LogRhythm NextGen SIEM Competitors and Alternatives
Read reviews of LogRhythm NextGen SIEM competitors and alternatives
Review of Devo
Jan 09 2020
We can build Activeboards that can do queries across multiple different types of data sources with one query
What is most valuable?The Activeboards are the most valuable feature. Given multiple different types of unstructured and structured data, we can then build Activeboards that can do queries… more»
How has it helped my organization?Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five… more»
What needs improvement?The only downfall that I have is it is browser based. So, when you start doing some larger searches, it will cause the browser to lock up or shut down. You have to learn… more»
What's my experience with pricing, setup cost, and licensing?It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had… more»
Which solution did I use previously and why did I switch?I've used a ton of other solutions: ELK Stack, Kibana, and Splunk. The cost of Devo, as it relates to Splunk, is significantly less with higher value. Its capabilities of… more»
What other advice do I have?Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of… more»
Which other solutions did I evaluate?We have used everything out there. We have used Splunk, ArcSight, and LogRhythm. We've used all those tools. We have leveraged them from customer environments and used… more»
Review of Netsurion
Jan 05 2020
SIEMphonic gives us an expert set of eyes on things, and assistance with rules has been a huge time saver
What is most valuable?Other than the log aggregation and alerting, their reports modules have come a long way. But for the most part, we stay right in the wheelhouse of the product to use it to… more»
How has it helped my organization?Their run-and-watch service (now renamed SIEMphonic) has saved from having to hire at least one FTE. In addition, having an expert set of eyes on things and their… more»
What needs improvement?In terms of advanced queries, I wouldn't say EventTracker is lagging behind its peers. The latter just make it easier to get to them. EventTracker is designed more for a… more»
What's my experience with pricing, setup cost, and licensing?Our cost is significantly less than what it would have been for one of the competitor's products, and that includes the run-and-watch service (SIEMphonic). You can go with… more»
Which solution did I use previously and why did I switch?We did not have a previous solution. We do annual audits, and the lack of a SIEM showed up in one of our audits as a piece that we needed to start investigating, four or… more»
What other advice do I have?The biggest lesson really isn't an EventTracker lesson, it's more of a SIEM lesson. And that lesson is: It's a lot of data. When you have a lot of data, it's going to take… more»
Which other solutions did I evaluate?When we acquired EventTracker, we went through an assessment process, reviewing five or six different manufacturers of SIEMs. The frontrunners were the typical players… more»
Jan 11 2020
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time
What is most valuable?The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that… more»
What needs improvement?The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to… more»
What's my experience with pricing, setup cost, and licensing?Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.
Which solution did I use previously and why did I switch?We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro Focus ArcSight. The QRadar setup gave us no issues, and it also works with logs and packets. LogRhythm fulfills the GDPR compliance.
What other advice do I have?My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM… more»
Review of Micro Focus
Apr 25 2018
What is most valuable?* Smart Connectors and Flex Wizard * Multi-tenant access * Customization for dashboards and reporting * Improvements made to the ADP platform
How has it helped my organization?Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a… more»
What needs improvement?The marketplace is a bit of a joke; steps should be taken to improve participation. Micro Focus desperately needs to improve their core offering rather than adding more… more»
What's my experience with pricing, setup cost, and licensing?Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service. A lot of the complex setup and administration duties are… more»
Which solution did I use previously and why did I switch?We have not use a previous solution past its initial evaluation period.
What other advice do I have?It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide.
Which other solutions did I evaluate?We evaluated Splunk, QRadar, and LogRhythm.
Review of Splunk
Apr 25 2018