LogRhythm SIEM Reviews

The log aggregation is what we use it for.

We don’t have a lot of the reporting configured or the advanced analytics. When the time is right, we will we will make the most of these features.

We need to improve our internal training and use of it. We use it, but we don’t use it to its potential. It’s a very powerful and robust device and application. We don’t use it how we could.

I don’t have a lot of confidence in their support. The support is not first class. I am still working with them with follow ups with the numerous issues we have had. The appliance itself seems to be doing what it’s supposed to, but the support is lacking.

I've used it for six years.

We went through research of multiple products that were similar in nature and selected LogRhythm based on the ability to comply with regulations and the advanced features that it offered. It’s a really deep product and you can do a lot with it, but it just hasn't been realized.

It handles what we throw at it.

I have mixed feelings. We have had some issues with their internal support.

We lost our ability to access the support portal, and it took them around three weeks to resolve it. We had a new upgraded appliance implemented and professional services set it up. They failed to take all of the alerts and bring it to the new appliance.

We implemented it in-house.

The licensing has improved. It has gone down because it is no longer individual monitoring licensing, whereas before it was licensed per collection manager. They have given us decent pricing, they gave us credit for the old appliance.

I find that the ease of installation is a valuable part of the solution.

The consolidation of the logs and being able to manage the items we have coming in -- all in one product -- has really helped this company a lot.

The main area of improvement is that the client must be installed on the computer for all of the functions to work. So if the client doesn't have a customer in their system, they can’t use it.

I have been directly responsible for this install around two years. I worked with LogRhythm at another company for around three years.

We didn’t encounter any issues that were not fixable.

I can’t remember the last time it was down. It’s very stable.

The way it’s set up with agents, we can scale very well and if we need to we can just add more hardware to the system. The only limit is the hardware. We have been happy with it.

Very knowledgeable, though I wouldn’t say proactive. When you speak with technical support you don’t actual speak with someone: you leave a message, which I do not like, although they respond pretty quickly.

The scalability was the main reason for switching. You never know how much you may need and the ability to quickly adapt is great.

The ability to add something quickly is very important. It's more complete than a lot of products, such as Splunk, but you have to put in a lot of work.

With LogRhythm, security feeds and security alerts are just built in.

We did migrate recently and had help from LogRhythm.

I’d say we have an ROI. It helps us identity problems before they become issues.

Always plan for more logs than you think you have. Once you start collecting you will realize that you need more than you thought.

My relationship has been very good. When we updated our software we set up weekly meetings which really helped us with reporting. We don’t directly get in touch with support but when we do they solve our problems.

The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.

• Alerts to account usage errors.
• Reports of malware from the antivirus.
• Reports application errors presented in logs.

Daily alerts: These allow me to quickly find security and operational issues which need to be addressed.

More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced.

• Clarity of information
• Ease of deployment

The ability to provide insights and simplification for complex volumes of information.

The ability to customize certain features of the product.

I've used it for one year.

I find that the system is stable and handling our traffic very well.

The customer service teams is excellent and have they resolved anything we have thrown at them in a timely fashion.

The technical support team is excellent and have they resolved anything we have thrown at them in a timely fashion.

We do not have one yet, but we definitely foresee a ROI.

NextGen SIEM's best feature is how it presents logs. For example, the dashboard view is detachable from other things.

NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms. In the next release, I would like to see the network hierarchy diagram that QRadar offers.

I've been using LogRhythm NextGen SIEM for one year.

NextGen SIEM's performance is quite good.

NextGen SIEM is easy to scale.

I previously used QRadar SIEM.

The initial setup was simple, and it took two days to deploy.

NextGen SIEM's pricing is moderate. There are additional costs for different applications.

I would recommend NextGen SIEM to other users as it is a leading solution with new features at a better price than competitors like Splunk and QRadar.

It's given us more insight into the traffic patterns that we see.

The dashboards and the AI Engine.

Mostly they should just expand on the features that are already there. More pre-built parsers, more pre-built AI rules, more dashboard widgets that we can put to use.

I would say scalability is very good.

Mostly very good. We have had some issues that have taken a long time to resolve, various technical issues that have taken longer to resolve than we desire.

The criteria that we look when selecting a vendor are usually support, and being and end-to-end solution, that is very important too.

I gave it a nine out of 10 overall because we have had some support issues that haven't been resolved quickly enough but, other than that, I've been very happy with the product.

If a colleague was researching this and other popular SIEM tools, I would say for the most part I'm very happy with it. I would advise them to schedule a demo and see if it meets their needs.

Compliance. It's the main focus of the solution, and that is what we've been doing: logging, monitoring, and alerting.

We keep an eye on all the events which actually are configured as an alert. This keeps us on compliant for compliance purposes.

Our key challenge and goal is maintaining a secure infrastructure. We are a power electric company, so we are trying to be as secure as we can.

It is a very good solution. It is very robust. It is very extensive. We're trying to go into the minimum requirements for compliance purposes, but I would like to start implementing more for administration purposes and security.

• More seminars.
• Reporting: A reporting tool would be good for us, especially if we have better knowledge of them.

It is very stable once it is configured. We have not had any downtime.

The scalability is very powerful. Our network is not very big, but we can configure it so we can always be up and running with redundancy. It's a great solution.

It is a great experience all the time working with them. They are very useful, if they don't have the answer, they find the people that have the answer.

On the last upgrade, I was part of the group to implement it. We did have some challenges, because the previous deployment was not configured right, then we did the implementation and it was very straightforward.

Alert Logic, but the laws were going outside of the company, so we want to keep it inside for security purposes.

LogRhythm was the best solution that we could find.

We have LogRhythm in place and it's been working well for us.

It's a great solution but training will be a big key on the implementation. We can troubleshoot it and get the technical support, but it always being very good to have technical training on LogRhythm.