Pan India IT Infrastructure Management / End-user Services at Tata Group
Real User
Top 20
Oct 22, 2025
We have outsourced our SIEM solutions at the moment, and we are using it.We have been using LogRhythm in our organization as a SaaS offering. We have outsourced it as part of the actual scope where they use LogRhythm to monitor these SOC events. I have known NetMon for more than three years now. We can implement SOAR wherever we can plan to have use cases. We can build use cases around it.
Information Security Analyst at Detecon Al Saudia Company Limited
Real User
Top 10
May 28, 2024
We use this solution for fax-based purposes. We have twelve actual users actively using NetMon in our organization. Additionally, we serve at least seventy-five clients with NetMon analysis. NetMon is deployed primarily in a private cloud across one data centre as we are a cloud service provider.
Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.
LogRhythm NetMon can be useful if someone wants to look into something apart from network behavior analysis, like DPA or any network forensic services. For DPA or any network forensic services, users can rely on LogRhythm NetMon, where they have to deploy the agent in their environment, or if sensors need to be deployed in TAP and SPAN port, with the help of which you can see the traffic movement. LogRhythm NDR is something based on artificial intelligence, machine learning, and real-time analytics since a user needs to see real-time lateral movement in their environment or network on a real-time basis.
Senior project engineer at a tech vendor with 10,001+ employees
Real User
Dec 1, 2022
Our client has given us IP addresses that must be assigned to a few devices at their end, such as networks, network devices, and firewalls, that we monitor using NetMon. We see whether those packets have been captured properly and what kind of traffic has been enabled like HTTPS, HTTP, and DNS servers. We also monitor how the traffic is flowing and how much data has been downloaded through one IP.
Product Technical Manager at a tech company with 1-10 employees
Real User
Mar 18, 2020
Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view
NetMon offers significant capabilities in log aggregation, traffic analysis, and real-time network insights. Its ease of use accommodates both entry-level and advanced functionalities, enhancing network visibility and threat detection.NetMon provides seamless analytics with its real-time dashboards and advanced AI integration. The platform is designed for comprehensive monitoring and detailed analysis, making it indispensable for identifying network traffic, origins, destinations, and...
We have outsourced our SIEM solutions at the moment, and we are using it.We have been using LogRhythm in our organization as a SaaS offering. We have outsourced it as part of the actual scope where they use LogRhythm to monitor these SOC events. I have known NetMon for more than three years now. We can implement SOAR wherever we can plan to have use cases. We can build use cases around it.
We use this solution for fax-based purposes. We have twelve actual users actively using NetMon in our organization. Additionally, we serve at least seventy-five clients with NetMon analysis. NetMon is deployed primarily in a private cloud across one data centre as we are a cloud service provider.
We use the product to monitor and report network utilizations.
Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.
LogRhythm NetMon can be useful if someone wants to look into something apart from network behavior analysis, like DPA or any network forensic services. For DPA or any network forensic services, users can rely on LogRhythm NetMon, where they have to deploy the agent in their environment, or if sensors need to be deployed in TAP and SPAN port, with the help of which you can see the traffic movement. LogRhythm NDR is something based on artificial intelligence, machine learning, and real-time analytics since a user needs to see real-time lateral movement in their environment or network on a real-time basis.
Our client has given us IP addresses that must be assigned to a few devices at their end, such as networks, network devices, and firewalls, that we monitor using NetMon. We see whether those packets have been captured properly and what kind of traffic has been enabled like HTTPS, HTTP, and DNS servers. We also monitor how the traffic is flowing and how much data has been downloaded through one IP.
I mainly use NetMon for traffic analysis and flow and to determine if anyone is using a previous password.
We use this product for network monitoring, to assist with our network security and performance.
Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view