LogRhythm NextGen SIEM Review

Allows us to automate a lot of things with a smaller team

What is our primary use case?

We use it to alarm our help desk. 

We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

How has it helped my organization?

It allows us to automate a lot of things with a smaller team.

What is most valuable?

  • AI
  • SMART Response
  • Looking forward to using the playbooks

What needs improvement?

  • Move it to Linux. I would like to see it get off the SQL Server.
  • I would like it to be containerized. 

What do I think about the stability of the solution?

Our appliance is a little older, so we need to upgrade it. We are going to probably move to the software-only version. However, the issues that we have are our own fault because we didn't buy the right-size appliance.

What do I think about the scalability of the solution?

We are not that big of a company. We are only at about 800 events per second.

How is customer service and technical support?

We have had a couple of custom logs built, but we don't call in that much.

How was the initial setup?

The initial setup is easy with the physical appliance.

What about the implementation team?

We have two people who are setting it up and doing the admin side.

What other advice do I have?

Make sure you size the appliance correctly.

We use Ansible and Terraform for infrastructure, so the same concept as the playbooks. We are looking to use the playbooks going forward.

We have about 1500 log sources. We do about a 25 million logs a day. Obviously, they're not all events.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email