We performed a comparison between ArcSight Logger, Graylog, and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."It's an efficient solution."
"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."
"The technical support team is good...It is a scalable solution."
"It provides in-depth information on business activities once we log into the system."
"We check a lot of logs in ArcSight Logger because we're running a massive database platform."
"The machine learning is a good feature."
"The solution provides information about the risk factors."
"The most valuable feature is the search capability, which is simple to use."
"Open source and user friendly."
"It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
"The ability to write custom alerts is key to information security and compliance."
"The solution's most valuable feature is its new interface."
"Real-time UDP/GELF logging and full text-based searching."
"This had increased productivity for the dev and support teams, because we are directly notifying them."
"The build is stable and requires little maintenance, even compared to some extremely expensive products."
"I like the correlation and the alerting."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"It seems like it will scale easily with the way our environment is set up."
"It supports most standard log sources."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"The console in older versions is not user-friendly."
"The solution must provide readymade connectors for different applications."
"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."
"In the next release, I want to see more intelligence."
"The next release should have AI capabilities."
"It's not a new product and is a bit complex. So, it requires a person dedicated to working on it and to know about it in and out. It is a huge product, and the search operation is a bit complicated for a new user or someone who has not used it for long. So for that person, it becomes a bit difficult."
"The product's connectors should work better and the user manuals need an update."
"We have had problems with archiving."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts. The initial setup is complex."
"It would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community."
"Graylog can improve the index rotation as it's quite a complex solution."
"I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
"Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
"I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
"Graylog needs to improve their authentication. Also, the fact that Graylog displays logs from the top down is just ridiculous."
"It should have some more message monitoring features. It can also have some free message monitoring tools."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"Scalability-wise, it's not that great."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"The installation was a bit complex because we are running a virtual infrastructure."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
