We performed a comparison between LogRhythm SIEM and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"Provides visibility into the network."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"The initial setup is pretty easy."
"The content in the community is very helpful and useful for new users."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"It makes everything easier by automating some tasks and growing with our needs."
"The tool is simple to use."
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"I would really like to see some type of group or global management for RIM policies,"
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"We've had issues with scaling and local support."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"I would like a more fuller implementation of STIX/TAXII so I can pull in some of the government lists without having to go implement a whole new STIX/TAXII platform."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"It is an ancient product."
"The solution does not allow outsourced authorizations."
"There is no integration in the web-side of the tool."
"I rate Sentinel a six out of ten for scalability."
"I would like to see a better reporting work structure on the dashboard."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Sentinel is ranked 16th in Security Information and Event Management (SIEM) with 15 reviews. LogRhythm SIEM is rated 8.4, while Sentinel is rated 7.6. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel, whereas Sentinel is most compared with IBM Security QRadar, Splunk Enterprise Security, Google Chronicle Suite, Wazuh and Rapid7 InsightIDR. See our LogRhythm SIEM vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.