We performed a comparison between Elastic Beats, LogRhythm SIEM, and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Wazuh, Datadog and others in Log Management."There's a whole spectrum of features on the solution that users can take advantage of. It's a very robust product."
"The security aspects in general have been very useful to use."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"The user interface is pretty good compared to other SIEM tools."
"It allows us to automate a lot of things with a smaller team."
"The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
"LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"The level of robustness on offer is very good."
"It is the best tool if you have a complex environment or if data ingestion is too huge."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The ability to quickly search logs, performance data, and other inputs has helped tremendously with troubleshooting."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"The solution allows easy gathering and ingestion of the data."
"We can automatically suspend or terminate suspicious sessions."
"The stock analysts and security people use one single dashboard (one single location) to check our logs."
"At some level, the documentation, the information as far as the components, it's sometimes a little difficult to find the information necessary to implement aspects."
"The dashboard is not user-friendly. The solution, in general, isn't great from a user's perspective."
"My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"The solution is likely not the best option for a smaller organization."
"The log storage capacity should be increased."
"The console installation is an area with a shortcoming in the solution that needs improvement. If LogRhythm SIEM can offer a web console, it would be great."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"It's costly."
"This solution could be improved by better pricing in general and by easier installation."
"The integration with all our tool sets felt like we were reinventing the wheel, which was a pain point for us."
"I would like the ability to view logs for specific instances and not have to pull the logs for the entire Cloud environment in Splunk."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"It takes time to train people."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"The price has room for improvement."
Earn 20 points