LogRhythm SIEM Reviews

It has helped tremendously when following up on investigations and logs. We often get bogged down with many tasks during the day. We can actually come back to a particular scenario that we are looking into, so it has been very beneficial for that.

Key challenges are our users and network. In our network, we get logs from a particular product called a NetScaler, which hides our source IPs, so that makes it a little challenging. Our goals are to tune LogRhythm further and utilize all the different modules that they do offer us. It is a challenge to get it all done.

• The web console
• The case management

I did hear about the new playbook edition coming up and I am excited about it.

It is excellent.

I have used the tech support and think they are great. I have many vendors that I deal with for other tools and hands down LogRhythm has been the best SIEM solution.

It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion. I definitely think it is worthwhile.

It is very important for me that the solution be a unified end-to-end platform.

The visibility that it gives us into all of our data at once.

It would take me a thousand hours a day to go through all that data, so, like I said, it lets me see everything in one place, and I'm able to see where the problems are.

A cleaner interface. I keep getting confused and forgetting where everything is. A more intuitive interface would be helpful.

It does seem to be good at gathering data. Like I said, it's hard for me to get that data. I would just like it to be more intuitive. When I go to look for stuff I frequently can't find it. Either it's not there or I just don't know the program.

It scales enough for us. We haven't had any issues, no complaints about it.

I've used their training. I have not used their tech support. Again, we have an administrator, he's been there. He probably knows more about this than I do.

In terms of a solution being a unified, end-to-end platform, that would be nice. It's not something that I think about. I just use what's there.

I would tell a colleague at another company who is researching this or a similar solution to try it out. That's the only way you're going to know whether you like it. Don't trust the marketing materials. Ever.

I like the direction they're going with the AICloud stuff. They're talking about the playbooks. LogRhythm seems to be on top of things and always looking to improve, I like that.

The reporting feature is valuable.

We used it primarily for security logging of events. We created reports based on traffic awareness for security.

We would like to see a better base templates for reporting.

I've used it for six months.

The only issue we had was getting the Net Flow incorporated. However, that was issue was because of our implementation. Once we made a change it worked.

There were no issues with the stability.

We had no issues scaling it for our needs.

I'd rate customer service a 10/10.

I'd rate technical support a 10/10.

I've also used QRadar.

It was fairly straightforward.

LogRhythm's vendor team helped us set it up. The box was delivered and they helped us get the licensing in and the initial setup.

I would make sure you have Events Per Second set high enough for all of the events. This will cost a little more.

It will take time for fine tuning, expect for four months to fine tune it to exclude the false positives.

It's given us more insight into the traffic patterns that we see.

The dashboards and the AI Engine.

Mostly they should just expand on the features that are already there. More pre-built parsers, more pre-built AI rules, more dashboard widgets that we can put to use.

I would say scalability is very good.

Mostly very good. We have had some issues that have taken a long time to resolve, various technical issues that have taken longer to resolve than we desire.

The criteria that we look when selecting a vendor are usually support, and being and end-to-end solution, that is very important too.

I gave it a nine out of 10 overall because we have had some support issues that haven't been resolved quickly enough but, other than that, I've been very happy with the product.

If a colleague was researching this and other popular SIEM tools, I would say for the most part I'm very happy with it. I would advise them to schedule a demo and see if it meets their needs.

The log aggregation is what we use it for.

We don’t have a lot of the reporting configured or the advanced analytics. When the time is right, we will we will make the most of these features.

We need to improve our internal training and use of it. We use it, but we don’t use it to its potential. It’s a very powerful and robust device and application. We don’t use it how we could.

I don’t have a lot of confidence in their support. The support is not first class. I am still working with them with follow ups with the numerous issues we have had. The appliance itself seems to be doing what it’s supposed to, but the support is lacking.

I've used it for six years.

We went through research of multiple products that were similar in nature and selected LogRhythm based on the ability to comply with regulations and the advanced features that it offered. It’s a really deep product and you can do a lot with it, but it just hasn't been realized.

It handles what we throw at it.

I have mixed feelings. We have had some issues with their internal support.

We lost our ability to access the support portal, and it took them around three weeks to resolve it. We had a new upgraded appliance implemented and professional services set it up. They failed to take all of the alerts and bring it to the new appliance.

We implemented it in-house.

The licensing has improved. It has gone down because it is no longer individual monitoring licensing, whereas before it was licensed per collection manager. They have given us decent pricing, they gave us credit for the old appliance.

I find that the ease of installation is a valuable part of the solution.

The consolidation of the logs and being able to manage the items we have coming in -- all in one product -- has really helped this company a lot.

The main area of improvement is that the client must be installed on the computer for all of the functions to work. So if the client doesn't have a customer in their system, they can’t use it.

I have been directly responsible for this install around two years. I worked with LogRhythm at another company for around three years.

We didn’t encounter any issues that were not fixable.

I can’t remember the last time it was down. It’s very stable.

The way it’s set up with agents, we can scale very well and if we need to we can just add more hardware to the system. The only limit is the hardware. We have been happy with it.

Very knowledgeable, though I wouldn’t say proactive. When you speak with technical support you don’t actual speak with someone: you leave a message, which I do not like, although they respond pretty quickly.

The scalability was the main reason for switching. You never know how much you may need and the ability to quickly adapt is great.

The ability to add something quickly is very important. It's more complete than a lot of products, such as Splunk, but you have to put in a lot of work.

With LogRhythm, security feeds and security alerts are just built in.

We did migrate recently and had help from LogRhythm.

I’d say we have an ROI. It helps us identity problems before they become issues.

Always plan for more logs than you think you have. Once you start collecting you will realize that you need more than you thought.

My relationship has been very good. When we updated our software we set up weekly meetings which really helped us with reporting. We don’t directly get in touch with support but when we do they solve our problems.

The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.

• Alerts to account usage errors.
• Reports of malware from the antivirus.
• Reports application errors presented in logs.

Daily alerts: These allow me to quickly find security and operational issues which need to be addressed.

More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced.