LogRhythm NextGen SIEM Review

Gives us visibility into areas we wouldn't have seen, such as code execution; allows us to drill down on servers

What is most valuable?

  • Visibility
  • The AI Engine for rule generation

How has it helped my organization?

We have two facilities, a combination of all different platforms, Linux, Windows, etc. It's just all across the board.

It's definitely given us a lot of visibility into areas that we probably wouldn't have normal visibility into, such as code execution and things like that. It allows us to really drill down as to what's happening on the servers as they are being used in production, to where we can really get in and figure out what's going on.

What needs improvement?

It's pretty effective. In some cases we have run into some issues: The way that the rules work, and the alarms trigger. We get a good number of false positives.

I wish that there were more instructional videos on how to do different things and more walk-throughs.

Also, easier generation of AIE rules, or custom ones.

What do I think about the stability of the solution?

So far it's been really good.

What do I think about the scalability of the solution?

Scalability is very good.

How is customer service and technical support?

I've used LogRhythm tech support. I would rate it as very good, not excellent. For instance, we were trying to deal with pass the hash, which is a very common exploit and LogRhythm tech support told us they were just going turn that rule off, that we can't use it. We had to keep pushing until we had someone in another department push to an upper level of tech support to finally get it to where it was working.

What other advice do I have?

It's very important for a solution to be a unified, end-to-end platform for us.

It's a really good solution. It's been very stable. At the same time, we have had some issues, some false positives.

And that issue I told you with tech support, there have been some challenges getting it to be where we wanted it to be, for a solution, like LogRhythm, that is supposedly best in the industry. I just thought it was kind of poor that they would take a common exploit that's been in use for years and say we can't get it to work when, obviously, they could get it work. It was kind of lazy.

Still, I would say go with LogRhythm.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email