LogRhythm SIEM Reviews

The visibility that it gives us into all of our data at once.

It would take me a thousand hours a day to go through all that data, so, like I said, it lets me see everything in one place, and I'm able to see where the problems are.

A cleaner interface. I keep getting confused and forgetting where everything is. A more intuitive interface would be helpful.

It does seem to be good at gathering data. Like I said, it's hard for me to get that data. I would just like it to be more intuitive. When I go to look for stuff I frequently can't find it. Either it's not there or I just don't know the program.

It scales enough for us. We haven't had any issues, no complaints about it.

I've used their training. I have not used their tech support. Again, we have an administrator, he's been there. He probably knows more about this than I do.

In terms of a solution being a unified, end-to-end platform, that would be nice. It's not something that I think about. I just use what's there.

I would tell a colleague at another company who is researching this or a similar solution to try it out. That's the only way you're going to know whether you like it. Don't trust the marketing materials. Ever.

I like the direction they're going with the AICloud stuff. They're talking about the playbooks. LogRhythm seems to be on top of things and always looking to improve, I like that.

Visibility. Being able to see the system, see what's coming in, and being able to report on the logs coming in. Seeing what other people are doing and being able to track down quickly what is going on in your network.

We're a worldwide company with 50,000 employees, in probably 15 locations, three SOCs and four or five data centers.

It's made it quicker for us to see threats. It's an easier platform to work with. Its more user friendly, GUI based.

Easier creation of rules and parsing, and more user-friendly. A more user-friendly basis of using the tool to create rules and alarms to be able to report off of, and quickly stop any attacks and the like.

Also, more in-depth training on how the security platform works with other pieces of software like Sequel, firewalls, or PowerShell.

A ten again. It's very easy to scale.

Great. They respond quickly and are very knowledgeable and they also allow us to be hands-on. Instead of them doing it for us, they actually teach us how to do it. So better knowledge transfer.

We were using RSA Security Analytics and, before that, we were using RSA enVision. The challenges behind them were that they were very clunky, not very user-friendly, and you had to know coding, and you had to know command-line interfaces to even use them. Even on their GUI side. With LogRhythm we don't have to.

It was straightforward and, like I said, a lot of good knowledge transfer on what to do and how to proceed.

IBM QRadar and RSA Security Analytics, but LogRhythm stood out because of their scalability and their interface and their user friendliness. Being able to easily navigate through the system.

It is very important that our solution to be a unified end-to-end platform. Very important. We wanted a one-stop shop with LogRhythm. We didn't want to use anything else to record our logs and stop threats.

I would give LogRythm a 10 out of 10 just purely on the fact they are very helpful, very knowledgeable. The software is very easy to use. Easy to learn. I came into security with no knowledge of security or how to do anything, and within a year I'm an administer of the software. So it's pretty good.

I would say go with it. Hands down, one of the best security platforms I've seen. Easy to use, ease to scale, huge visibility into your network. You just see everything and you see it easily. You don't have to go search for things.

The reporting feature is valuable.

We used it primarily for security logging of events. We created reports based on traffic awareness for security.

We would like to see a better base templates for reporting.

I've used it for six months.

The only issue we had was getting the Net Flow incorporated. However, that was issue was because of our implementation. Once we made a change it worked.

There were no issues with the stability.

We had no issues scaling it for our needs.

I'd rate customer service a 10/10.

I'd rate technical support a 10/10.

I've also used QRadar.

It was fairly straightforward.

LogRhythm's vendor team helped us set it up. The box was delivered and they helped us get the licensing in and the initial setup.

I would make sure you have Events Per Second set high enough for all of the events. This will cost a little more.

It will take time for fine tuning, expect for four months to fine tune it to exclude the false positives.

• Reporting - we need to do a lot of security monitoring
• It doesn't have a lot of forensics, but we appreciate fact that it has the capability
• The ability to collect a lot of information, as we have 200 users and a lot of log sources

The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.

Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.

You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.

The software needs to work on its pricing. 

I have been using the tool for five years. 

The product is very stable. I would rate its stability a nine out of ten. 

I would rate the tool's scalability a ten out of ten. 

The tool's support is good. They support us 24/7. 

Positive

The tool's setup is very straightforward. I would rate the tool's setup a ten out of ten. The tool's deployment depends on the use cases, environment, etc. The tool's deployment takes one month to complete. 

I would rate the tool's pricing around eight out of ten. 

I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting. 

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

I don't have metrics, but it has really improved the monitoring and alarming for us. 

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

It should have some more message monitoring features. It can also have some free message monitoring tools.

I have been using this solution for about two years.

It has been very stable. There are no major issues. It has been exactly doing what I expected it to do.

It has been very scalable in terms of adding new systems and stuff like that. It has been quite good.

We have plans to increase the usage of LogRhythm. We have some new solutions and new networks coming up. We might be looking to expand within the next two years to onboard new systems.

Technical support has been excellent so far. I never had any issues with technical support. Their support has been excellent.

I didn't use any other solution previously.

It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.

We have two administrators and two analysts. Four of us are managing the system.

It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that. 

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm.

I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

AI Engine

It's got intelligence. Does a lot of the heavy lifting, you can create custom AI rules. I'm looking forward to this CloudAI.

It definitely complements all of the other solutions we have. We can feed all the logs into our system, build dashboards that the products themselves cannot provide. For example, we have web filtering, their dashboards aren't so great for that product. But when we feed it into LogRhythm, we can build dashboards that really show us what we need to see.

Pretty scalable. We were on an HA setup. Got about 2000 messages per second. It's pretty scalable.

They're top-notch. Every time I call, there's somebody willing to pick up the phone, somebody willing to jump on a WebEx, so I have nothing but good things to say about LogRhythm. Compared to every other product we have, LogRhythm support is the best. Without a doubt.

I've used Symantec SIM, which wasn't so great. This is a real breath refresher, because it's more scalable, and I feel it's a better product overall.

The most important factor, for me, when selecting a solution is that it needs to be lightweight.

Advice I would give to a colleague at another company who is researching this sort of solution: Talk to me first.

Being able to have all our logs all in one place, so we can easily correlate across the environment.

It has definitely matured our security posture. Before we started using it heavily, all our products were compartmentalized within the department that used it. Now that we have a central point, we have been having more integration with different departments.

The challenges are being spread out and using some of the technology that we do use, which are not easily integrated into the SIEM. We have a lot of custom parsers and just trying to get our custom products and applications to integrate into the SIEM, that was our biggest challenge.

As far as building custom parsers, it's very configurable. I've had some experience building parsers with it so far, and the ones that we have built have been working fine. Support has been pretty awesome with helping get those working well.

Adding more integration for security products would be an improvement.

I have not had to scale it out too much yet. The environment was already set up when I came in. As far as the ability to scale out, I know it's there. I haven't had to put it to use though.

I have used their support a lot. It is really good support. I don't think I've opened a case yet that I haven't got a solution on, and it is usually pretty fast It's easy to reach the right person.

We had a previous solution, but I don't know who they were. I don't know why we switched. Compliance was our biggest driving factor to why we purchased LogRhythm.

I would not know. This was done before I came onboard.

It is a really good product with good support.

If someone is reaching the solution, I would advise them to reach out to users and try to visit LogRhythm's online presence to see what they have. The LogRhythm community has been a pretty good resource.

Having a unified end-to-end platform is very important.

Most important criteria when selecting a vendor: support for the product.