LogRhythm SIEM Reviews

We operate a Security Operations Center. We have to provide internal security to our client base and intel. That's why we use it.

We mostly deal with phishing email attacks from our Intel-related clients. So, most of the cases are related to using the SIEM. And we receive the logs in our database to do all those things.

In Sri Lanka, we have a local SIEM supplier. And in addition to that, if we need some more calibration or help with incidents, we raise a ticket to LogRhythm, and they will give us their support.

It is good for us. 

The price could be improved.

In future releases, I suppose if they can give us some training related to LogRhythm, that would be very beneficial. I suppose the training is not enough.

And the product might be a little bit complex for non-experienced people

I have been using it for two and a half years. 

It is good. 

Positive

Our Security Operations Center (SOC) and our SIEM use LogRhythm. We have to renew our license and are looking for another SIEM. We are doing a comparison with Elastic.

The initial setup is complex. There's a complexity, actually. We have received some training in the last two and a half years. We got training from our local supplier. Actually, we haven't received any training before from [LogRhythm], so I suppose they should provide training for that.

I suppose there's a very high cost in that. So that's the main reason we are trying another solution.

I would recommend it to others. Overall, I would rate it an eight out of ten. 

We use the product for server and event management for the financial sector.

The product's stability needs improvement.

We have been using LogRhythm SIEM since last year.

We encountered some system downtime issues.

The product is scalable. Its scalability is based on specific licensing plans. It is suitable for enterprises. It has a lot of advantageous features for SIEM.

The technical support services are good.

Positive

We used SolarWinds before. We switched to LogRhythm because of specific requirements regarding log information and SOC activities, particularly for government contracts. In comparison to products like IBM and HP, LogRhythm is a cost-effective alternative.

The initial setup process is very user-friendly. It takes 15 days to complete.

Compared to other products,  LogRhythm SIEM generates a return on investment in terms of ease of use.

The product is inexpensive than other tools like IBM, QRadar, etc.

We evaluated six products as per our client’s requirements. They decided to go for LogRhythm, which solves business purposes and has economical pricing.

I rate LogRhythm SIEM an eight out of ten. In comparison, IBM has more features that are essential at the moment. However, it costs three times more than LogRhythm SIEM.

There are multiple use cases for the solution, such as long log formatting, log consolidation, data isolation, malware detection, identifying suspicious attacks, and locating ISU records across the network.

The GUI is very intuitive and the solution has good integration.

The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement.

The price of the solution has room for improvement.

I have been using the solution for ten years.

The solution is stable.

I give the scalability an eight out of ten.

The technical support is good.

The initial setup is straightforward.

I give the price a six out of ten.

I give the solution an eight out of ten.

The solution can meet the most mature customer's requirements.

We are consultants providing governance solutions for the banking sector. We have a lot of use cases. We have more than 400 use cases for the client side.

Its ease of use is valuable. It has improved a lot from the previous versions. It had a lot of issues before, but now, it's way better in terms of integration, the console part, report creation for use cases, false positive numbers, and so on. Its AI engine is a lot more advanced in the latest version.

The web and on-premise console interface should be the same instead of having a separate engine for each. 

I hope that they remove the console and have only one GUI. There should be one engine for both the web and the console. They shouldn't have two different engines for each one of them.

There should be easier deployment status, and like Splunk, there should be a more professional way to write the search. There shouldn't be only a drop-down menu. It'll be a good thing to add.

I have used LogRhythm for about three years now.

LogRhythm SIEM is stable.

LogRhythm SIEM is highly scalable. We have more than nine users working with this solution.

The technical support depends on the technician you get. Some are good, but some aren't.  We had multiple sessions with one person for over a year with no results. Other engineers are excellent. 

Setting up LogRhythm is complex. It took our team more than a month to deploy. We have a large team in my company because we are working with dozens of clients. Our BS team is almost 15 people. 

Its implementation is handled by a different team. We have a very big team in our company because we are working with a lot of clients. Our implementation team has almost 15 people.

There don't seem to be any costs in addition to standard licensing.

I'd recommend LogRhythm SIEM to others. I'd rate it an eight out of ten.

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

LogRhythm NextGen SIEM has improved the organization through the alarm system my team has configured. The alarm system is key to looking after all the hardware and endpoints.

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead.

Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.

I've been using LogRhythm NextGen SIEM for one month now.

LogRhythm NextGen SIEM is a stable tool. I didn't find any instability in it.

LogRhythm NextGen SIEM is a scalable tool. Scalability is one of the reasons why my organization uses it.

When I joined the company, a ticket was previously opened with the LogRhythm NextGen SIEM technical support team. Though I didn't directly connect with support, I have information that the problem was resolved and that the support team was very cooperative and very technical in solving the problem.

Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.

Senior management is in charge of purchasing the license for LogRhythm NextGen SIEM, so I have no information on how much it costs.

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version.

My organization uses the on-premise version of the tool, and it's been applied to the data center.

I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain.

The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions.

My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

Its primary use cases are log aggregation, security information, and event management correlation.

All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed. It has the capability to do that, but it probably takes a little more time to do that. 

It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup.

I have probably been using it since it has been around.

It is stable.

It is scalable.

They provide very good support.

It takes a little more time to get operationalized, but I haven't personally set it up. I'm only taking feedback from my customers when they say they've gone through the steps and the process of setting it up.

It is a very cost-effective solution.

Don't do it without managed services, but I would say that for any SIEM. In SIEM technology, the setup and maintenance side is different from the monitoring and alerting side. I recommend all of our customers to always go with a managed service provider to take care of the monitoring and alerting side, or at the very least, to fill in for off hours because you only have so many people on your staff. Small and medium-sized customers are our bread and butter, and most of our customers don't have the staffing for this. 

If you don't have the expertise to set it up, manage it, or the time to learn it, a managed service can help you get it set up. For most SIEMs, LogRhythm included, for the first six months, you probably need one to one half of an FTE for doing the setup, getting it operationalized, and doing all the tuning. You're going to need one-quarter of an FTE for ongoing operations, maintenance, and support. That doesn't include monitoring of alerts and the response to the alerts. If you've got it well tuned, you don't need a lot of staff to do the monitoring and the alerting during the regular daytime hours. That's where having a managed service provider during off hours and weekends is handy. It is beneficial to have a managed service to do the operational work for maintenance.

It is good, but there is room for improvement. There are plenty of solutions on the market that do a lot of what it does. It is not a huge product differentiator or market differentiator.

I would rate it an eight out of ten. 

This solution's use case is abnormal administrative lockouts, most of the time.

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

We've been using the solution for two years. 

It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

We have seven people, admins, who are working directly with the solution. 

It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

Neutral

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

The deployment itself took about 90 days. 

I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

We are an integrator and service provider. 

We are not currently using the latest update.

I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

I'd rate the solution five out of ten.

I'm a user, administrator, and analyst. We are using version 7.4.

The solution is deployed on-premise. Three people are working with this product in our company.

Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default.

Sometimes the Platform Manager crashes because it's built around Windows.

Every component is on a separate device. Right now we are just integrating log sources. We didn't do any threat intel or use cases until now. I did this with another customer, but with QRadar.

They have to think like IBM. IBM did X-Force public cloud, which is a beautiful tool that gives us threat intel feeds. LogRhythm doesn't have this solution, but maybe they want to integrate this. The Client Console is very bad.

The console is for administrators to add log sources or do some basic investigation. It is a very bad GUI. I think it's very old and built upon an old OS. They have to get rid of it or use a web-based application or develop it in the Client Console application.

I have been using LogRhythm for one year.

It's very scalable. We can scale up or have vertical or horizontal. If you want to add more indexers or connectors, it's easy to implement.

We haven't opened any cases until now. I used to work with QRadar, and sometimes it takes very long to receive a reply from IBM. We didn't experience any use cases until now, but with LogRhythm, we have some delays from the implementation view.

LogRhythm is expanding in my country, Egypt. Multiple customers have moved to LogRhythm. So, they don't have many people for support. We have to schedule a session, and then in implementation engage with engineers.

Initial setup was complex.

We have multiple data indexers, and each component is on a separate device. I think QRadar has many tools from the point of view of applications integrated within the SIEM solution, like threat intel or use case manager. In LogRhythm, I don't see this.

Maybe we haven't gotten so far in the implementation, but in QRadar I can feel it's easier from the initial setup. We have only these components placed on one site. We don't have another recovery site.

I didn't see the RFP, but I heard that it is more expensive than QRadar. I remember one customer implemented only one QRadar in two sites. It cost them $2 million, I think. Maybe LogRhythm is much higher.

QRadar is built around Red Hat, so it's more stable. I think LogRhythm is more complicated than QRadar.

I would rate this solution 7 out of 10.

When you integrate a log source by default, you have to know what the customer needs or the process that is wanted, because we did the reconfiguration multiple times for log sources.

So, they have to also follow the MITRE ATT&CK Framework, because by default LogRhythm collects the common logs, so you have to enable this.

To estimate it in the licensing sizing exercise, it must be done correctly. Sometimes I see customers sizing away from the current situation. Customers sometimes buy a license that is not enough for their implementation, because they didn't expect what they would be adding in the future during the implementation.

Sometimes the implementation takes one year, and the customer adds more devices, so it exceeds their license. I think it's the presales' job to do the sizing correctly. And the customer must be aware of how or what to implement during, so that implementation doesn't take long.

It took some customers two years to implement a SIEM solution. I don't remember the solution, but it was a waste of two years' time.