LogRhythm NextGen SIEM Review

AI Engine, alarm rules correlation, and drill-down are key; we're able to find more with less effort


What is most valuable?

  • AI Engine
  • Alarm rules correlation
  • Web interface
  • The amount of information it has throughout the web interface
  • The drill-down

How has it helped my organization?

We've been able to go ahead and find more with less effort, just on the web interface itself.

What needs improvement?

Functionality, ease of use.

There are a few "gotchas" in the applications. One of the issues that we're having right now is on the AI Engine, when you do the drill-down. There are no events that are being populated for the drill-down. The recent upgrade and release fixed some of that.

And some of the other parsing rules. Parsing isn't done correctly.

For how long have I used the solution?

We've only been a customer for maybe about five months.

What do I think about the scalability of the solution?

It seems to be fairly scalable.

How is customer service and technical support?

We have used LogRhythm technical support. The response is really good.

Which solutions did we use previously?

We were using McAfee Nitro. The administration of the application was very cumbersome, and trying to get reports, customizing the analytics on there, is a bit difficult. We looked at LogRhythm, and LogRhythm seemed to have a lot of the stuff built in, canned already.

How was the initial setup?

It was pretty straightforward. There were some things that were a little bit complex after the setup, and trying to troubleshoot some things. For example, log indexer was indexing most things, but not everything. It got backed up, so we had to go in and troubleshoot some of the processes.

What other advice do I have?

It was pretty significant for our solution to be a unified end-to-end platform because we did have a wide range of systems out there; trying to make sure that it was able to bring in the sources and correlate the events.

The only thing that surprised me was the logs filling up for some of the indexing jobs. Other than that, there was nothing that support wasn't able to go ahead and help us with and get resolved.

My advice to a colleague at another company who is researching a similar solution would be: Make sure you do your research. Understand what it is you're looking for in a SIEM. Have a plan of attack on what it is that you're looking for, and what do you want to get out of the tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email