Logpoint offers a robust SIEM system tailored for compliance with regulations like PCI DSS and GDPR, enhancing security monitoring and enabling efficient incident response.
| Product | Mindshare (%) |
|---|---|
| Logpoint | 1.2% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 86.2% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Logpoint vs Splunk Enterprise Security | Jun 23, 2026 | Download |
| Comparison | Logpoint vs IBM Security QRadar | Jun 23, 2026 | Download |
| Comparison | Logpoint vs Wazuh | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 140 interviewsAdd to research |
| Cortex XDR by Palo Alto Networks | 4.2 | N/A | 96% | 112 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 14 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 114 |
| Midsize Enterprise | 58 |
| Large Enterprise | 90 |
Logpoint strengthens cybersecurity by offering essential tools for log collection, security monitoring, and forensic analysis. Its features include an intuitive dashboard, a powerful correlation engine, and extensive third-party integrations, making it a versatile asset for security operations centers. Despite its advantages, areas for improvement include ransomware protection, cloud-native deployment, and more flexible pricing. Improvements in features like SOAR and UEBA functionality can boost its competitiveness.
What are the most important features of Logpoint?Many organizations utilize Logpoint across industries as part of their security infrastructure. It supports standard compliance, orchestrating incident responses and security threat monitoring. Logpoint empowers businesses by integrating and correlating security data, improving cybersecurity posture in varied environments.
AP Pension, Copenhagen Airports, KMD, Terma, DISA, Danish Crown, Durham City Council, Game, TopDanmark, Lahti Energia, Energi Midt, Synoptik, Eissmann Group Automotive, Aligro, CG50...
| Author info | Rating | Review Summary |
|---|---|---|
| System Engineer at Corporate Projukti Limited | 5.0 | I found Logpoint more suitable due to its included features, reasonable pricing, and better local support, while Exabeam lacked responsiveness and key integrations like EDR, though its AI-driven UEBA and SOAR offerings are more advanced. |
| Cyber Security Analyst at Pacific Propeller | 4.0 | We use Logpoint as our SIEM solution with valuable UEBA and SOAR components, crucial for monitoring at the device level. We encountered issues with their support due to operations relocating to Denmark, leading us to switch providers. |
| CEO at a tech consulting company with 1-10 employees | 3.5 | I primarily use Logpoint for logging and log storage, focusing on correlating multiple events for security management. However, it should be cloud-native and feature compliance mapping. I prefer Microsoft Sentinel based on price and interoperability. |
| Head of Professional Services at NiyoSecure | 4.0 | We use Logpoint in our security operations center to tailor cybersecurity solutions for clients. Its strong third-party SIEM integrations streamline initial setup, though improvements are needed in documentation, threat intelligence, and incident response capabilities for better support and recovery. |
| Security Manager at a tech vendor with 10,001+ employees | 3.5 | I primarily used LogPoint for compliance reporting, appreciating its ease of use and long-term stability. While it delivered reports, we faced memory issues, and it's being decommissioned as we transition to cloud solutions. |
| SOC Analyst at a comms service provider with 201-500 employees | 2.0 | I used LogPoint for data aggregation and custom use cases but preferred LogRhythm for its user-friendly UI and handling of multiple log types. Despite LogPoint's cost-effectiveness and dashboards, its interface and log processing capabilities need improvement. |
| Chief Infrastructure & Security Office at a financial services firm with 51-200 employees | 4.0 | I value LogPoint as a stable, fixed-cost log repository for forensic analysis, praising its comprehensive collection and parsing for structured logs. While quick to implement, parsing free-form logs and advanced reporting are areas for improvement. |
| Cyber Security Engineer at IshanTech (M) Sdn Bhd | 4.0 | <p>I use Logpoint for R&D, finding it user-friendly but lacking flexibility with poor documentation. I rate its stability 7/10, scalability 9/10, and overall value an 8/10.</p> |
| Senior Information Security Specialist at Growth Arbor | 3.5 | We used LogPoint to help clients track unauthorized access to critical financial documents. Its user interface and integration are excellent, but the solution requires improvement in agent installation and guides for ease of use. LogPoint offers cost efficiency. |
| Project Manager at a comms service provider with 51-200 employees | 4.0 | I primarily used Logpoint for triage, log collection, and security analysis. The user-friendly integration with a powerful query engine was beneficial, though the graphical user interface needed improvement. My experience was limited as I didn't fully utilize its capabilities. |
I had experience with Logpoint before, and I contacted the Exabeam solution, but there was no response; they did not contact me. Bangladesh already has a Logpoint distributor.
In terms of compliance management capabilities, compliance management is the same, overall.
The analytics feature, which is missing in Exabeam, needs improvement; two features are missing. Endpoint security EDR is not included; a third party is included here, and the Exabeam solution did not discuss this integration.
The most valuable feature, which is endpoint security, is included in Logpoint, and an extra feature is the integration. That's what is missing in the Exabeam solution. One license includes Logpoint support, UEBA, but otherwise, Exabeam has different licenses to include.
The two extra features are in Logpoint, so overall, Exabeam and Logpoint are the same, but Logpoint has these two extra features.
Exabeam's advantage is its AI-driven network AI; this AI feature is available, and Exabeam is powerful.
Everything is satisfactory with the customizable dashboards in Logpoint.
I selected Logpoint for the pricing as it is reasonable.
I am located in Bangladesh, South Asia, Dhaka. I have tried to contact Exabeam by mail repeatedly, but there has been no response. My company, Corporate Projukti Limited, including my Bangladesh area head, technical director, and team manager, have sent emails to contact Exabeam solution, but there is no response. There is already a distributor in Bangladesh.
The weakness with Logpoint is UEBA. UEBA is recommended, but not extra. Exabeam's UEBA is an extra feature. SOAR is extra, but Logpoint's product measurement is 40 or 50. There is a 10% difference with the UEBA and SOAR, so Logpoint is weak there.
I would appreciate extra features in Logpoint such as SOAR. SOAR and UEBA are included features in Logpoint. Logpoint's UEBA is a weak point, while Exabeam's UEBA has extra AI through automation. Exabeam has a license included, and the extra license is an add-on. In Logpoint, it is included, which makes it a weak point.
I have two years of experience working with SIEM solutions in my company, Corporate Projukti Limited.
I recommend a submission to Logpoint because I worked with it before.
We are already connected; I filled out an application form to be a partner of Logpoint. We recently contacted them, but Exabeam did not contact me. For Exabeam, I filled out an application form for a partner, but there was no contact or response.
I work from Bangladesh, in the Dhaka region.
Neutral
I visited PeerSpot and researched Exabeam and Logpoint.
In terms of cost efficiency, Logpoint is better, which means Logpoint has cost efficiency, and Exabeam's cost is higher.
Exabeam and Logpoint is a standard submission of bank work, and I suggest the bank product that is the standard. Logpoint has an extra feature for analysis. The best product is a standard submission and is the most correlated to the product.
I use the analysis for Logpoint, which I remember as the best. This is a tender.
Logpoint's pricing is reasonable compared to Exabeam, and it is cost-efficient.
The analytics feature, which is missing in Exabeam, needs improvement; two features are missing. Endpoint security EDR is not included; a third party is included here, and the Exabeam solution did not discuss this integration.
The Bangladesh culture includes local training sessions, so Logpoint is the best here.
I rate Logpoint ten out of ten.
Logpoint is our SIEM subscription with UEBA, and it has additional features integrated into the platform. We are a DOD contractor and need a tool that can integrate and correlate our security-related data from various sources.
The UEBA component, as well as the SOAR component, are some of the most valuable features of Logpoint. The UEBA enables us to monitor at the device level, and SOAR provides playbooks and templates that we can modify and incorporate into the platform. This capability is highly useful for our organization.
They are not in the US market, and the quality of support has declined. They migrated operations from Boston to Denmark, and we cannot use a tool hosted outside the country.
Additionally, dealing with foreign entities for support was a challenge, leading us to switch providers due to lack of adequate support.
I have used the solution for three years.
The solution is stable, and I would rate its stability as eight out of ten.
The solution is scalable. It is web-based and accommodates the expansion of our organization. It is as flexible as a buffet, allowing for 'all you can eat.'
Logpoint is not a mainstream platform known within the DOD community. Logpoint's customer support is not sufficient with only one engineer in the US. It is essential to have knowledgeable support, which unfortunately declined after they lost key engineers.
Negative
The initial setup was complex. It involves integrating three components: the SIEM platform, UEBA, and SOAR. With multiple locations, it can be challenging.
We used an external IT company for the installation, and a few people from our side also assisted.
Logpoint enabled us to comply with DOD contract requirements, which was crucial for our operations.
The pricing is reasonable. The costs are charged on a yearly basis, however, I do not want to disclose exact figures.
We evaluated SecureNix, One Identity, and IBM. Logpoint provided the granularity needed for monitoring individual user workstations at an acceptable price point.
I would not recommend Logpoint to US companies due to its lack of a US-based market focus. The platform offers necessary compliance at a reasonable price for European companies.
rate the overall solution an eight on a scale of one to ten.
Positive
We have a security operations center, and we tailor the use cases to our customer's specific requirements. The majority of use cases focus on protecting against cybersecurity attacks, increasing cybersecurity posture, and defending against security threats.
The specific use cases depend on the customer's environment. For example, if the customer has a Windows-based solution, we focus on Windows-based use cases. If there are other applications and operating systems, we select relevant use cases accordingly.
Many features enhance the incident response capabilities. Logpoint has an agent, Agent X, which is a kind of EDR that doesn't have its own response capability. The response capability has to come from the central software, the Logpoint SIEM solution.
However, the agent is capable of executing commands at the user endpoint. That is one thing that enhances the sole capability. The good thing about Logpoint is that it has a built-in SOAR. When our customers purchase Logpoint, they also get a SOAR license. In our case, we see that the SOAR part is very helpful when we create playbooks for any kind of response or incident responses. We get a lot of support from Logpoint to come up with the actual response patterns, response sequences, and all those instances. Along with Agent X, we can execute it very effectively.
The more important thing is the investigation part. Logpoint has integration with some IOCs, which is an easy thing and helps us with a lot of cases. The integration bits, such as threat intelligence or the recorded feature application, give us a good capability to identify threats and come up with proper solutions.
The recorded feature is an integration, which is a natural integration or which is by default, already integrated with the product. It's also giving us a good kind of capability to respond to incidents as well.
The integrations with third-party SIEMs are good. There are roughly 800 to 1000 integrations available with various security products and applications. These integrations act as add-ons to our system.
Once we upload the plugins, we get all the dashboards and alarms, and the instances are preconfigured. This is helpful when onboarding customers.
We identify the services they're running, download the corresponding plugins from LogPoint, and install them, significantly reducing our initial startup time.
The documentation part is something that needs to be improved, as well as the threat intelligence investigation part.
Logpoint has a kind of site to describe what kinds of threats they are investigating. But that, I think, maybe Logpoint can improve more. The threat investigations and reporting to the end-users can be improved.
Logpoint can also come up with IR [incident response] capabilities. Other important SIEM solutions have some IR services. If I am an MSSP working with LogPoint for SIEM/SOAR solutions and I need immediate support, I should be able to get some support. It can be paid support, like SecureWorks, which has those kinds of functionalities. They will immediately get in and start working on helping us identify the threats, isolate them, and give us remedies to take care of and recover from any kind of attacks. Whereas in LogPoint, that functionality is missing. We will be on our own if something happens. We will get other support from them, but there's no paid support before taking ownership and helping us recover from those kinds of attacks.
They have a kind of integration for AI, but the incident response capability is what they should improve.
I have been using it for two years. We are currently at version 7.8, the latest one.
I would rate the stability level of LogPoint an eight out of ten. It definitely has a lot of dependencies on the customer's cluster server and VMs.
On the software side:
I have had some situations where the system would not come up by default.
We had to manually intervene and do some configurations to clean the system up. But the procedures are known, and it is not very difficult. I think the newer versions are improving and becoming easier to use.
In my experience with medium-sized operations, LogPoint's scalability is excellent, so I would rate it a ten out of ten. It is highly scalable. Scalability is not an issue.
The scalability is really good. First of all, LogPoint is an appliance, not hardware. So, on the hardware side, it depends on the customer. If the customer has a VMware infrastructure, the hardware scalability is endless. They can put whatever they want.
Architecture-wise, LogPoint is architected in a way that scalability is not an issue. I haven't deployed LogPoint for more than 12 locations, but the architecture seems to provide any kind of scalability.
Customer Base
We currently have eight customers using LogPoint through our MSSP model and three customers with on-site implementations. Most of them are medium-sized, with a few small-sized businesses. We do not have any enterprise customers yet.
Suitability for Different Business Sizes
While my experience so far is mainly with medium and small businesses, it doesn't mean that LogPoint cannot work for enterprises. However, enterprises would require the kind of support they are looking for, such as IR capabilities and better technical support. I think the quality of the technical support team needs improvement when it comes to enterprise deployments.
The technical support team needs improvement when it comes to enterprise deployments.
Neutral
It's fairly easy for us to implement it. The initial implementation and initial configurations are easy. There are a lot of out-of-the-box alerts. You can just look through that, and depending on our client's infrastructure, we can immediately enable some of the alerts, and the system will start working. So the out-of-the-box capabilities of Logpoint are very good.
I would rate my experience with the initial setup a nine out of ten, with ten being easy and one being difficult.
Deployment model:
My customers have on-premises solutions, and also, when it comes to the cloud, it is an MSSP kind of model. I haven't used any Logpoint cloud version, meaning the one hosted by LogPoint. But we have our security operation center where we have a centralized deployment of LogPoint, which our customers can subscribe to.
Deployment time:
For an all-in-one kind of implementation, it will take a maximum of one day. Again, I'm not talking about onboarding devices. Onboarding devices depend on different kinds of devices. However, the basic setup for LogPoint can be finished within a day, and then we can be ready to onboard devices.
Deployment process/steps:
Initially, we will try to find out whether the client wants an all-in-one kind of deployment, a distributed deployment, or an MSSP model of deployment. In our case, most of them will be going for an MSSP-based kind of deployment.
Then, our main job is to identify the collector for the client's location. We will also see whether it's going to be a distributed collector or a centralized one. After deploying the collector, we will see how many kinds of processes we need to configure, based on the type of devices and logs generated from different devices.
Depending on the log types, we will decide how many kinds of processes we need to configure. Depending on their knowledge and policies, we will also ask about the amount of storage needed on different LogPoint collectors.
Centralized Deployment (if applicable): If it is a centralized kind of deployment, we will integrate with our Logpoint Director, which is sitting in our SOC. We will integrate with that and start monitoring from our SOC, meaning we will start analyzing their logs from the central collector or the central director installed in our office.
On a scale of one to ten, where one is cheap, and ten is expensive, I would rate LogPoint's pricing a seven. It is not very expensive compared to some of the more costly products, and it is not very cheap compared to some of the cheaper products in the SIEM market.
In the Middle East (Dubai), where I work, LogPoint is willing to give better prices to attract customers. So, there are places where customers are not very price-sensitive and are okay to pay the price. They are slightly flexible on the pricing part.
Overall, I would rate LogPoint an eight out of ten.
I would say that if you want to start with a SIEM solution without having too much knowledge and don't want to spend too much time on day-to-day work, LogPoint would be an easy tool. The out-of-the-box capabilities are really good. It has lots of material insight that you can immediately start monitoring. However, to make it very effective with very few false positives and false negatives, it will take some time.
For organizations (initial startups) that don't have too many security people and want to immediately start monitoring the system and start doing some kind of responses, LogPoint is going to be a good solution.
Plus, on the pricing side, LogPoint's pricing is based on the number of log sources, not on events per second (EPS). This gives customers a good way to budget their expenses for the next year. They know that if they have a certain number of devices, this is the amount of money they are going to spend, whereas with EPS, you never know. EPS might go high, and their renewal prices will really go high. So that way, the pricing part is also good with LogPoint's log source-based pricing.
The out-of-the-box capabilities are very good, so you can immediately start showing something on the screen and working on it. The technical team is very cooperative to get any kind of support that we need. But, the quality of the technical support team needs some improvement.
The main purpose was for compliance reasons because the pension funds need to comply with the Dutch Federal Bank rules. So, most of the use cases were much more focused on the separation of duties, privilege escalation, and access to sensitive data.
We were not using it as an active, real-time monitoring tool. The group of people looking after security was very small, and there were only daytime operations. So, the focus was not to look after external breaches, attacks, etc. That's the main reason why the responsibility of security monitoring was not ours anymore. Accountability and responsibility had shifted from the internal organization to a contracting firm.
The most beneficial was being able to prove, with proper reports, that from a compliance perspective, the company is in control. The service part of LogPoint did modifications or did some additional work to have the proper reports defined.
The ease of use is valuable. Also, especially when the projects started, the ability to integrate with the iSeries data was also valuable because that was a request. This functionality is not mandatory anymore because we moved from this platform.
One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues.
A challenge for every SIEM platform is when new series or devices are coming on the market, you need time to implement, but we are not facing this issue because this system is going to be decommissioned. We are not looking for enhancement or integrations.
In general, if customers are looking for new things, there could be much more with advanced threat diagnostics, AE based. There are a lot of features that the next-generation SIEM tools can have, such as automated remediation technologies. There's a whole list of features that you can think about, but in our case, we're not looking for that. We were not using it as a cybersecurity SIEM project. It was much more from a compliance reporting perspective.
It has been there in the company for more than six or seven years.
In seven years of operating it, we never had hiccups.
In our situation, it has been scalable. We didn't have a huge infrastructure. So, we didn't face limitations, but we are not representative of a large enterprise. There were only three people using the application. They were pure admins and the CSO.
Its usage is going to decrease. Until last year, I was a CSO of a company using that. Even last year, we enhanced the environment with a couple of use cases. They're still using it. They were probably one of the first customers in the Netherlands to use it. It is still in use, but some of their internal applications are going to be stopped because they are moving to a SaaS solution for their major ERP system. So, the focus is moving, and in two years' time, they will stop using the on-premise software and look for maybe an Azure solution or Microsoft Cloud Security solution.
The initial system was on an AS/400 or iSeries IBM. With the old software, they migrated to a SaaS solution. That means that the number of internal developers has completely decreased to a small number. There are more functional people today. The strategy of the company is no-own software development. The major ERP system is already fully running in SaaS for the last two years. So, there are fewer and fewer systems connected to the SIEM. I believe the strategy is to stop when the licenses are going to be finished. In general, they're buying them every two years, and the next year, when the software is at the end of its financial life, they will make a switch and move to the cloud to the Microsoft solution, especially because everybody is running Office 365. There are some other solutions also running from Microsoft, and there is no real reason anymore to have a very in-depth on-premise SIEM solution because there is less IT now in-house than before.
When we had issues, the tickets were picked up quite rapidly, and we got solutions from the vendor itself. So, from the support perspective, they have been pretty good. I would rate them a four out of five.
Positive
That was the first SIEM solution.
It was average. LogPoint is not as complex as some of the other more complex products, such as ArcSight and enVision. I would rate its initial setup a seven out of ten in terms of ease.
It took about six months with fine-tuning, et cetera. We had to bring it live and have all the angles corrected. It was up and running in a couple of weeks, but of course, it takes some time for specific development for the use case that we needed.
The vendor itself was engaged. We had our team, and the vendor also brought people in.
The maintenance is done partially by the operators, and that's a very small task.
It was on a yearly basis at about $100K. It was not a huge environment. We were running it on our own virtual server environment, which, of course, had a cost. There was hardware and some energy cost, and then there were Microsoft Windows licenses for servers. That's all, but there was nothing in comparison to the licensing costs.
I was not there at that moment, but they went to shortlist three other vendors. I didn't remember the names.
Knowing the market in 2022, I will not suggest on-premise implementations.
I would rate it a 7 out of 10. It is doing its job, but there is always room for improvement.
I'm using LogPoint as a commercial product. My company uses LogPoint for data aggregation, which is also used for creating custom use cases based on organizational leads. Then, my company triggers and escalates to the IT team responsible for solving loopholes and problems seen via LogPoint.
What I like best about LogPoint is its cost-effectiveness compared to other solutions.
LogPoint also has better dashboards which I find valuable. I also like that you can create use cases based on your assets. For example, if you have some servers. DMZs, or different types of servers, such as core banking servers, you can apply the use cases to the targeted groups or the whole system.
What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated. For example, it lacks color. IBM QRadar and LogRhythm have better UI than LogPoint. The solution needs a custom dashboard feature to make it better.
LogPoint also needs to improve its network hierarchy diagram. You can't create the whole network diagram if you have the entire subnet system of your server form or your DMZs. This means that in LogPoint, it's pretty difficult to visualize the network hierarchy diagrams, so this is another area for improvement in the solution.
Handling multiple types of logs also has room for improvement in LogPoint. Sometimes, it discards logs, and it has difficulty processing various logs.
An additional feature I'd like the product to have in its next release is the multiple log processing feature.
I've used LogPoint for two years, but the last time I used the solution was more than six months ago.
There were some glitches in LogPoint, so it wasn't as stable. For example, if we exceed our EPS, or if there are data not normalized by the editor, or logs generated by assets that LogPoint doesn't normalize, those logs won't be processed.
LogPoint can't handle multiple types of logs. For example, for IAS servers that generate various kinds of logs, such as system and security logs, at some point, LogPoint still needs to manage and understand the different logs. Sometimes, the solution discards the logs. This is why we moved to LogRhytm.
I opened some tickets with LogPoint support when I was still using the product. It was easy to open tickets and connect with the LogPoint support team. The higher level team, the L2 group, was quite competitive, but the lower level team, the L1, needed work because the L1 staff sometimes failed to understand my problems with LogPoint.
The L1 support team usually escalates the issues to the L2 support team, so the level of escalations in LogPoint is higher than in IBM QRadar.
The IBM QRadar L1 team is more competitive than the LogPoint L1 team.
I feel that LogPoint has outsourced L1 issues. That should be done in-house.
On a scale of one to five, I rate LogPoint technical support as two.
I've suspended using LogPoint because I shifted to LogRhythm. I'm now using LogRhythm because it's more user-friendly with a better UI than what LogPoint has. LogPoint also can't handle multiple log types. Though LogPoint is cost-friendly, LogRhythm provides features that both LogPoint and IBM QRadar and other solutions can't offer.
The initial setup for LogPoint is pretty straightforward. It's relatively easy to learn and understand, especially for small organizations. I belong to a small organization that can't afford more expensive products. You won't see LogPoint in review site scoreboards, for example, in Gartner, and the product isn't found under Leaders and Visionaries, but it's still quite effective. It's comparable to going for open-source systems.
Deploying LogPoint was relatively easy. I've been deploying it for a long time. The process is easy, but it's based on how many systems you need to connect to LogPoint. For example, my company has more than fifty assets that need to be integrated with LogPoint, so that could take some time, though the deployment process is much easier. I was able to deploy it within one hour, though.
LogPoint was implemented in-house. I also did some of the implementations, which was relatively easy.
My company used to pay for LogPoint costs annually. It's a cost-effective solution.
I'm not part of the Finance team, though, so I'm not sure exactly what the licensing fee is or what license my company had.
I've evaluated IBM QRadar and LogRhythm.
I have experience with IBM QRadar for more than three years. I also have experience with LogPoint. I've used LogRhythm as well for more than two years now.
My company is a partner of LogPoint, but first, it was a vendor, then it became a partner that collectively collaborated with LogPoint, recommending LogPoint seminars to customers.
Fifty percent of people in the organization use LogPoint, mostly security engineers. One person can handle the maintenance for LogPoint, specifically for a small organization.
As I've not used LogPoint in the last four to six months, I'm no longer updated on what changes were made to the product. If LogPoint works much better for you, then I'd recommend it. Still, if you're considering the product commercially, it's better to go with another solution that works better, with fewer issues, at least from a smaller organization standpoint.
My rating for LogPoint is four out of ten. I didn't give it a higher mark because it needs to improve in several areas, including the GUI, network hierarchy diagrams, and log optimization.
We use it as a repository of most of the logs that are created within our office systems. It is mostly used for forensic purposes. If there is an investigation, we go look for the logs. We find those logs in LogPoint, and then we use them for further analysis.
We have close to 33 different sources of logs, and we were able to onboard most of them in less than three months. Its adoption is very quick, and once you have the logs in there, the ability to search for things is very good.
It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them.
The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast.
Its reporting could be significantly improved. They have very good reports, but the ability to create ad-hoc reports can be improved significantly.
I have been using this solution for three years.
It has been stable, and I haven't had any issues with it.
There are no issues there. However much free space I give it, it'll work well.
It is being used by only two people: me and another security engineer. We go and look at the logs. We are collecting most of the information from the firm through this. If we were to grow, we'll make it grow with us, but right now, we don't have any plans to expand its usage.
Their support is good. If you call them for help, they'll give you help. They have a very good set of engineers to help you with onboarding or the setup process. You can consult them when you have a challenge or a question. They are very good with the setup and follow-up. What happens afterward is a whole different story because if you have to escalate internally, you can get in trouble. So, their initial support is very good, but their advanced support is a little more challenging.
I used a product called Logtrust, which is now called Devo. I switched because I had to get a consultant every time I had to do something in the system. It required a level of expertise. The system wasn't built for a mere human to use. It was very advanced, but it required consultancy in order to get it working. There are a lot of things that they claim to be simple, but at the end of the day, you have to have them do the work, and I don't like that. I want to be able to do the work myself. With LogPoint, I'm able to do most of the work myself.
It is very simple. There is a virtual machine that you download, and this virtual machine has everything in it. There is nothing for you to really do. You just download and install it, and once you have the machine up and running, you're good to go.
The implementation took three months. I had a complete listing of my log sources, so I just went down the list. I started with the most important logs, such as DNS, DHCP, Active Directory, and then I went down from there. We have 33 sources being collected currently.
I did it on my own. I also take care of its maintenance.
It is not easy to calculate ROI on such a solution. The ROI is in terms of having the ability to find what you need in your logs quickly and being confident that you're not going to lose your logs and you can really search for things. It is the assurance that you can get that information when you need it. If you don't have it, you're in a trouble. If you are compromised, then you have a problem. It is hard to measure the cost of these things.
As compared to other systems, I'm getting a good value for the money. I'm not paying a variable cost. I have a pretty predictable cost model, and if I need to grow, it is all up to me for the resources that I put, not to them. That's a really good model, and I like it.
It has a fixed price, which is what I like about LogPoint. I bought the system and paid for it, and I pay maintenance. It is not a consumption model. Most SIEMs or most of the log management systems are consumption-based, which means that you pay for how many logs you have in the system. That's a real problem because logs can grow very quickly in different circumstances, and when you have a variable price model, you never know what you're going to pay. Splunk is notoriously expensive for that reason. If you use Splunk or QRadar, it becomes expensive because there are not just the logs; you also have to parse the logs and create indexes. Those indexes can be very expensive in terms of space. Therefore, if they charge you by this space, you can end up paying a significant amount of money. It can be more than what you expect to pay. I like the fact that LogPoint has a fixed cost. I know what I'm going to pay on a yearly basis. I pay that, and I pay the maintenance, and I just make it work.
I had Logtrust, and I looked at AlienVault, Splunk, and IBM QRadar. Splunk was too expensive, and QRadar was too complex. AlienVault was very good and very close to LogPoint. I almost went to AlienVault, but its cost turned out to be significantly higher than LogPoint, so I ended up going for LogPoint because it was a better cost proposition for me.
It depends on what you're looking for. If you really want a full-blown SIEM with all the functionality and all the correlation analysis, you might be able to find products that have more sophisticated correlations, etc. If you just want to keep your logs and be able to find information quickly within your systems, LogPoint is more than capable. It is a good cost proposition, and it works extremely well and very fast.
I would rate it an eight out of 10. It is a good cost proposition. It is a good value. It has all the functionality for what I wanted, which is my log management. I'm not using a lot of the feature sets that are very advanced. I don't need them, so I can't judge it based on those, but for my needs, it is an eight for sure.
I use the product for my research and development to enhance my work. We are transitioning to a new technology, and Logpoint has proven valuable for my purposes.
The solution is user-friendly.
Logpoint is not flexible. Its documentation is not user-friendly.
I have been working with the product for six months.
I rate Logpoint's stability a seven out of ten.
I rate the tool's scalability a nine out of ten.
I rate the tool's deployment an eight out of ten.
I rate Logpoint an eight out of ten.
We used the solution to help our clients protect their environment by identifying users and the tools they access. Multiple users in our client's admin and HR departments were accessing critical financial documents. Our clients could not stop them from accessing these documents. So they wanted data on which users were accessing the files.
The solution's user interface is quite simple, and the integration is better than other products. The product is easier to work with when compared to open-source tools like Wazuh. The solution’s dashboard is exceptional. LogPoint is much easier to use than LogRhythm. LogPoint is cost-efficient.
The solution must improve its agent installation method, in which we must manually update IP addresses and codes. Most of our employees must install agents to integrate their systems into LogPoint. LogPoint must find a way to integrate the servers without agents.
The solution must improve its user and installation guides so anyone with basic knowledge can install and configure it.
I have been using the solution for three years.
The stability is quite good. I didn’t notice any issues with the solution. I rate the stability a seven out of ten.
I rate the scalability of the solution an eight out of ten. We have two large enterprise and two medium enterprise customers.
The support provided by the solution for Asia is marvelous. The support is always active, and they respond within an hour.
Positive
The initial setup was a little bit complex. However, it is not complex for users with experience using the solution. I rate the initial setup a six out of ten.
It takes us six to seven days to deploy around 500 nodes. The deployment process depends on the logs of the employees.
The solution’s pricing is competitive. I rate the pricing a seven out of ten.
Integrations can be done using CSV files. My team is currently working on LogRhythm. The integration of LogRhythm is quite complicated. Most of the issues we faced while working on the solution were due to the customer’s system. Overall, I rate the solution a seven out of ten.
The main use cases were triage and log collection and security analysis of any logs.
I didn't fully work on the SIEM and used it to its full potential so my experience was quite limited.
The version I used was 7.13.
The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface. The query language and the query engine are very powerful.
Recently, a new version seemed to have come out, and it has a new graphical user interface. When I was integrating it, it was usable, but the GUI needed improvement.
I used it for three months.
There were some problems, but they already provided a solution. Adding more RAM or CPUs solved the problem. It was quite stable and less demanding than other solutions.
It's quite scalable, but I'm not sure to which extent. We already had all our devices integrated, so I don't know about scaling it up and down.
I'd rate it an eight out of ten in terms of the ease of setup. We implemented it in a few weeks, but it took time to normalize and pass all the logs. It took a few weeks to set up things. In a few months, we had a fully exploitable solution.
It's less expensive than the competitors. The LogPoint marketing team is very accommodating and client-friendly. They offer very good reductions in price. They are pretty good in this aspect. They are transparent in their licensing and pricing.
I'd rate LogPoint a seven out of ten. I haven't used many SIEM solutions, so I can't compare it with them, but it was good.
