Most Helpful Review
Researched LogRhythm NextGen SIEM but chose EventTracker: SIEMphonic gives us an expert set of eyes on things, and assistance with rules has been a huge time saver
Find out what your peers are saying about EventTracker vs. LogRhythm NextGen SIEM and other solutions. Updated: January 2020.
389,772 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one.
The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on.
They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days.
I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows.
If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.
I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective.
The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like.
The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location.
We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior.
The feature that makes it usable is the web interface.
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature.
It has centralized monitoring for our security operations. Therefore, it improves our analysts' work.
The most valuable features would be the automation, reporting, and the support.
The Web Console is my favorite. It enables me, at a glance, to see the health of the environments.
Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice.
We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products.
It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email.
With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again.
Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging.
The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated.
Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it.
I would like to see the dashboard come up more quickly.
The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open.
There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days.
I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea.
It is a product that is very hard to use.
I would like to see more integration with more products that are out there within the same security field.
Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis.
Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution.
My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue.
My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable.
My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome.
Pricing and Cost Advice
When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service.
EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting.
In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money.
I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year.
The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high.
The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same.
Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good.
The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value.
Everything is expensive with LogRhythm, and you don't get anything for free.
When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing.
We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that.
The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them.
The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent.
I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now.
In comparison to the competition, they are more affordable. This allows us to do more with less.
out of 42 in Security Information and Event Management (SIEM)
Average Words per Review
out of 42 in Security Information and Event Management (SIEM)
Average Words per Review
Compared 38% of the time.
Compared 19% of the time.
Compared 13% of the time.
Compared 25% of the time.
Compared 17% of the time.
Compared 8% of the time.
Also Known As
|LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM|
EventTracker by Netsurion delivers actionable security intelligence that empowers organizations of any size to effectively detect and respond to advanced threats.
EventTracker Security Center
LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.
LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.
Learn more about EventTracker
Learn more about LogRhythm NextGen SIEM
|The Salvation Army, The FRESH Market, Pacific Western Bank, AAOS, Vanderbilt University, Talbots||Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill|
Financial Services Firm22%
Software R&D Company31%
Financial Services Firm10%
Comms Service Provider8%
Financial Services Firm28%
Software R&D Company21%
Comms Service Provider9%
Financial Services Firm8%
See also EventTracker Reviews, LogRhythm NextGen SIEM Reviews, and our list of Best Security Information and Event Management (SIEM) Companies.