LogRhythm SIEM Reviews

The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.

• Alerts to account usage errors.
• Reports of malware from the antivirus.
• Reports application errors presented in logs.

Daily alerts: These allow me to quickly find security and operational issues which need to be addressed.

More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced.

The reporting feature is valuable.

We used it primarily for security logging of events. We created reports based on traffic awareness for security.

We would like to see a better base templates for reporting.

I've used it for six months.

The only issue we had was getting the Net Flow incorporated. However, that was issue was because of our implementation. Once we made a change it worked.

There were no issues with the stability.

We had no issues scaling it for our needs.

I'd rate customer service a 10/10.

I'd rate technical support a 10/10.

I've also used QRadar.

It was fairly straightforward.

LogRhythm's vendor team helped us set it up. The box was delivered and they helped us get the licensing in and the initial setup.

I would make sure you have Events Per Second set high enough for all of the events. This will cost a little more.

It will take time for fine tuning, expect for four months to fine tune it to exclude the false positives.

• Security analytics
• Compliance: The reason we implemented was compliance. We're hoping to use it more now.

Security analytics have definitely improved. It is definitely more dynamic than our old flat file archives system.

As a security organization, the key challenges and goal are data integrity and definitely user access to insure that certain sections are kept more secure than others.

It seems with all of the advanced features that we haven't quite figured them out.

It is very complex. More training maybe, in addition to the LogRhythm training on the community website, which is a lot. Better adoption starting out, so we are more comfortable when we start and when we go live.

We are pretty new.

We are learning more as the days go on. I am sure a lot of the really impressive stuff will come later.

Scalability is extremely great. We are looking to scale it way more than we already are as we grow.

We haven't contacted them yet.

The initial setup was straightforward.

LogRhythm came in and did so much for us. We were up and running before the week was over.

Take advantage of the feature set that LogRhythm has to offer. It has more features than a lot of their competitors. You will be further in the end.

NextGen SIEM is primarily used by the SOC team to detect attacks. 

NextGen SIEM's most valuable feature is its user-friendliness.

NextGen SIEM's integration with other software is good but could be improved.

I've been working with LogRhythm NextGen SIEM for three years.

NextGen SIEM is stable.

The initial setup was straightforward.

I would recommend NextGen SIEM to those considering implementing it and would rate it eight out of ten.