- Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
- LRM for logging and compliance, 8/10
Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.
Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.
No issues encountered.
There have been issues with the hardware which has resulted in the LRM going down a few times.
No issues encountered.
It's the best there is.
Technical Support:It's the best there is.
We had Tripwire, but we needed logging and SIEM, not just logging.
It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.
We had a mix of an in-house team with one from LogRhythm.
Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.
Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.
Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.