LogRhythm SIEM Reviews

Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.

The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise.

There is room for improvement in the area of File Integrity Monitoring.

I've used it for 15 months.

No issues encountered.

No issues encountered.

No issues encountered.

It's excellent.

It's excellent.

I have used Tripwire, which was a poor SIEM solution.

We used a vendor team. I recommend using LogRhythm's professional services for assistance with implementation.

I highly recommend LogRythm for SIEM.

LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access. 

LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.

LogRhythm's dashboard can link to many other kinds of information.

The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read. 

I used the product for the first time last year, and we deployed it for one of our clients about five months ago.

LogRhythm's performance is average. We don't have many issues. There are a few at the moment, but I think it's because the message per second is above the design. If we reduce that, the solution will perform well

We haven't had any issues with support so far. It's okay.

Setting up LogRhythm SIEM is complex. Everything is complicated — the activity, integration, and analysis. 

I rate LogRhythm NextGen SIEM nine out of 10. People should consider LogRhythm. Take a close look and try it. It's one of the best SIEM solutions in the world.

Private monitoring is our primary use case.

In terms of security, LogRhythm NextGen SIEM is great.

I have been using LogRhythm NextGen SIEM for one year.

LogRhythm NextGen SIEM is stable.

Scalability-wise, it's not that great, but integration with other solutions is pretty easy.

The technical support is great.

We also use Splunk, but in terms of security, we always recommend LogRhythm NextGen SIEM.

The initial setup was very straightforward. We deployed LogRhythm very easily. In total, including configuration, we deployed this solution in less than one day.

In the context of our country, the price of this solution is too high.

Overall, on a scale from one to ten, I would give LogRhythm NextGen SIEM a rating of eight. 

I would definitely recommend this solution; my only concern is with the price — it should be lower.

• Reporting - we need to do a lot of security monitoring
• It doesn't have a lot of forensics, but we appreciate fact that it has the capability
• The ability to collect a lot of information, as we have 200 users and a lot of log sources

The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.

Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.

You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

I don't have metrics, but it has really improved the monitoring and alarming for us. 

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

It should have some more message monitoring features. It can also have some free message monitoring tools.

I have been using this solution for about two years.

It has been very stable. There are no major issues. It has been exactly doing what I expected it to do.

It has been very scalable in terms of adding new systems and stuff like that. It has been quite good.

We have plans to increase the usage of LogRhythm. We have some new solutions and new networks coming up. We might be looking to expand within the next two years to onboard new systems.

Technical support has been excellent so far. I never had any issues with technical support. Their support has been excellent.

I didn't use any other solution previously.

It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.

We have two administrators and two analysts. Four of us are managing the system.

It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that. 

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm.

I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

I believe the most valuable feature for us has been that we have all the logs together. We can query them, we can find all kinds of different situations that are going on in our network that we wouldn't have knowledge of without searching many different servers and logs.

Quicker ability to troubleshoot the problem, find the problem, get it fixed, and get the customers back up and using our system. 

I'm sure there are always areas, in stability and scaling, that need improvement. I don't have anything right off that I can say I know needs improvement right at this point.

We installed in 2009, and the stability has improved over the years. I consider it to be quite a stable product now. It seems to work day after day, week after week.

With version 7, we feel the scaling improved a lot. We are a large health system and we are quite often adding new businesses, new healthcare offices, new hospitals to our system. We we are able to add those extra logs into our system without causing any issues.

Tech support has always been good from the very first. In most cases the first response is a good one. It does the job, and if not, then you get back to them and they stay with you until they get it fixed.

We thought the setup was very quick and easy, of course we didn't try to boil the ocean all at once. We've been, over the years, adding more and more phases to our system, completed it in phases.

Really figure out what you want it to do for you, because it is very flexible and can be used for many different purposes. Determine what you want to use it for, and then get the assistance from LogRhythm to help implement it in that way. Then you can always expand it and take in other areas. But your primary goals need to be met right up front.

We are very happy with it.

Compliance. It's the main focus of the solution, and that is what we've been doing: logging, monitoring, and alerting.

We keep an eye on all the events which actually are configured as an alert. This keeps us on compliant for compliance purposes.

Our key challenge and goal is maintaining a secure infrastructure. We are a power electric company, so we are trying to be as secure as we can.

It is a very good solution. It is very robust. It is very extensive. We're trying to go into the minimum requirements for compliance purposes, but I would like to start implementing more for administration purposes and security.

• More seminars.
• Reporting: A reporting tool would be good for us, especially if we have better knowledge of them.

It is very stable once it is configured. We have not had any downtime.

The scalability is very powerful. Our network is not very big, but we can configure it so we can always be up and running with redundancy. It's a great solution.

It is a great experience all the time working with them. They are very useful, if they don't have the answer, they find the people that have the answer.

On the last upgrade, I was part of the group to implement it. We did have some challenges, because the previous deployment was not configured right, then we did the implementation and it was very straightforward.

Alert Logic, but the laws were going outside of the company, so we want to keep it inside for security purposes.

LogRhythm was the best solution that we could find.

We have LogRhythm in place and it's been working well for us.

It's a great solution but training will be a big key on the implementation. We can troubleshoot it and get the technical support, but it always being very good to have technical training on LogRhythm.

Being able to have all our logs all in one place, so we can easily correlate across the environment.

It has definitely matured our security posture. Before we started using it heavily, all our products were compartmentalized within the department that used it. Now that we have a central point, we have been having more integration with different departments.

The challenges are being spread out and using some of the technology that we do use, which are not easily integrated into the SIEM. We have a lot of custom parsers and just trying to get our custom products and applications to integrate into the SIEM, that was our biggest challenge.

As far as building custom parsers, it's very configurable. I've had some experience building parsers with it so far, and the ones that we have built have been working fine. Support has been pretty awesome with helping get those working well.

Adding more integration for security products would be an improvement.

I have not had to scale it out too much yet. The environment was already set up when I came in. As far as the ability to scale out, I know it's there. I haven't had to put it to use though.

I have used their support a lot. It is really good support. I don't think I've opened a case yet that I haven't got a solution on, and it is usually pretty fast It's easy to reach the right person.

We had a previous solution, but I don't know who they were. I don't know why we switched. Compliance was our biggest driving factor to why we purchased LogRhythm.

I would not know. This was done before I came onboard.

It is a really good product with good support.

If someone is reaching the solution, I would advise them to reach out to users and try to visit LogRhythm's online presence to see what they have. The LogRhythm community has been a pretty good resource.

Having a unified end-to-end platform is very important.

Most important criteria when selecting a vendor: support for the product.