- The AI Engine for rule generation
We have two facilities, a combination of all different platforms, Linux, Windows, etc. It's just all across the board.
It's definitely given us a lot of visibility into areas that we probably wouldn't have normal visibility into, such as code execution and things like that. It allows us to really drill down as to what's happening on the servers as they are being used in production, to where we can really get in and figure out what's going on.
It's pretty effective. In some cases we have run into some issues: The way that the rules work, and the alarms trigger. We get a good number of false positives.
I wish that there were more instructional videos on how to do different things and more walk-throughs.
Also, easier generation of AIE rules, or custom ones.
So far it's been really good.
Scalability is very good.
I've used LogRhythm tech support. I would rate it as very good, not excellent. For instance, we were trying to deal with pass the hash, which is a very common exploit and LogRhythm tech support told us they were just going turn that rule off, that we can't use it. We had to keep pushing until we had someone in another department push to an upper level of tech support to finally get it to where it was working.
It's very important for a solution to be a unified, end-to-end platform for us.
It's a really good solution. It's been very stable. At the same time, we have had some issues, some false positives.
And that issue I told you with tech support, there have been some challenges getting it to be where we wanted it to be, for a solution, like LogRhythm, that is supposedly best in the industry. I just thought it was kind of poor that they would take a common exploit that's been in use for years and say we can't get it to work when, obviously, they could get it work. It was kind of lazy.
Still, I would say go with LogRhythm.