We performed a comparison between i-SIEM and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"The initial setup process is very user-friendly."
"The content in the community is very helpful and useful for new users."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"NextGen SIEM's best feature is how it presents logs."
"Technical support is very helpful and responsive."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"The customer support system is time-consuming."
"It's not easy for someone new to the solution."
"The product's stability needs improvement."
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"Right now there is the concern about being able to gather all of the data into the system."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. i-SIEM is rated 9.0, while LogRhythm SIEM is rated 8.4. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.