We performed a comparison between LogRhythm SIEM and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM).
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel pricing is good"
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The pricing of the product is excellent."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Free ingestion for Azure logs (with E5 licence)"
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"AXON has the ability to add and compare use cases."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"It supports most standard log sources."
"The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."
"Their customer support is friendly and willing to help."
"The most valuable feature is that we can alternate incident automations."
"The product is very stable."
"The solution allows you to configure and customize how you want to collect information from servers or other systems."
"It has good graphs of what is going on within the operating system."
"The solution allows for good integration with other products."
"We like the user-interface for this solution, which makes it an easy to use tool."
"It's a flexible solution."
"The most valuable features in Zabbix are those that help us overcome bottlenecks in CPU usage, as well as reduce memory delay. I know that we have only reached the tip of the iceberg of what Zabbix's features can do for us, and we have not used all of them yet."
"The features I found most valuable are the user interface and a wide range of network devices that are easy to configure."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The playbook is a bit difficult and could be improved."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"The responses provided by the cloud team are inefficient."
"Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"The solution is likely not the best option for a smaller organization."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"Scalability-wise, it's not that great."
"We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes."
"The dashboard and the graph section could be a little bit more professional."
"It could be more stable."
"It would be helpful if they translated the documentation to Cyrillic languages."
"As far as improvements, sometimes I get a bit frustrated when I move from a previous version to a new one because some configuration has changed—I need to investigate the documentation to deal with some configuration. But it doesn't take much time, so it's okay."
"Even though it’s such a powerful monitoring system, it would be more helpful if it had a flexible UI."
"Zabbix can use better documentation and support for troubleshooting."
"The System Center Operations Manager can be improved."
"One of the things we don't like is that Zabbix has a license structure with a price that is high compared to the competition. It's very high, for example, compared to something like Microsoft Teams."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Zabbix is ranked 1st in Network Monitoring Software with 100 reviews. LogRhythm SIEM is rated 8.4, while Zabbix is rated 8.2. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios Core and Nagios XI.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
