We performed a comparison between LogRhythm SIEM and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The initial setup is very simple and straightforward."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"The initial setup is pretty easy."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"The most valuable features would be the automation, reporting, and the support."
"The initial setup was not complex."
"Like other common Linux distributions, some of the most valuable features of this solution are the ease of use and deployment. It's simple and has a lot of packages and a lot of software."
"They've already added extra features, such as noise-canceling and facial recognition, which is great."
"It's a very reliable platform and we've never had any issues regarding the scalability or the stability of Zabbix."
"It has improved our server performance monitoring overall. We know right away when there are problems. It has built-in statistics, so we can go back and see if there's spiking. We can check what's happening every day around the same time and check the configuration to see if there's something that's running and needs to be fixed."
"The solution allows for good integration with other products."
"We use Zabbix to monitor our organization's IT infrastructure and workstations. We don't use Microsoft Intune since it's expensive. The tool's real-time alerting system has proved crucial for us, particularly when a new device joins a network that is not one of our own devices. It notifies us about the presence of this new device, allowing us to investigate further. Additionally, it alerts us about disk usage, memory usage, and the software installed on the machine."
"Zabbix is very easy to implement."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"We are invoiced according to the amount of data generated within each log."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"I would like to see more integration with more products that are out there within the same security field."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"The software needs to work on its pricing."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."
"Look and feel."
"The networking monitor is not too easy to work with."
"Even though it’s such a powerful monitoring system, it would be more helpful if it had a flexible UI."
"In the next release, I'm hoping for features targeted towards larger users with more customizable options. Despite this, I think pre-canned reports that can be used straight out of the box would be beneficial rather than having to configure each report individually. Additionally, a deeper dive into software configurations on the machines would be useful, although I understand there may be challenges in implementing this due to scripting requirements. More documentation would also be appreciated."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"The reports are not great and should be improved."
"The documentation gets a bit messy between versions and is not too detailed, which is a bit painful for first-timers, especially when they run into issues."
"We had some scalability issues with a large number of nodes."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Zabbix is ranked 1st in Network Monitoring Software with 101 reviews. LogRhythm SIEM is rated 8.4, while Zabbix is rated 8.2. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
