We performed a comparison between LogRhythm SIEM and Zabbix based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"It has a lot of great features."
"The analytic rule is the most valuable feature."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel pricing is good"
"The connectivity and analytics are great."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"It's positively affected our overall rate of efficiency."
"Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"The solution's design has recently changed and it is visually pleasing with more color, for example, there is blue, black, and white."
"There is less computing power needed for scaling."
"The most valuable feature is monitoring."
"Zabbix is both stable and scalable."
"The overall functionality of Zabbix is very good. The monitoring of bank applications that Zabbix provides is great. The information is displayed on a dashboard that is easily viewed."
"Zabbix is an excellent performance monitoring tool."
"The most valuable features of Zabbix are flexibility and a single interface for different types of monitoring."
"They've already added extra features, such as noise-canceling and facial recognition, which is great."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We'd like also a better ticketing system, which is older."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."
"The log storage capacity should be increased."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"The networking monitor is not too easy to work with."
"The product delivers false positives during reporting because of flapping. Other reasonably priced alternatives may have better performance."
"It would be helpful if they translated the documentation to Cyrillic languages."
"I would like to remotely connect to the computer, and Zabbix doesn't have this capability."
"Zabbix is not easy to configure, and upgrading is also an issue."
"The performance reporting could be improved."
"Outside of the normal standard monitoring, I would like to extend patching, importing patching, and supporting patching for Windows Servers."
"If you want to use all of the features then you have to pay a licensing fee."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Zabbix is ranked 1st in Network Monitoring Software with 98 reviews. LogRhythm SIEM is rated 8.4, while Zabbix is rated 8.2. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Zabbix writes "Allows any number of customizations but lacks functionality for finding root causes". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon, whereas Zabbix is most compared with Centreon, Checkmk, SolarWinds NPM, Nagios XI and Nagios Core.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.