LogRhythm SIEM Reviews

LogRhythm works within the core of our SOC. It's where our analysts work every day and where we do all of our investigatory work for security incidents.

It created our security posture. It is the central component of all of our security tools and it is the heartbeat of our SOC and our daily operations. It sets the tone for everything that we do.

This solution improves our organization daily. It saves us countless hours doing correlation work and reduces our investigatory process from days to hours. It routinely brings issues to the forefront using the AI engine and the use cases that we've built that need investigating. We constantly find new sources of logs to bring into the system to continue to make it better. 

LogRhythm does a very good job of helping SOCs manage their workflows. Our SOC is very young and we're not leveraging that feature yet. I've seen other companies' SOCs and watched them use the workflow features and it's incredibly well done. We're not mature enough yet to use it. 

For cybersecurity exposures, the one downside from LogRhythm's perspective is that it can only tell me about use cases that I've already defined. It cannot identify unknown cases at this time. However, we have just recently purchased the NDR solution and that does have this capability.

This solution is our principal mechanism for doing all investigatory work. When we get alerts from LogRhythm, we'd go back to the logs and trace those events back to their source. This is is how we shut down attacks. 

One of the features that we use the most and find the most valuable includes the Web Console. My analysts really like the interface and the ability to build queries using point-and-click without having to write Query languages. My favorite feature is the actual Admin Console and the ability to monitor all aspects of the SIEM's health and the ability to build new use cases for my analysts to work with.

We also use the Machine Data Intelligence feature for classifying and contextualizing logs. It does struggle with unknown log sources and we've had some challenges over the years getting new log sources incorporated into the MDI Fabric.

The ability to authenticate successes and failures using MDI is incredibly easy. For the log sources that we bring into the SIEM, that work is pretty much done for us by the MDI. We don't have to do any additional work.

One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI. We've waited a couple of years on some sources before they were incorporated. Writing our own custom MDIs is very challenging because it requires expert-level regex in order to write those rules and to make them efficient. Bringing in sources that aren't natively understood is where we've struggled the most.

We have been using LogRhythm SIEM Solution for six years.

The stability of the solution, if it's deployed properly with the right resources, is rock solid. We have not experienced any performance issues. When we first bought the SIEM, we undersized it, and the performance was compromised. 

This is a scalable solution. I've load-tested the SIEM at its current resource allocations up to four or five times as much as my daily ingest and the system handled it just fine.

Their technical support is second to none and is one of the reasons why we continue to invest in and consider LogRhythm as a strategic partner. Their support team are really good at their jobs and they always come through when we need them. I would rate their support a ten out of ten. 

LogRhythm is the first SIEM I have used and the only SIEM I have a lot of experience with. I've demoed other SIEMs and we've gone to market twice to look at whether LogRhythm was still the right decision. Both times we concluded that it was.

The setup of the SIEM is complex in its own right. LogRhythm typically recommends professional services assistance to deploy the SIEM properly. My company did not purchase those professional services so I had to figure it out for myself. Their support structure was so good and they helped me so much that we were able to get it working without professional help. 

LogRhythm is an out-of-box solution and this was why we bought it. I had no experience with SIEM when we bought it six years ago. I needed something that I could plug into the network, get up and running and get value out of immediately.

We get a vast amount of ROI from this solution. We get way more out of it than we put into it. One of the metrics that I track pretty closely in our SOC is the mean time to detect. Prior to the SIEM, the mean time to detect was measured in weeks and it's now measured in minutes.

LogRhythm's pricing and licensing are extremely competitive and it's one of the top three reasons we continue to invest in the platform. 

We looked at Securonix, Azure Sentinel, IBM's QRoC, and QRadar on Cloud. What really won us over with LogRhythm was the ease of use of the interface and the simplicity of the underlying architecture. It really lends itself to being a low-cost solution to own over time.

The nice thing about LogRhythm is that they continue to innovate and come up with new capabilities like their NDR solution that we recently invested in. They continue to stay relevant. 

I would rate LogRhythm a nine out of ten. The on-prem version of the solution is fantastic and is the core of my SOC. It's our daily tool for all of our investigations. 

I work with LogRhythm SIEM in a variety of ways, including monitoring security and compliance, conducting behavioral monitoring, and handling security information and event management (SIEM) tasks. The solution is used for security monitoring, user behavior analytics, NDR, and consolidating events from workstations to servers.

LogRhythm SIEM helps maintain security through continuous monitoring and provides a platform for behavioral monitoring, which can be deployed using the AI engine.

LogRhythm SIEM has some valuable features, including its ability to maintain backups of events and manage alerts separately through an engine that handles content and administration tasks.

LogRhythm SIEM needs improvement in data grouping and manipulation capabilities. The dashboard configuration capabilities are also very limited. Improvements are needed in the areas of query-based searches and pivoting table creation.

I have been working with LogRhythm SIEM just about two and a half years in my current organization.

I did not work on the stability aspect of LogRhythm, but I faced some issues with similar SIEM tools in terms of handling event per second rates.

LogRhythm SIEM comes with scalability challenges, especially related to licensing. Increasing the scale requires additional licenses, unlike Microsoft Azure's pay-as-you-go model.

I have not personally escalated any questions to LogRhythm technical support.

I have experience working with various tools like Azure Sentinel, QRadar, and Splunk. These tools often have modern capabilities that are more comfortable to use compared to LogRhythm SIEM.

I was not part of the initial setup as it is usually handled by a specialized deployment team.

In our organization, the deployment team is responsible for LogRhythm's implementation.

LogRhythm SIEM is considered cost-effective, especially for medium-sized or smaller organizations, as it offers a decent SIEM solution.

I am not aware of the specific pricing and licensing costs, but it is definitely less expensive than other tools like Splunk and Azure Sentinel.

I've evaluated Azure Sentinel and Splunk, which have distinct modern SIEM capabilities.

For smaller and medium-sized organizations, LogRhythm can be a suitable option due to its cost-effectiveness. However, for larger organizations, solutions like Splunk might be more appropriate due to their advanced capabilities.

I'd rate the solution seven out of ten.

The solution is used for threat hunting. We also use it as an SIEM for our SOC.

The solution enhances our organization's threat detection and response capabilities. It prioritizes alerts. We can write rules on it. It provides a comprehensive rule list out of the box. We have compliance rules for PCI and SOC. We prioritize the rules for PCI compliance. Assets that we have ingested have PCI labels, and we can identify the websites that need PCI. We can visualize threats on important assets and analyze, mitigate, and rectify them.

The log analysis feature is valuable. The solution has an AI rule manager. AI Engine gives us plenty of options to write new rules and modify existing rules according to our requirements.

The cloud version must be scaled better. The EPS values shown are sometimes not reflective of how we see them. Log ingestion takes a couple of days. When we have errors, the turnaround time is two to three days. It should be organized for better turnaround time. The cloud infrastructure is taken care of by the cloud team. The responses provided by the cloud team are inefficient. The response time must be improved.

I have been using the solution for two years.

I rate the tool’s stability a seven out of ten.

The tool is scalable, but the tech stack is very old. It doesn't use the new generation bells and whistles like artificial intelligence. There is a lot of room for improvement. I rate the scalability a seven out of ten. In our organization, 12 to 15 security analysts use the solution.

The support team helps us a lot.

Positive

We used FireEye two years ago. The management decided to move to LogRhythm SIEM because FireEye was going through a transition, and we wanted a stable product.

The initial setup is not easy. It requires technical skills. I rate the ease of setup a six or seven out of ten. The solution is cloud-based. Our environment is very complex. The deployment takes three to four months. We have to install agents. We have multiple locations with multiple data centers and a multi-cloud presence. The setup must be done with a lot of variations.

We use Puppet for Windows deployment. The Linux deployment needs forwarders. We have multiple tiers, endpoints, and collectors. We must set up multiple things. Each aspect has its own set of rules and limitations. We cannot do everything in one go. We must scale it up gradually.

We have seen an ROI on the product.

We are moving to Google Chronicle. We are in the transition phase now.

LogRhythm SIEM is a good product for a small SOC. Overall, I rate the solution an eight out of ten.

In my company, we use LogRhythm SIEM for integrations. We use the product for SOC use cases. If we have SOC implementations, LogRhythm is the SIEM solution we use since it can also offer a SOAR solution.

The most valuable features of the solution are network monitoring, user behavior analytics, and log collection. Our company uses almost all the features offered by the solution.

The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great. Since the product does not offer a web console, my company must rely heavily on the client console. There need to be some improvements in design. I want LogRhythm SIEM to be more user-friendly.

The File integrity monitoring (FIM) features offered by LogRhythm are great, but it is not competitive with the other solution offering the same feature.

I have experience with LogRhythm SIEM for two years. My company is a reseller of cybersecurity solutions. I use the solution's latest version.

It is a pretty stable solution. Stability-wise, I rate the solution an eight out of ten.

It is a very scalable solution. Scalability-wise, I rate the solution a nine out of ten.

My company caters to three customers who use the solution. Mostly our customers are enterprise-sized businesses with a few hundred or thousands of people.

I rate the technical support as an eight out of ten.

Positive

The initial setup was easy. I rate the setup phase an eight on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on-premises.

For deployments, it can take about two to three weeks. It could take more time when it comes to tuning or fine tuning needed in the solution, and it is not the case for LogRhythm alone but the same for all SIEM solutions. The deployments and the initial configuration can take around a month.

There are two aspects when it comes to the steps involved in the deployment phase, which are organizational and technical. Our company starts the deployment with the organizational aspects first, where we have to understand the company's context, to understand the company's use cases, and where we have to implement. Then, we start with the technical stuff, like installing solutions and configuring the use cases we have already discussed with the customers.

On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven. Price-wise, it is not a solution for small businesses. My company works in the African market, and in African markets, LogRhythm SIEM could be very expensive for small enterprises. There are annual charges to be paid for using LogRhythm SIEM. There are no extra charges in addition to the licensing costs of the solution.

To those planning to use the solution, I suggest they get trained before starting the use and deployment of the solution.

I rate the overall solution a nine out of ten.

We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.

LogRhythm really gave us a better understanding of what our overall risk is within our network and has opened our eyes to include other products that helped address different types of issues. Whether it's getting into vulnerability scanners or different pieces of other software, it's opened the door to what's out there. It helped us to turn on different features or other products along the way and helped us to identify what we need to improve on and present it to our executive team.

One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us.

We use the Event Log Filtering feature a lot. We use it for simple troubleshooting tasks like when a user is logged out, to more important tasks like trying to investigate a threat. As far as its effect on productivity, we can go and search instead of trying to troubleshoot and guess what is causing an error. We can identify what the program is or where the hiccup is.

LogRhythm helped us to identify a lot of blind spots. Originally, we didn't have a SIEM tool. We had auditors say that this is something that we should be doing. My management team asked me to go and find a product, and I researched a bunch of them and found LogRhythm. It really opened our eyes to see how much traffic we have, whether it's other IP addresses that are scanning us or external users trying to hit certain ports that could then get closed. It helped us tighten down some of those firewall rules that may have been left open unintentionally through other changes. It helped us a lot early on to identify who was trying to communicate with us or, essentially, who was trying to attack us.

As far as our overall security posture, our SIEM tool was the initial push that really got us going into identifying where all of our threats were. We expanded over the seven years that we've had it, and I implemented at least eight other products that are all security related because the SIEM tool indicated the need to identify other risks. It really helped us as an organization to identify risks and move forward to a more secure environment.

When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away.

We've had LogRhythm for almost seven years now.

It's very stable. We've been on the same system for the seven years that we've had the product. We've had no issues and haven't even had to upgrade any of the systems or increase anything hardware-wise up to this point.

I haven't really had much of a chance to do any scalability because we haven't had to scale anything up. Ours is a virtual instance, and if we needed to scale up, we could just shut the server down, add some more resources, spin it back up, and it would be good to go.

Initially, tech support was a solid ten out of ten when we first started. Over the last couple of years, they have changed how they handle tech support requests, and the response time decreased from what it used to be. You call in, they'll take your information, and then they'll call you back later. That can take 24 hours or more. When you actually do get somebody on the phone, they're very good and know exactly what they're doing. They'll take care of you.

In terms of response time, I'd give tech support a six out of ten, but in terms of how good they are as tech support, I'd give them a seven or eight.

Neutral

We didn't have a designated security person on staff, and our auditors came in and said that we should be doing this. As a help desk person, I looked for something specific that was going to give me the flexibility I need but also allow me to spin up and run while doing the rest of my duties, and LogRhythm was the best one that I found that could do that.

It's pretty complex to set up, in a way. However, now that I've done it and have done an upgrade as well, it doesn't seem as bad.

I did something wrong on one of the initial upgrades, and it threw an error. I called in support, and they immediately jumped in and started working on a lot of the backend pieces that I don't normally touch. It's pretty complicated if you have to get into that, and that's where the tech support comes in.

With this last upgrade, I did not run into any errors, and it went through just fine. I thought that I was going to be doing this for six hours throughout the day, and I got it done within two or three hours.

I set it up and upgraded it twice, once with help from LogRhythm and once all by myself.

We're on a perpetual license, but they're trying to move us to a subscription-based license. We've been with them for so long, and we'd like to keep it the way it is rather than switch to a subscription-based license.

We looked at four products including QRadar and Rapid7 InsightIDR. We did POCs for all four solutions, and LogRhythm was the best solution for our needs.

One of LogRhythm's distinguishing features was its AI engine which analyzed the tools and allowed it to alert for specific events, instead of me having to dig down and create all these rules. It came with pre-created rules.

Another piece that was really important was the implementation. They had a lot of pieces for third-party vendors as well. We could pull in the logs. All we had to do is just create a rule that says, "alert." It came pre-programmed with a lot of alarms that would automatically correlate with our AV, along with our firewall. We didn't have to create them because they just came in pre-made, and that was a big feature that we looked for. Just implementing it or adding to it didn't take up too much time.

If you are one who thinks that SIEM is an outdated security tool, I would be very curious to know what other solution would be better than a SIEM to accomplish the same goals. A SIEM tool gives you such an open perspective into what is going on in your network and gives you the ability to dig in if you really need to. Whereas if you have a completely managed solution or one that uses AI and does everything for you but doesn't provide you the logs, you might know what's wrong but won't know what else is going on out there. With a SIEM tool, you can dig in as far as you want to, and specifically with LogRhythm, you can be as hands-free as you want to be. It'll tell you what's wrong, and you can address those problems. You have a lot more flexibility with LogRhythm SIEM.

Overall, I'd rate LogRhythm SIEM a nine out of ten. I really enjoyed the solution. If you have to program anything yourself, there is a little bit of a learning curve. They've got lots of guides that you can use, and depending on your skill set, you may be able to figure it out sooner rather than later. The resources are all there, and the community is there to help you, which makes the product really great and easy to use.

LogRhythm SIEM is a cybersecurity solution that we use to protect our network and devices from external and internal threats or attacks. It's part of our overall cybersecurity strategy, which includes SIEM, EDR, and DLP solutions.

LogRhythm SIEM offers advanced features such as AI engine modules, machine learning, and threat intelligence integration, which help reduce false positives. Advanced analytics streamlines incident response processes, enabling incident responders to prioritize and automate alerts.

LogRhythm SIEM can improve its user interface. The current interface is quite complex and can be challenging to navigate. While it offers many valuable features, understanding how to access and utilize them efficiently takes time. Simplifying the client console's user interface would significantly enhance the user experience and make it more user-friendly.

I have been using LogRhythm SIEM for the past five years.

I would give it a nine out of ten in terms of stability, as the support and tech teams are reliable and efficient in resolving issues.

Considering its capacity and ability to meet requirements, I would rate LogRhythm SIEM around seven out of ten.  As a service provider, we cater to multiple users and organizations.

The technical support for LogRhythm SIEM is good.

Positive

The setup for LogRhythm SIEM can be rated eight out of ten in terms of ease. It's an on-premises deployment and typically takes about ten to fifteen days for a basic setup. Still, depending on the complexity of log sources and integration needs, it could extend to twenty and twenty-five days.

We’ve integrated LogRhythm SIEM with various systems, such as Cisco switches, databases, PAM solutions, and Trend Micro ADA solutions. AI integration plays a significant role in enhancing security monitoring efforts by automating tasks and detecting zero-day attacks.

I would rate LogRhythm SIEM an eight out of ten and recommend it to others.

It is an SIEM tool. It gathers logs, parses and normalizes them, and correlates the logs with the rules we write. For example, if an account tries to log in multiple times with the same username, I can write a rule for it. The SIEM tool would analyze the logs and generate alerts based on the rule.

The user interface is pretty good compared to other SIEM tools. The log search capabilities are good. It gives results pretty fast.

The correlation can be improved. If an alert is generated, we want to know the related events. We often have to search for the drill-down option. Sometimes, it is not available. Sometimes, the tool fails to get the correlated events that triggered the alerts. Searching logs is a bit difficult compared to other tools.

I have been using the solution for one year.

I rate the tool’s stability a seven out of ten. The tool fails if we run big queries. The search breaks down even if we put a limit on the number of events.

I rate the tool’s scalability a seven out of ten. It generates alerts but doesn’t give us the related events that generated them. Sometimes, we need to mess with the configuration to get it back up. The security team uses the tool to analyze the logs.

I used QRadar before. I prefer QRadar over LogRhythm.

The initial setup is easy. It is not that difficult.

People who want to use the solution must not do any big searches. Overall, I rate the product a six out of ten.

It's a next-generation SIEM solution. We use it for our clients. 

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

It's not easy for someone new to the solution. There are some complexities involved with the initial onboarding. It needs to have more user-friendly dashboards and onboarding processes. 

It is a premium solution which means it is quite expensive. 

I've used the solution for the last three years. 

The solution is scalable. I'd rate it eight out of ten. There are no bugs or glitches. It's reliable, and the performance is good. 

The solution is very scalable vertically as well as horizontally. It is great for big setups. You can scale as per your requirements. There's no issue with expansion. I'd rate the solution nine out of ten in terms of ease of scaling if a company has multiple locations or has a setup across countries. 

We are a gold partner. We've never faced any support issues. They are very helpful and responsive. 

Positive

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved. 

A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup. 

The solution is moderately priced. Sometimes they give good deals if there is a larger requirement. 

If the solution is on-prem, there is a cost to investment. If it is on cloud, this is not the case. 

We are a gold partner. 

I'd recommend the solution to others. It has a lot of new features and offers AI and ML. There is good support, scalability, and flexibility on offer. 

I'd rate the solution seven out of ten.