We performed a comparison between LogRhythm SIEM and Recorded Future based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"NextGen SIEM's best feature is how it presents logs."
"The user interface is pretty good compared to other SIEM tools."
"The feature that makes it usable is the web interface."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"The product is great for medium to large-scale organizations."
"As a threat intelligence tool, it's very helpful."
"The most valuable feature is Recorded Future's protection of exposed customer data on the hardware side."
"From the feedback I've received from my clients, the most valuable feature is the ability to personalize the solution. The ability to have a customized dashboard makes it easy for leadership and management to obtain details. Intelligence analysts or security engineers care about the actions and results, whereas the leadership care about graphs and reports. Recorded Future helps my clients create reports and also determine how the intelligence that is generated is consumed. They can easily show the benefits to the leadership without them having to invest 10 hours a week into transferring numbers into a graph or into creating reports."
"The intel that they were providing us over the emails was very good. If it found any hashtag in our organization's name on the dark web, a rogue IP, or a marketplace, it would send us an email and notify us that this is being mentioned, and if we want, they can take some action."
"The most valuable feature of Recorded Future is how it detects everything regarding our domain."
"The most valuable features of Recorded Future are the useful alerts it provides. If we are monitoring a domain, the solution will provide us with an alert in a prompt manner. It is simple for clients to receive alerts. The advanced search is useful for more accurate filter results."
"The tool is helpful in vulnerability assessment of zero-day vulnerabilities and phishing domains. The solution provides information on any domains of the organization that has undergone phishing or any other cyberattacks."
"Has the ability to conduct and build any query without limitations."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"The product gives many false positives. If someone talks about the brand or organization name in the public domain over chats or blocks, it gets highlighted. It may not necessarily be a threat but still gets highlighted which increases the false positive count."
"The solution could improve in reducing the false positives. However, most of the other tools on the market have false positives. If they enhance their data algorithm, it could improve the accuracy of results and minimize false positives. Identifying patterns of false possibilities can aid in developing better reporting features that could potentially eliminate them in the future. This recording feature tool could benefit from adopting similar techniques utilized by other tools to enhance its functionality. By doing so, it could minimize the need for manual efforts in distinguishing true positives from false positives, ultimately reducing the workload."
"It sometimes detects false positives and reduces the overall accuracy of the system."
"We can get the data of different malware active throughout the globe, but it would be good if we can do sandboxing of a file. For example, on Any Run, we can perform sandboxing of malware along with their intel about a particular file or hash. It would be great if they have a feature like that."
"Lacks sufficient visibility of malware and international APT attacks."
"At present, my clients need to be trained by me or another organization on how to use Recorded Future and how to get the best out of it as an analyst, engineer, and administrator. It would be better if clients could directly learn these things without having to go through me or other organizations."
"Recorded Future is a very expensive solution, and its pricing could be improved."
"There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Recorded Future is ranked 1st in Threat Intelligence Platforms with 10 reviews. LogRhythm SIEM is rated 8.4, while Recorded Future is rated 8.6. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Recorded Future writes "Traceless online searches, stable, and scalable". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel, whereas Recorded Future is most compared with CrowdStrike Falcon, ZeroFOX, Intel 471, Digital Shadows and Anomali ThreatStream.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.