We performed a comparison between LogRhythm SIEM and Palo Alto Networks AutoFocus based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The machine learning and artificial intelligence on offer are great."
"The product can integrate with any device."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The most valuable features would be the automation, reporting, and the support."
"NextGen SIEM's most valuable feature is its user-friendliness."
"Technical support is very helpful and responsive."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."
"The feature that I like best is the dashboard."
"It integrates well with other solutions and provides good threat intelligence in terms of external threats."
"The most valuable feature is alerting."
"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The on-prem log sources still require a lot of development."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"We'd like also a better ticketing system, which is older."
"We are invoiced according to the amount of data generated within each log."
"I would really like to see some type of group or global management for RIM policies,"
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"Move it to Linux. I would like to see it get off the SQL Server."
"My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."
"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."
"It is a completely cloud-based product at present."
"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."
"It would be helpful to have better documentation for configuring and installing the solution."
"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Palo Alto Networks AutoFocus is ranked 9th in Threat Intelligence Platforms with 5 reviews. LogRhythm SIEM is rated 8.4, while Palo Alto Networks AutoFocus is rated 7.8. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Palo Alto Networks AutoFocus writes "Impressive performance and monitoring capabilities but lacks in documentation". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon, whereas Palo Alto Networks AutoFocus is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, VirusTotal, Cisco Threat Grid and Recorded Future.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.