We performed a comparison between LogRhythm SIEM and Splunk Cloud Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"The most valuable features would be the automation, reporting, and the support."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"The user interface is pretty good compared to other SIEM tools."
"The initial setup was straightforward."
"The solution is user friendly and has extensive uses."
"For my current requirements, the tool theme seems to be meeting my requirements, from a cost and requirements perspective."
"In my organization, Splunk Cloud Platform has improved the issue revolving around transactions."
"This is a complete log reporting tool."
"The cloud is very fast."
"I like the Cloud monitoring console feature."
"Splunk helped reduce our mean time to resolve by around 60%."
"The solution is likely not the best option for a smaller organization."
"The initial setup is not so easy because it is quite a process."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"I would really like to see some type of group or global management for RIM policies,"
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"It's not easy for someone new to the solution."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"Right now there is the concern about being able to gather all of the data into the system."
"Splunk currently manages the components, which restricts our ability to access them directly."
"Customization could be simplified."
"The dashboards should be easier to customize."
"There could be better searches, but mainly, it needs to improve the performance with a vast amount of data. That will make it better and easier to use."
"Splunk Cloud Platform needs to be made more user-friendly because it's not user-friendly."
"Support could be improved."
"When one of my customers needs an app, and I am able to find that app on the Splunk base, I have to create a ticket and wait for five days for them to download the app into the cloud environment. That is probably one of the main things. It is painful because I have to wait to get that app in the cloud."
"There can be more modules and more integration with other areas in the cloud and on-prem. I am not sure whether it includes network devices and things like that."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Splunk Cloud Platform is ranked 3rd in Data Visualization with 36 reviews. LogRhythm SIEM is rated 8.4, while Splunk Cloud Platform is rated 8.0. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Splunk Cloud Platform writes "Does not require backend maintenance, is easily integrated and utilized". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel, whereas Splunk Cloud Platform is most compared with Wazuh, Splunk Enterprise Security, Fortinet FortiAnalyzer, AppInsights and Check Point Security Management. See our LogRhythm SIEM vs. Splunk Cloud Platform report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.