LogRhythm SIEM Reviews

We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.

LogRhythm really gave us a better understanding of what our overall risk is within our network and has opened our eyes to include other products that helped address different types of issues. Whether it's getting into vulnerability scanners or different pieces of other software, it's opened the door to what's out there. It helped us to turn on different features or other products along the way and helped us to identify what we need to improve on and present it to our executive team.

One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us.

We use the Event Log Filtering feature a lot. We use it for simple troubleshooting tasks like when a user is logged out, to more important tasks like trying to investigate a threat. As far as its effect on productivity, we can go and search instead of trying to troubleshoot and guess what is causing an error. We can identify what the program is or where the hiccup is.

LogRhythm helped us to identify a lot of blind spots. Originally, we didn't have a SIEM tool. We had auditors say that this is something that we should be doing. My management team asked me to go and find a product, and I researched a bunch of them and found LogRhythm. It really opened our eyes to see how much traffic we have, whether it's other IP addresses that are scanning us or external users trying to hit certain ports that could then get closed. It helped us tighten down some of those firewall rules that may have been left open unintentionally through other changes. It helped us a lot early on to identify who was trying to communicate with us or, essentially, who was trying to attack us.

As far as our overall security posture, our SIEM tool was the initial push that really got us going into identifying where all of our threats were. We expanded over the seven years that we've had it, and I implemented at least eight other products that are all security related because the SIEM tool indicated the need to identify other risks. It really helped us as an organization to identify risks and move forward to a more secure environment.

When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away.

We've had LogRhythm for almost seven years now.

It's very stable. We've been on the same system for the seven years that we've had the product. We've had no issues and haven't even had to upgrade any of the systems or increase anything hardware-wise up to this point.

I haven't really had much of a chance to do any scalability because we haven't had to scale anything up. Ours is a virtual instance, and if we needed to scale up, we could just shut the server down, add some more resources, spin it back up, and it would be good to go.

Initially, tech support was a solid ten out of ten when we first started. Over the last couple of years, they have changed how they handle tech support requests, and the response time decreased from what it used to be. You call in, they'll take your information, and then they'll call you back later. That can take 24 hours or more. When you actually do get somebody on the phone, they're very good and know exactly what they're doing. They'll take care of you.

In terms of response time, I'd give tech support a six out of ten, but in terms of how good they are as tech support, I'd give them a seven or eight.

We didn't have a designated security person on staff, and our auditors came in and said that we should be doing this. As a help desk person, I looked for something specific that was going to give me the flexibility I need but also allow me to spin up and run while doing the rest of my duties, and LogRhythm was the best one that I found that could do that.

It's pretty complex to set up, in a way. However, now that I've done it and have done an upgrade as well, it doesn't seem as bad.

I did something wrong on one of the initial upgrades, and it threw an error. I called in support, and they immediately jumped in and started working on a lot of the backend pieces that I don't normally touch. It's pretty complicated if you have to get into that, and that's where the tech support comes in.

With this last upgrade, I did not run into any errors, and it went through just fine. I thought that I was going to be doing this for six hours throughout the day, and I got it done within two or three hours.

I set it up and upgraded it twice, once with help from LogRhythm and once all by myself.

We're on a perpetual license, but they're trying to move us to a subscription-based license. We've been with them for so long, and we'd like to keep it the way it is rather than switch to a subscription-based license.

We looked at four products including QRadar and Rapid7 InsightIDR. We did POCs for all four solutions, and LogRhythm was the best solution for our needs.

One of LogRhythm's distinguishing features was its AI engine which analyzed the tools and allowed it to alert for specific events, instead of me having to dig down and create all these rules. It came with pre-created rules.

Another piece that was really important was the implementation. They had a lot of pieces for third-party vendors as well. We could pull in the logs. All we had to do is just create a rule that says, "alert." It came pre-programmed with a lot of alarms that would automatically correlate with our AV, along with our firewall. We didn't have to create them because they just came in pre-made, and that was a big feature that we looked for. Just implementing it or adding to it didn't take up too much time.

If you are one who thinks that SIEM is an outdated security tool, I would be very curious to know what other solution would be better than a SIEM to accomplish the same goals. A SIEM tool gives you such an open perspective into what is going on in your network and gives you the ability to dig in if you really need to. Whereas if you have a completely managed solution or one that uses AI and does everything for you but doesn't provide you the logs, you might know what's wrong but won't know what else is going on out there. With a SIEM tool, you can dig in as far as you want to, and specifically with LogRhythm, you can be as hands-free as you want to be. It'll tell you what's wrong, and you can address those problems. You have a lot more flexibility with LogRhythm SIEM.

Overall, I'd rate LogRhythm SIEM a nine out of ten. I really enjoyed the solution. If you have to program anything yourself, there is a little bit of a learning curve. They've got lots of guides that you can use, and depending on your skill set, you may be able to figure it out sooner rather than later. The resources are all there, and the community is there to help you, which makes the product really great and easy to use.

I work with LogRhythm SIEM in a variety of ways, including monitoring security and compliance, conducting behavioral monitoring, and handling security information and event management (SIEM) tasks. The solution is used for security monitoring, user behavior analytics, NDR, and consolidating events from workstations to servers.

LogRhythm SIEM helps maintain security through continuous monitoring and provides a platform for behavioral monitoring, which can be deployed using the AI engine.

LogRhythm SIEM has some valuable features, including its ability to maintain backups of events and manage alerts separately through an engine that handles content and administration tasks.

LogRhythm SIEM needs improvement in data grouping and manipulation capabilities. The dashboard configuration capabilities are also very limited. Improvements are needed in the areas of query-based searches and pivoting table creation.

I have been working with LogRhythm SIEM just about two and a half years in my current organization.

I did not work on the stability aspect of LogRhythm, but I faced some issues with similar SIEM tools in terms of handling event per second rates.

LogRhythm SIEM comes with scalability challenges, especially related to licensing. Increasing the scale requires additional licenses, unlike Microsoft Azure's pay-as-you-go model.

I have not personally escalated any questions to LogRhythm technical support.

I have experience working with various tools like Azure Sentinel, QRadar, and Splunk. These tools often have modern capabilities that are more comfortable to use compared to LogRhythm SIEM.

I was not part of the initial setup as it is usually handled by a specialized deployment team.

In our organization, the deployment team is responsible for LogRhythm's implementation.

LogRhythm SIEM is considered cost-effective, especially for medium-sized or smaller organizations, as it offers a decent SIEM solution.

I am not aware of the specific pricing and licensing costs, but it is definitely less expensive than other tools like Splunk and Azure Sentinel.

I've evaluated Azure Sentinel and Splunk, which have distinct modern SIEM capabilities.

For smaller and medium-sized organizations, LogRhythm can be a suitable option due to its cost-effectiveness. However, for larger organizations, solutions like Splunk might be more appropriate due to their advanced capabilities.

I'd rate the solution seven out of ten.

The solution is used for threat hunting. We also use it as an SIEM for our SOC.

The solution enhances our organization's threat detection and response capabilities. It prioritizes alerts. We can write rules on it. It provides a comprehensive rule list out of the box. We have compliance rules for PCI and SOC. We prioritize the rules for PCI compliance. Assets that we have ingested have PCI labels, and we can identify the websites that need PCI. We can visualize threats on important assets and analyze, mitigate, and rectify them.

The log analysis feature is valuable. The solution has an AI rule manager. AI Engine gives us plenty of options to write new rules and modify existing rules according to our requirements.

The cloud version must be scaled better. The EPS values shown are sometimes not reflective of how we see them. Log ingestion takes a couple of days. When we have errors, the turnaround time is two to three days. It should be organized for better turnaround time. The cloud infrastructure is taken care of by the cloud team. The responses provided by the cloud team are inefficient. The response time must be improved.

I have been using the solution for two years.

I rate the tool’s stability a seven out of ten.

The tool is scalable, but the tech stack is very old. It doesn't use the new generation bells and whistles like artificial intelligence. There is a lot of room for improvement. I rate the scalability a seven out of ten. In our organization, 12 to 15 security analysts use the solution.

The support team helps us a lot.

Positive

We used FireEye two years ago. The management decided to move to LogRhythm SIEM because FireEye was going through a transition, and we wanted a stable product.

The initial setup is not easy. It requires technical skills. I rate the ease of setup a six or seven out of ten. The solution is cloud-based. Our environment is very complex. The deployment takes three to four months. We have to install agents. We have multiple locations with multiple data centers and a multi-cloud presence. The setup must be done with a lot of variations.

We use Puppet for Windows deployment. The Linux deployment needs forwarders. We have multiple tiers, endpoints, and collectors. We must set up multiple things. Each aspect has its own set of rules and limitations. We cannot do everything in one go. We must scale it up gradually.

We have seen an ROI on the product.

We are moving to Google Chronicle. We are in the transition phase now.

LogRhythm SIEM is a good product for a small SOC. Overall, I rate the solution an eight out of ten.

In my company, we use LogRhythm SIEM for integrations. We use the product for SOC use cases. If we have SOC implementations, LogRhythm is the SIEM solution we use since it can also offer a SOAR solution.

The most valuable features of the solution are network monitoring, user behavior analytics, and log collection. Our company uses almost all the features offered by the solution.

The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great. Since the product does not offer a web console, my company must rely heavily on the client console. There need to be some improvements in design. I want LogRhythm SIEM to be more user-friendly.

The File integrity monitoring (FIM) features offered by LogRhythm are great, but it is not competitive with the other solution offering the same feature.

I have experience with LogRhythm SIEM for two years. My company is a reseller of cybersecurity solutions. I use the solution's latest version.

It is a pretty stable solution. Stability-wise, I rate the solution an eight out of ten.

It is a very scalable solution. Scalability-wise, I rate the solution a nine out of ten.

My company caters to three customers who use the solution. Mostly our customers are enterprise-sized businesses with a few hundred or thousands of people.

I rate the technical support as an eight out of ten.

Positive

The initial setup was easy. I rate the setup phase an eight on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on-premises.

For deployments, it can take about two to three weeks. It could take more time when it comes to tuning or fine tuning needed in the solution, and it is not the case for LogRhythm alone but the same for all SIEM solutions. The deployments and the initial configuration can take around a month.

There are two aspects when it comes to the steps involved in the deployment phase, which are organizational and technical. Our company starts the deployment with the organizational aspects first, where we have to understand the company's context, to understand the company's use cases, and where we have to implement. Then, we start with the technical stuff, like installing solutions and configuring the use cases we have already discussed with the customers.

On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven. Price-wise, it is not a solution for small businesses. My company works in the African market, and in African markets, LogRhythm SIEM could be very expensive for small enterprises. There are annual charges to be paid for using LogRhythm SIEM. There are no extra charges in addition to the licensing costs of the solution.

To those planning to use the solution, I suggest they get trained before starting the use and deployment of the solution.

I rate the overall solution a nine out of ten.

I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project.

LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.

SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem.

I don't think the cloud model in LogRhythm is developed enough. This is one of the reasons they changed the position in a negative way in the Magic Quadrant Gartner for SIEM in the recent report. The cost of UBA is also high when you compare it with Securonix.

I would like to have a different cost model for cloud. If that happens, I think LogRhythm could be competitive in other cases with the customers.

The virtual machines require a high computer power, and sometimes customers say it's expensive. There are specific requirements from this solution. LogRhythm has a specific requirement when implementing in virtual machines, which is a very complicated issue. The best solution is in the cloud, most of the time.

I've been using this solution for more than five years.

It's stable.

When we are using LogRhythm in the cloud, it is scalable, but it's more expensive than other solutions. When we are on-prem, it's a little complicated and has a lot of challenges that the customer doesn't want.

It is scalable in the cloud, but not on-prem. It is not easy. It takes more time and money. I would rate it 3 out of 5.

I would rate the presale support 3 out of 5. They could be in contact more and give more information. It's average. I have heard that post-sale support is good.

It's simple because you only need to consider one component and that's it. But if you have a customer with different companies and each company has different subsidiaries and all of them want one only service, all of them will be sending the logs into one single SIEM, so you need a distributed architecture. You need to think about how to include new components and how that will be impacting the architecture in the near future, because we don't know the cost. In some cases, it's complicated if we don't know the new versions or the changes that the vendor will be publishing.

Deployment commonly takes three months but can take up to six months.

We use about six people for maintenance.

We deploy the solutions on our own.

I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees.

The customers commonly want to know what is the price for the service in different bands. So we work on a banded price model, and it is something that is complicated. We include the UEBA, which is sized and quoted in terms of the number of users and entities. So we need to make a price banded model for the SIEM and a price banded model for the UEBA. We need two of them and they are related. 

If you increase the number of users, you are increasing the cost of the service of the SIEM. Sometimes we don't know the exact relationship between these two components. In the case of other solutions in the cloud, like Securonix, you just need to say to the customer, "This is the price of the different bands."

I've evaluated solutions that can be deployed in the cloud and have other features or components, like the UEBA. In the case of Securonix, it is included. We need to decide if we are going to propose something that is on-prem or in the cloud, depending on the requirements of the customer. The architecture is more complicated when you deploy something on-prem, so you want to increase the number of EPS, the events per second. You need to consider the architecture.

With Securonix or Splunk, we just need to go to the partner and say, we need an increase in the number of EPS. We also don't have to provide maintenance to the solution because it is in the cloud. Our specialist is more focused on the security aspects instead of providing maintenance to the components.

I would rate this solution 8 out of 10.

My advice is that if the requirement is to have someone on-prem, for example, someone that is working in a financial entity, it is a requirement to have all the information in their own data centers and using specific connections. If you have that case, you can use it. It is convenient. And you can use it if you have a case where the evolution of the environment is not going to change for the next three years. Otherwise, if you have a lot of changes during the time that you are going to be using this solution, you need to include different components that will probably be complicated to architect.

LogRhythm SIEM is a cybersecurity solution that we use to protect our network and devices from external and internal threats or attacks. It's part of our overall cybersecurity strategy, which includes SIEM, EDR, and DLP solutions.

LogRhythm SIEM offers advanced features such as AI engine modules, machine learning, and threat intelligence integration, which help reduce false positives. Advanced analytics streamlines incident response processes, enabling incident responders to prioritize and automate alerts.

LogRhythm SIEM can improve its user interface. The current interface is quite complex and can be challenging to navigate. While it offers many valuable features, understanding how to access and utilize them efficiently takes time. Simplifying the client console's user interface would significantly enhance the user experience and make it more user-friendly.

I have been using LogRhythm SIEM for the past five years.

I would give it a nine out of ten in terms of stability, as the support and tech teams are reliable and efficient in resolving issues.

Considering its capacity and ability to meet requirements, I would rate LogRhythm SIEM around seven out of ten.  As a service provider, we cater to multiple users and organizations.

The technical support for LogRhythm SIEM is good.

Positive

The setup for LogRhythm SIEM can be rated eight out of ten in terms of ease. It's an on-premises deployment and typically takes about ten to fifteen days for a basic setup. Still, depending on the complexity of log sources and integration needs, it could extend to twenty and twenty-five days.

We’ve integrated LogRhythm SIEM with various systems, such as Cisco switches, databases, PAM solutions, and Trend Micro ADA solutions. AI integration plays a significant role in enhancing security monitoring efforts by automating tasks and detecting zero-day attacks.

I would rate LogRhythm SIEM an eight out of ten and recommend it to others.

LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.

Its most valuable features include robust dashboards and effective alerts. I find LogRhythm's log management capabilities to be beneficial.    

We integrate multiple credentials and feeds from various sources to enrich customer data. However, we haven't extensively explored its capabilities for compliance reporting as it hasn't been a priority for our clients.

Regarding identifying potential security incidents, LogRhythm's preconfigured alerts are quite effective in detecting vulnerabilities. As for the impact of LogRhythm's log management capacity on security posture, it largely depends on the deployment type. The analytics and intelligence features, particularly the correlation functionalities, have proven valuable in catching complex cyber security threats.

I have been using LogRhythm SIEM for 1.5 years.

We haven't encountered any significant problems, so it effectively keeps our processes running smoothly. I'd rate it an eight. It's generally stable, though we haven't faced any major stability issues.

I'd give it a 6 because appliance-based setups can sometimes pose scalability issues, but otherwise, it's fine. 

We have specialists, and whenever we need technical support, we can easily get it.

Positive

LogRhythm SIEM is a factor in our capabilities, particularly for incident response and insurance management.

The incident response times have improved since implementing LogRhythm SIEM.

On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either.

Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution.

My advice for someone considering implementing LogRhythm SIEM would be to start with proper controls and understand the value it provides.

Before installing the solution, users should consider factors like EPS calculations and endpoint support to ensure proper sizing, especially if not going for an appliance.

Overall, I'd rate this product an 8 and would recommend it to others due to its cost-effectiveness, value for money, and user-friendly nature.

It is an SIEM tool. It gathers logs, parses and normalizes them, and correlates the logs with the rules we write. For example, if an account tries to log in multiple times with the same username, I can write a rule for it. The SIEM tool would analyze the logs and generate alerts based on the rule.

The user interface is pretty good compared to other SIEM tools. The log search capabilities are good. It gives results pretty fast.

The correlation can be improved. If an alert is generated, we want to know the related events. We often have to search for the drill-down option. Sometimes, it is not available. Sometimes, the tool fails to get the correlated events that triggered the alerts. Searching logs is a bit difficult compared to other tools.

I have been using the solution for one year.

I rate the tool’s stability a seven out of ten. The tool fails if we run big queries. The search breaks down even if we put a limit on the number of events.

I rate the tool’s scalability a seven out of ten. It generates alerts but doesn’t give us the related events that generated them. Sometimes, we need to mess with the configuration to get it back up. The security team uses the tool to analyze the logs.

I used QRadar before. I prefer QRadar over LogRhythm.

The initial setup is easy. It is not that difficult.

People who want to use the solution must not do any big searches. Overall, I rate the product a six out of ten.