- Reporting - we need to do a lot of security monitoring
- It doesn't have a lot of forensics, but we appreciate fact that it has the capability
- The ability to collect a lot of information, as we have 200 users and a lot of log sources
The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.
Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.
You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.