Try our new research platform with insights from 80,000+ expert users

ArcSight Logger vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 9, 2024
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
28th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
31
Ranking in other categories
No ranking in other categories
LogRhythm SIEM
Ranking in Log Management
10th
Average Rating
8.4
Reviews Sentiment
6.7
Number of Reviews
172
Ranking in other categories
Security Information and Event Management (SIEM) (7th)
 

Mindshare comparison

As of December 2024, in the Log Management category, the mindshare of ArcSight Logger is 0.9%, down from 1.4% compared to the previous year. The mindshare of LogRhythm SIEM is 2.5%, down from 3.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Geraldo Freitas - PeerSpot reviewer
Enhances our security incident investigation but not good for correlation
Investigation is good when you know what you want to search for in Logger. The most difficult part is parsing the logs and configuring the parsers. For investigation, it's good. For correlation, it's not good. We use Sentinel, and Sentinel has pre-built use cases that are much easier to configure. So, it enhances our security incident investigation. We have inbound integration, but configuring the parsers is sometimes very difficult. We only have two use cases where we have a correlation set up. We send the information to Check Point to block IP addresses when we see a lot of blocks from the same source. We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist. So, it offers the ease of integration.
Joseph W. - PeerSpot reviewer
Has pre-built pieces for third party vendors and does not take a long time to implement
One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us. We use the Event Log Filtering feature a lot. We use it for simple troubleshooting tasks like when a user is logged out, to more important tasks like trying to investigate a threat. As far as its effect on productivity, we can go and search instead of trying to troubleshoot and guess what is causing an error. We can identify what the program is or where the hiccup is. LogRhythm helped us to identify a lot of blind spots. Originally, we didn't have a SIEM tool. We had auditors say that this is something that we should be doing. My management team asked me to go and find a product, and I researched a bunch of them and found LogRhythm. It really opened our eyes to see how much traffic we have, whether it's other IP addresses that are scanning us or external users trying to hit certain ports that could then get closed. It helped us tighten down some of those firewall rules that may have been left open unintentionally through other changes. It helped us a lot early on to identify who was trying to communicate with us or, essentially, who was trying to attack us. As far as our overall security posture, our SIEM tool was the initial push that really got us going into identifying where all of our threats were. We expanded over the seven years that we've had it, and I implemented at least eight other products that are all security related because the SIEM tool indicated the need to identify other risks. It really helped us as an organization to identify risks and move forward to a more secure environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"ArcSight provides the basic information that we want."
"The most valuable feature is the search capability, which is simple to use."
"The log digestion features from threat intelligence platforms like Recorded Future or Talos are valuable."
"I am impressed with the product's ability to pick up logs. It also has UEBA which has reduced the time to take charge of the events."
"The technical support team is good...It is a scalable solution."
"In our country we are a little bit private in terms of solutions, so we are just starting to use the basic data capture. Now some users can start to use additional features that come with Micro Focus ArcSight like user behavior analytics for investigating."
"The most valuable feature is the level of detail that you can see about certain events, even when they do not come up in the console."
"Some of the most valuable features I really appreciate are the performance, how quick the solution is, and how easy it is to create a query."
"LogRhythm SIEM offers advanced features such as AI engine modules, machine learning, and threat intelligence integration, which help reduce false positives. Advanced analytics streamlines incident response processes, enabling incident responders to prioritize and automate alerts."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"The product is great for medium to large-scale organizations."
"Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default."
"In terms of security, LogRhythm NextGen SIEM is great."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
 

Cons

"It would be better if the product is cheaper."
"The product's connectors should work better and the user manuals need an update."
"The solution should make it possible to integrate network analysis features."
"ArcSight has been sold two or three times, and the quality has decreased."
"I would like to see better scheduling in the next release of this solution."
"In the next release, I want to see more intelligence."
"The integration with other systems could be improved."
"The initial setup was a little bit complex."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"The product's stability needs improvement."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
 

Pricing and Cost Advice

"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."
"ArcSight is an expensive solution."
"It's not cheap at all as it's a big product and has been in the market for quite some time now."
"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."
"We have a lifetime license, so we don't pay a monthly fee."
"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."
"The pricing is quite harsh."
"I would rate the product a seven out of ten since it's an enterprise product."
"The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent."
"I think the tool is reasonably priced. There is a need to pay per year towards the licensing costs of the tool."
"We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget."
"When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
"The pricing is very reasonable and accessible compared to other products in the market but I am not very sure about the exact licensing cost per year for our company."
"I would rate the tool's pricing around eight out of ten."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
824,168 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
20%
Computer Software Company
15%
Government
10%
Manufacturing Company
6%
Educational Organization
45%
Computer Software Company
8%
Government
6%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about ArcSight Logger?
We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.
What is your experience regarding pricing and costs for ArcSight Logger?
The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.
What needs improvement with ArcSight Logger?
The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
The integration is slightly difficult with other assets, like EDR technologies or firewalls. Also, the back end is not as user-friendly as other solutions like IBM QRadar. The technical support is ...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about ArcSight Logger vs. LogRhythm SIEM and other solutions. Updated: December 2024.
824,168 professionals have used our research since 2012.