If the first level is not able to resolve the issue, they generally escalate pretty quickly, gather logs. They seem to be hands-on. They generally will take over your session, actually do a WebEx, take over your WebEx section and actually do most of the driving, to make things run a little smoother, a little more, than, you know, directing you to where to find logs in Linux or things that can be kind of obscure. They generally will do everything for you, short of making, you know, impactful changes.

As far as for supportive log sources, we find it to be very good for very common log sources, Palo Alto firewalls, you know, Windows log sources. There have been a few security tools that we've found that weren't supported out of the box, so we've had to either use professional services, try to create those parsing rules ourselves, or opened cases with LogRhythm support to have those created.

The reason we switched to LogRhythm, one of the core reasons, was the case management, and, as well as the Netmon. We liked having the integrated Netmon, and the case management, again, gave us a single pane of glass for our analysts to view the data, import the relevant data into the cases without having to use separate systems.

LogRhythm is definitely influencing. Since investing in LogRhythm, we've seen a lot more visibility into our product, into LogRhythm. We have a lot of non-security operations teams that are using the SIEM tools, just to view logs, Windows logs, troubleshooting issues, troubleshooting security events, so we're getting a lot of by-in from other teams into the program, which has accelerated the maturity of our program.

I was involved in the initial setup, and it was fairly complex. We did use a professional services to do most of the work, but, yeah, it was somewhat complex compared to some other solutions I've used in the past. However, with the capabilities of the product, it wasn't surprising, because, you know, with the feature-rich product, you're gonna have some complexity with it, as well.

I would probably rate it as an eight or a nine, currently, mainly, probably due to the complexity of importing log sources that aren't natively supported.