We performed a comparison between LogRhythm SIEM and Microsoft Sentinel based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Microsoft Sentinel effectively identifies threats and integrates seamlessly with other Microsoft solutions. Users say Sentinel makes it easy to find information quickly using KQL queries and praised the solution’s centralized log storage. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities. Microsoft Sentinel could benefit from simplifying documentation, enhancing collaboration with security vendors, and improving data ingestion. Users also want more robust threat intelligence and UEBA features.
Service and Support: LogRhythm SIEM generally received positive feedback for its helpful support, although there have been occasional delays and knowledge problems. Some users praised Microsoft’s quick response times and expertise, while others experienced challenges and support delays.
Ease of Deployment: Small or medium-sized companies generally find LogRhythm SIEM easy to deploy. The setup is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers. Some users said that deploying Microsoft Sentinel is straightforward, while others consider it to be moderately complex.
Pricing: LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons. Microsoft Sentinel charges customers based on data usage, and it can be expensive for users who need to ingest data from non-cloud sources.
ROI: LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond. Some Sentinel users have seen cost savings, while others have not experienced any financial benefits.
Comparison Results: Microsoft Sentinel is preferred over LogRhythm SIEM. Microsoft Sentinel is lauded for its simplicity and robust feature set. Users value Microsoft Sentinel's efficient threat detection and praise its seamless integration with various software platforms. Users say Sentinel is reasonably priced, especially when bundled with other Microsoft products or Azure subscriptions.
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"In terms of security, LogRhythm NextGen SIEM is great."
"We now have a central point of monitoring for all potential threats."
"Technical support is very helpful and responsive."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"I would like to suggest that they should improve their usage of third party tools for making dashboards and reports. If they would create their own tools for dashboard and report, it would be much better in terms of security purposes."
"The log storage capacity should be increased."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"The solution is likely not the best option for a smaller organization."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The product can be improved by reducing the cost to use AI machine learning."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. LogRhythm SIEM is rated 8.4, while Microsoft Sentinel is rated 8.2. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Microsoft Defender for Endpoint. See our LogRhythm SIEM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.