We performed a comparison between LogRhythm SIEM and Recorded Future based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"The artificial intelligence engine."
"It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
"From the feedback I've received from my clients, the most valuable feature is the ability to personalize the solution. The ability to have a customized dashboard makes it easy for leadership and management to obtain details. Intelligence analysts or security engineers care about the actions and results, whereas the leadership care about graphs and reports. Recorded Future helps my clients create reports and also determine how the intelligence that is generated is consumed. They can easily show the benefits to the leadership without them having to invest 10 hours a week into transferring numbers into a graph or into creating reports."
"As a threat intelligence tool, it's very helpful."
"The intel that they were providing us over the emails was very good. If it found any hashtag in our organization's name on the dark web, a rogue IP, or a marketplace, it would send us an email and notify us that this is being mentioned, and if we want, they can take some action."
"The tool is helpful in vulnerability assessment of zero-day vulnerabilities and phishing domains. The solution provides information on any domains of the organization that has undergone phishing or any other cyberattacks."
"Has the ability to conduct and build any query without limitations."
"The most valuable features of Recorded Future are the useful alerts it provides. If we are monitoring a domain, the solution will provide us with an alert in a prompt manner. It is simple for clients to receive alerts. The advanced search is useful for more accurate filter results."
"The solution is diverse and provides me with a lot of different mechanisms for evaluation."
"It can collect data from various sources, including social media and the dark web."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The solution could improve the playbooks."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"We're still struggling to get a real return on it and finding something that isn't false noise."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"Scalability-wise, it's not that great."
"The solution would benefit from introducing automation."
"Lacks sufficient visibility of malware and international APT attacks."
"When you add one website to Recorded Future, it should automatically call all other websites and social media platforms."
"The solution could improve in reducing the false positives. However, most of the other tools on the market have false positives. If they enhance their data algorithm, it could improve the accuracy of results and minimize false positives. Identifying patterns of false possibilities can aid in developing better reporting features that could potentially eliminate them in the future. This recording feature tool could benefit from adopting similar techniques utilized by other tools to enhance its functionality. By doing so, it could minimize the need for manual efforts in distinguishing true positives from false positives, ultimately reducing the workload."
"It sometimes detects false positives and reduces the overall accuracy of the system."
"The product gives many false positives. If someone talks about the brand or organization name in the public domain over chats or blocks, it gets highlighted. It may not necessarily be a threat but still gets highlighted which increases the false positive count."
"There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities."
"Recorded Future is a very expensive solution, and its pricing could be improved."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Recorded Future is ranked 1st in Threat Intelligence Platforms with 10 reviews. LogRhythm SIEM is rated 8.4, while Recorded Future is rated 8.6. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Recorded Future writes "Traceless online searches, stable, and scalable". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Recorded Future is most compared with ZeroFOX, CrowdStrike Falcon, Intel 471, Digital Shadows and Anomali ThreatStream.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.