LogRhythm Competitors and Alternatives

Read reviews of LogRhythm competitors and alternatives
AlienVault
Consultant
Security Consultant at a tech consulting company with 51-200 employees
Jul 24 2016

What is most valuable?

As an information security consultant that works across many diverse networks, these features offer by far the most critical information when analysing a client’s environment for issues that need to be addressed:

How has it helped my organization?

We run this product on our network 24/7 and it has helped identify many important events. We take the security of our network very seriously, and this helps to quickly identify and lock down any potential vulnerabilities or events that could... more»

What needs improvement?

My biggest challenge has always been the fine tuning that is sometimes required for some networks. It requires a solid understanding of Linux and databases and how networks work. So a non-technical user may become frustrated, or not configure... more»
Consultant
Sr SIEM Consultant at a tech services company with 51-200 employees
Jan 29 2018

What is most valuable?

* Correlation Rule Engine, built-in use cases: QRadar has the highest number of built-in use cases among any SIEM on the market. There are many built-in rules that are enabled by default and easily tunable to meet the specific needs of each... more»

How has it helped my organization?

As a Professional Services consultant, I have heard many reports of how QRadar SIEM

What needs improvement?

Some UI enhancements would be nice, such as exporting custom event properties and the ability to export rules.
Micro Focus
Consultant
Delivery Consultant - Security Solutions with 501-1,000 employees
Sep 11 2017

What is most valuable?

Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events. Competitors offer the something similar but ArcSight does gives you more detail.

How has it helped my organization?

Recent attacks like Shamoon and WannaCry were under continuous monitoring by using this solution. It is understood that every SIEM is a detective technology and not a preventive, but by tweaking the use case conditions one could identify... more»

What needs improvement?

Complexity, administration. Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it.
Micro Focus
Real User
Security/Service Engineer at a comms service provider with 10,001+ employees
Nov 15 2017

What is most valuable?

Anomaly dashboards, search/filters features. Anomaly dashboard provides possibility to find 0-day attacks. This feature is built based on the second-search/filters. It's great and very useful, because I would first find out if search/filter... more»

How has it helped my organization?

For example, from version 7.1 the company where I worked started using an anomaly dashboards. It very convenient, because SOC could and can react on possible attack, which are not seen in alerts made by rules. As I said before, anomaly... more»

What needs improvement?

I would prefer to extend dashboards part and their functions in Web GUI version, so the charts could be for configurable.
Splunk
Real User
Engineer, Infrastructure Applications at a healthcare company with 1,001-5,000 employees
Jun 05 2017

What is most valuable?

Splunk has a single purpose in life: ingest machine data and help analyze and visualize that data. The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data. It... more»

How has it helped my organization?

Imagine a single application with 17 application servers and dozens of log files per server that rotate as often as once per hour. How do you track and analyze anomalies in those log files with the ability to go back and correlate data for... more»

What needs improvement?

Deploying Splunk as scale is not easy. It requires a significant amount of relatively complex architecture once you push past the single server instance. Breaking out your search and indexing layer requires someone with Splunk experience.... more»

Sign Up with Email