What is your primary use case for LogRhythm SIEM?

LogRhythm SIEM is used for monitoring events. Analysts can click on events, drill down, analyze source IP, destination IP, time, country, and other details.

Mostly in Indonesia, LogRhythm SIEM is used by government agencies that must use the on-prem solution because of the significant requirements for SIEM solutions. It sells products as a one-time solution rather than a subscription model. Many customers sometimes forget to renew their subscription. If someone doesn’t renew the subscription, the only options that could still operate are LockSystem and Elastic. If you don’t renew the subscription, it becomes basic and loses most functions, but you can still operate the system with limited functionality. It allows full access until the last bill is paid. Secondly, LogRhythm offers more than SIEM; it has an EDR, MDR, and XDR. Compared to its competitors, it is the most complete solution. The downside of LogRhythm is that it is slow.

We operate a Security Operations Center. We have to provide internal security to our client base and intel. That's why we use it.

My customers use the solution for user behavior analytics and as an anti-malware and anti-threat kind of tool. My customers are in finance-related areas. I deal with some gambling companies, and in my country, it is categorized under the finance sector.

LogRhythm SIEM is a cybersecurity solution that we use to protect our network and devices from external and internal threats or attacks. It's part of our overall cybersecurity strategy, which includes SIEM, EDR, and DLP solutions.

LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.

The solution is used for threat hunting. We also use it as an SIEM for our SOC.

It is an SIEM tool. It gathers logs, parses and normalizes them, and correlates the logs with the rules we write. For example, if an account tries to log in multiple times with the same username, I can write a rule for it. The SIEM tool would analyze the logs and generate alerts based on the rule.

We use the product for server and event management for the financial sector.

In my company, we use LogRhythm SIEM for integrations. We use the product for SOC use cases. If we have SOC implementations, LogRhythm is the SIEM solution we use since it can also offer a SOAR solution.

I use the solution for logistics and metrics. We use LogRhythm SIEM for our company and our clients. The solution is deployed on separate machines.

There are multiple use cases for the solution, such as long log formatting, log consolidation, data isolation, malware detection, identifying suspicious attacks, and locating ISU records across the network.

We are consultants providing governance solutions for the banking sector.

LogRhythm works within the core of our SOC. It's where our analysts work every day and where we do all of our investigatory work for security incidents. It created our security posture. It is the central component of all of our security tools and it is the heartbeat of our SOC and our daily operations. It sets the tone for everything that we do.

We have a lot of use cases. Originally, it started out pulling in a bunch of the logs so we could get some ideas on network traffic. More recently, we have proceeded with pulling in logs from some of our other vendors. This really helped out a lot with our AV, which didn't always notify us as quickly as we wanted it to. LogRhythm made it possible for us to get notifications faster so that we can remediate things faster. We've been expanding it more and more as we've gone through the years to include more traffic, giving us more insight into our network.

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.

I found it very useful in our day-to-day operations with monitoring user activity and looking at system analytics and system performance. I found it very useful when investigating threats like IPs, and seeing what's going on with our endpoints, like certain lateral movements that we've noticed. I definitely found it very useful when looking at, for example, a compromised host, or a suspicious IP that has been scanning us. I've definitely found it very useful when I look at a log, it'll give me a detailed drill-down of all the information that's needed, including what the rating is, the rating of the threat, and what actions should be taken. It gives my team a better idea of what we should do to improve our security posture.

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

Our company manages the solution as a threat hunting platform for a semi-government client in the Hong Kong insurance industry. We collect logs for video, active directories, antivirus, and firewalls to consolidate them in the solution. From the central log collector, we build detection policies to identify threats or possible breaches. The solution also serves as a data storage platform to troubleshoot issues and find root causes. In addition, logs that include performance data are created for devices such as routers and switches to monitor the availability of the office network. We also perform ongoing maintenance of the solution and all components to ensure everything runs smoothly.

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

Mostly, the use cases involve detecting lateral movements, malware infections, and insider threats. We serve small, medium, and large companies, mostly in the finance sector, here in Sri Lanka.

NextGen SIEM is primarily used by the SOC team to detect attacks.

Its primary use cases are log aggregation, security information, and event management correlation. All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

LogRhythm NextGen SIEM is great. We use it for log management for security purposes.

This solution's use case is abnormal administrative lockouts, most of the time.

I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project. LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.

LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access.

I'm a user, administrator, and analyst. We are using version 7.4. The solution is deployed on-premise. Three people are working with this product in our company.

Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

We use it for log ingestion and monitoring activity in our environment.

Private monitoring is our primary use case.