LogRhythm NextGen SIEM Review

SmartResponse, alarming, and being able to write our own rule set allow us to delegate alarm monitoring

What is most valuable?

  • The SmartResponse and the alarming
  • The ability to write your own rule set

How has it helped my organization?

It allows us to delegate some of the alarming, where there's not just one person looking at it all the time. Some lower-level techs can handle basic alarming.

What needs improvement?

Sometimes our rules don't fire correctly, events don't get created correctly, but that's mostly just because we have to write custom regex.

Also, moving from away from the fat console, more into the web console for log sources and tuning and things like that, would be helpful.

At times It gets a little clunky, or resource-intensive, but it works.

What do I think about the scalability of the solution?

It works pretty well. It's somewhat hard to delete something out of the system. That's probably our only challenge, because we reuse an IP address and then it's difficult.

How is customer service and technical support?

We've used them a few times. They were pretty good.

Which solutions did we use previously?

We actually weren't using anything before. It was a conglomerate of a firewall and the Windows logs. But we had an IT architect that was more into security.

How was the initial setup?

It was pretty easy.

What other advice do I have?

Regarding a solution being a unified, end-to-end platfrom, it helps, but it's not completely necessary.

For what it does, LogRhythm works pretty well.

If I were to advise a colleague who is looking into a this solution, I would say train someone, as their full-time, job to use it. It's not an easy product to get around.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email