We performed a comparison between LogRhythm SIEM, Quest InTrust, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management."When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"In terms of security, LogRhythm NextGen SIEM is great."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"I would rate the technical support very well as they are knowledgeable and quick to respond."
"We can ingest and correlate data from virtually any type of system."
"It gives us the liberty to do more in terms of use cases."
"We can automatically suspend or terminate suspicious sessions."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"The correlation search functions that generate all the notables are valuable. That can get pretty complicated, and it handles that pretty well."
"The scalability is good."
"The ability to view all of these different logs, then drilling down into specific times or into specific data sources, has proved to be the greatest aspect in decreasing our troubleshooting overhead time."
"The Splunk user community and forum are most valuable."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"We've had issues with scaling and local support."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"I would like to see case management become more independent from LogRhythm itself."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"The initial setup is not so easy because it is quite a process."
"LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful."
"It needs to have better reporting. "
"It was very complex. There was poor native correlation. "
"DMC should be a little more intuitive with better dashboarding. Seeing the cause of data flow can be tough to track down."
"Configuring a few apps is complex, not straightforward."
"One issue is that we are getting a lot of false positives. We are trying to reduce them by customizing the default rules, changing thresholds, and using white-listing and black-listing. It's getting better and better as a result. But they need to build components that would reduce the false positives."
"An area of improvement would be the licensing of the solution. They need a free license, which would allow faster lead times."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"The historical data extraction needs improvement. I would like the capability of taking data and having it trend longer."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
"When we do a rollout from the server or host or anything, we'd like to see more automation. It would save us time."
Earn 20 points