- Advanced Intelligence Engine
- Alarming and Response
We have made this the foundation of our security intelligence within our organization. It has allows us to detect and remediate Advanced Persistent Threats.
I would like to the log management database perform more efficiently.
I've used it for five years.
Some minor bugs with the mediator. Those have been fixed in patch releases a long time ago.
Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.
We implemented it in-house. Active Directory import makes initial configuration quick and easy.
We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.
We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.