LogRhythm NextGen SIEM Review

We integrated Azure logs with it, allowing us to compare that with our Windows and host logs


What is our primary use case?

We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm.

It's a general SIEM system for us, gathering the logs into one area.

How has it helped my organization?

We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them.

It just makes it simpler for analysts to find everything in one place. We don't have to give everyone access to ten different things, it's just one area where we can see everything.

What is most valuable?

We like the alerting features. They seem a little more hands-on and easier to set up.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It seems like a stable product. We haven't had any downtime yet. All the network monitoring seems to be going smoothly.

What do I think about the scalability of the solution?

We have about 20,000 logs per second as our ceiling and we're at about 6,000 to 8,000 now, so we're okay. It looks like it's going to meet our needs for many years.

How are customer service and technical support?

They're hard to get a hold of. We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back.

Which solution did I use previously and why did I switch?

We moved away from Splunk because we were not happy with it. Workstation monitoring seemed a little more complex than it is with LogRhythm. It's much simpler to search for issues and get alerts through it.

What's my experience with pricing, setup cost, and licensing?

The setup was pretty straightforward. They sent us the appliance, we tailored it to our needs, made sure our network met everything it was looking for. We worked with their support a little bit on what they recommend for setting everything up.

We had a kick-off meeting before they sent the appliance to us and they handed all the documentation to us. That aspect's good. But working with the engineering support has lacked.

Which other solutions did I evaluate?

We looked at AlienVault, that was one we demo'ed. LogRhythm does seem better.

What other advice do I have?

I'm not sure that we're hands-on yet with the full-spectrum analytics capabilities and we don't use any of the built-in playbooks. We have plans to use them in the future. We want to integrate everything into it and make it more automated.

We're at about 6,000 logs per second. In terms of a measurable decrease in the meantime to detect and respond to threats, we haven't gotten there yet. We are still implementing, still learning. We have to get to all our logs correlated.

So far we're pretty happy with the overall functionality of the system. It's going to meet everything we're looking for.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More LogRhythm NextGen SIEM reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,281 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest