LogRhythm SIEM Initial Setup
KM
Kevin Merolla
Global Security Manager at Chart Industries Inc
The setup of the SIEM is complex in its own right. LogRhythm typically recommends professional services assistance to deploy the SIEM properly. My company did not purchase those professional services so I had to figure it out for myself. Their support structure was so good and they helped me so much that we were able to get it working without professional help.
LogRhythm is an out-of-box solution and this was why we bought it. I had no experience with SIEM when we bought it six years ago. I needed something that I could plug into the network, get up and running and get value out of immediately.
View full review »It's pretty complex to set up, in a way. However, now that I've done it and have done an upgrade as well, it doesn't seem as bad.
I did something wrong on one of the initial upgrades, and it threw an error. I called in support, and they immediately jumped in and started working on a lot of the backend pieces that I don't normally touch. It's pretty complicated if you have to get into that, and that's where the tech support comes in.
With this last upgrade, I did not run into any errors, and it went through just fine. I thought that I was going to be doing this for six hours throughout the day, and I got it done within two or three hours.
YI
Yassine Ibnoucheikh
Regional Technical Manager at HTBS
The initial setup was easy. I rate the setup phase an eight on a scale of one to ten, where one is difficult, and ten is easy.
The solution is deployed on-premises.
For deployments, it can take about two to three weeks. It could take more time when it comes to tuning or fine tuning needed in the solution, and it is not the case for LogRhythm alone but the same for all SIEM solutions. The deployments and the initial configuration can take around a month.
There are two aspects when it comes to the steps involved in the deployment phase, which are organizational and technical. Our company starts the deployment with the organizational aspects first, where we have to understand the company's context, to understand the company's use cases, and where we have to implement. Then, we start with the technical stuff, like installing solutions and configuring the use cases we have already discussed with the customers.
Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.
JG
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
The initial setup is pretty straight forward.
View full review »The setting up of the solution was very quick and easy but since we operate on different devices it took longer to onboard them completely. The security and network devices that quickly on boarded but the one switch required custom filters took more time. Overall I did not have much problems in terms of forwarding the locks but I cannot remember the exact time it took across all the departments. Since it was a big project we had to split it up into faces but in total in order to onboard over 800 devices it took about 3 months.
I would rate the initial setup 8 out of 10.
View full review »SK
reviewer2104419
Manager Solutions Architect at a comms service provider with 10,001+ employees
The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved.
A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup.
View full review »SR
reviewer2344221
Sr Manager - Information Security at a computer software company with 1,001-5,000 employees
The initial setup is not easy. It requires technical skills. I rate the ease of setup a six or seven out of ten. The solution is cloud-based. Our environment is very complex. The deployment takes three to four months. We have to install agents. We have multiple locations with multiple data centers and a multi-cloud presence. The setup must be done with a lot of variations.
We use Puppet for Windows deployment. The Linux deployment needs forwarders. We have multiple tiers, endpoints, and collectors. We must set up multiple things. Each aspect has its own set of rules and limitations. We cannot do everything in one go. We must scale it up gradually.
AG
reviewer1402677
Cybersecurity Solutions Architect at a tech vendor with 10,001+ employees
It's simple because you only need to consider one component and that's it. But if you have a customer with different companies and each company has different subsidiaries and all of them want one only service, all of them will be sending the logs into one single SIEM, so you need a distributed architecture. You need to think about how to include new components and how that will be impacting the architecture in the near future, because we don't know the cost. In some cases, it's complicated if we don't know the new versions or the changes that the vendor will be publishing.
Deployment commonly takes three months but can take up to six months.
We use about six people for maintenance.
View full review »JB
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
They installed two weeks before I got there and I've been miserable about that. I'm in the midst of re-architecting the design.
Installation/upgrade is a complex process. We haven't gone through anything straightforward. I did learn from one of my breakout sessions, here at RhythmWorld 2018, that 8.0 is hopefully going to fix that a bit. There were some things that complicated it when we did our first upgrade to 7.3. We've gotten better at it.
LV
Likhith Varma
Security Analyst at Secure-24
The initial setup is easy. It is not that difficult.
View full review »JG
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
Was the setup complex? Yes and no. I did a lot of research prior, on my own, regarding using the recommended specifications that LogRhythm puts out. I designed it around that. I didn't utilize customer support a lot, only for a few questions. It was pretty straightforward after the research I put into it.
View full review »KB
Karim Bondok
Senior Cyber Security Engineer at a logistics company with 10,001+ employees
Initial setup was complex.
We have multiple data indexers, and each component is on a separate device. I think QRadar has many tools from the point of view of applications integrated within the SIEM solution, like threat intel or use case manager. In LogRhythm, I don't see this.
Maybe we haven't gotten so far in the implementation, but in QRadar I can feel it's easier from the initial setup. We have only these components placed on one site. We don't have another recovery site.
View full review »GC
Gene Cupstid
Security Engineer at a logistics company with 10,001+ employees
I was hired just after they did the initial setup. But I immediately, because I'd missed that, set up a dev environment for us using all of the same components, so the differentiated data indexers and the platform manager and all that. So I set up a whole version of that on my own in virtual environment after the fact. And I did it by myself without too much help. So, that really did go pretty smoothly. I only needed to contact support once for that whole process. So it wasn't too bad.
View full review »The setup was easy and straightforward. Even the HA setup was simple.
RC
reviewer1992084
Senior Security Analyst at a transportation company with 501-1,000 employees
We have a different setup, and we keep the SIEM in our PCI environment to limit our PCI scope. We had to think through the architecture so that we had the logs in the places we needed them without having our firewalls wide open. It was very quick to deploy since we used Windows Event Log Forwarding. We were able to use a GPO to have logs sent to a centralized server and, from there, ingested directly into the SIEM, so we were onboarded in less than a week's time. We were able to onboard the majority of our log sources quickly.
DS
David Schell
IT Security Analyst at a hospitality company with 10,001+ employees
I was involved in the setup at our organization replacing QRadar, our previous SIEM. It was a very straightforward implementation, the TMF team at LogRhythm helped make sure we got everything deployed, gave us some examples of how to onboard the log sources and then kind of gave us a playbook to move forward and gather the rest of the data from our environment.
RH
Rob Haller
Security Engineer at U.S. Acute Care Solutions
Its very complex. As with anything, it takes time to get it working and know all the different nomenclature with it.
I do the deployment and maintenance of the solution myself.
View full review »EE
Computer0e92
Administrator Executive at a individual & family service with 10,001+ employees
I was not involved in the initial setup.
View full review »LogRhythm SIEM is easy to set up, and it took us about two weeks.
View full review »RO
reviewer1326963
FSE at a computer software company with 1,001-5,000 employees
It takes a little more time to get operationalized, but I haven't personally set it up. I'm only taking feedback from my customers when they say they've gone through the steps and the process of setting it up.
JH
Jacob Hinkle
Security Engineer at Managed Technology Services, LLC fka LexisNexis
The installation was a bit complex because we are running a virtual infrastructure. Some of the stuff that we dealt with on the virtual machine and the discs was a little complex. However, the engineers at LogRhythm were more than willing to help. I had a little trouble because I was unfamiliar with the way vSphere works in the way that disk sizing stuff goes to get it setup.
View full review »DO
SecEng3904
Senior Security Engineer at a healthcare company with 10,001+ employees
The initial setup was pretty straightforward.
In terms of the deployment and maintenance of the solution, for us right now, it was very light staff for the setup. It was two or three people that racked and stacked the servers. Once that is done, you don't really need them anymore. For maintenance, we've got two or three people on staff who manage and maintain it.
View full review »AA
reviewer1973901
Assistant Manager Enterprise Security
Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.
View full review »KA
Kashif Ali
Unit Head Titanium (Security Solution) at RapidCompute
The initial setup is complex with LogRhythm. In that Pakistan market, with LogRhythm, the climate is very limited at this point. For the on-prem, there may be only two customers, for example. One is a bank and one is serving as an MSSP.
We've added four customers to a pay-as-you-go model. You apply Windows 2000 MPS or a cloud environment. The initial setup is quite difficult, however, after making certifications we are able to provide the initial setup and got it working with the LogRhythm support team.
For maintenance, I have five engineers that are part of my security team, including me and my sales and operations. Approximately we have 14 to 15 people that can handle maintenance.
View full review »WF
Wadson Fleurigene
Information Security Engineer at Seminole Tribe of Florida
The initial setup is straightforward and complex as it requires a lot of work. It's very straightforward and very organized. Our consultant guided us as to what we needed to do, but the entire thing is complex. One misstep or incorrect character can bring the whole thing down.
I do all the deployment and maintenance.
View full review »The initial setup is straightforward.
View full review »Setting up LogRhythm is complex. It took our team more than a month to deploy. We have a large team in my company because we are working with dozens of clients. Our BS team is almost 15 people.
View full review »JM
Janaka Munasinghe
Senior System Administrator at DP Infotech Pvt Ltd
The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process.
The deployment itself took about 90 days.
I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve.
There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.
View full review »DO
SecEng3904
Senior Security Engineer at a healthcare company with 10,001+ employees
It was pretty straightforward. There were some things that were a little bit complex after the setup, and trying to troubleshoot some things. For example, log indexer was indexing most things, but not everything. It got backed up, so we had to go in and troubleshoot some of the processes.
SN
SecSMgr739
Sr. Systems Support Analyst at a manufacturing company with 10,001+ employees
It was fairly complex, but that's just because we did the little things that aren't normal in our environment, but other than that fairly straightforward.
We did it in a little bit of a different fashion than most would. We deployed it in Azure, in a cloud environment. That was a little different, but still pretty straightforward.
View full review »SB
SANJAI BOSCO
Technology Solutions Head at MANTRA TECHNOLOGIES LTD
The initial setup is not so easy because it is quite a process. Nevertheless, from my experience in implementing SIEM, Splunk is the easiest, and LogRhythm comes next.
LogRhythm is okay, we never had any challenges.
The installation is per site. Because these are all government customers, public sector government customers, we generally take anywhere between four to six weeks for installation. We have five people doing it.
View full review »AB
Ashlish Baria
Manager of Information Security at a real estate/law firm with 51-200 employees
The initial setup is complex, because it's a huge product. LogRhythm is a beast. It can do so much more than just the analytic software, so it is not your typical installation. It's more of a three to four month installation process because you are gradually bringing in logs and fine tuning them. It is not a difficult process, just a lengthy one.
View full review »JC
Jack Callaghan
Senior Security Analyst at a financial services firm with 501-1,000 employees
We've lived through three or four years of the product, so in the early time it was major upgrades, releases had a lot going on. But now things are almost completely seamless.
LogRhythym uses both the central environment and then sensors that it spreads out. It used to be that you'd have to upgrade the central environment then get all the sensors. As they've moved through things I can now do one upgrade in one place and tell that central environment to upgrade everything else. It cuts down my time from being 12 or 13 hours for an entire operation, to about three or four hours to bring the main environment up, 15 minutes to start up the upgrades. Then it's time for coffee, come back, usually I'm done.
We actually used LogRhythm's Professional Services group to help us get the product up and running. It went real smooth. Matter of fact, the amount of time that we allocated the Professional Services, we were short of that. It just went real well.
Our group caught on to the product very quickly, which was another great benefit. We were able to do a lot of the work ourselves, versus relying on Professional Services to do it, just because we caught on much quicker than we had thought initially.
View full review »I was involved in the initial deployment and setup.
We had some challenges. The problem that we ran into is that without doing a lot of due diligence was management decided that let's deploy LogRhythm on the cloud on AWS because we're going in that direction for a lot of things, so we had Optiv come out and do the installation and setting it up for us, letting us drive, control the mouse, the keyboard, and so on. We ended up discovering that it would be $100,000 a year to have the virtual appliance in AWS just for the spec requirements and we pulled back on that. It was cheaper just to buy an appliance basically. The cost for one year almost paid for the appliance that we got.
We lost a few days of consulting time. Because of that, we had to delay the project a little bit and start over. Then we realized that once we did start getting all of the agents and logs coming in, we were not seeing all the logs that we needed. Then a lot of the log sources that we really needed weren't there yet because of our infrastructure challenges.
That was a learning experience, knowing what it takes to install a SIEM from scratch:
- Have your inventory down.
- Understand your network infrastructure challenges upfront.
- Having the appliance versus the cloud and really understanding the pros and cons of that.
I know when we spoke to our sales engineer (SE) that there were very few cloud implementations. It is still pretty new. They tried steering us away from it and we didn't listen. We probably should have listened a lot better.
View full review »It was pretty straightforward. I was happy with the deployment team. They were onhand and they were explaining a lot of stuff that was happening, so I feel pretty good about the initial deployment.
MR
Moshiur Rahman Khan
CEO at a tech services company with 51-200 employees
The setup was very easy. I rate the setup a ten out of ten.
View full review »PP
Punit Patel
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
The product was already set up when I first jumped on with the organization. My only process is the movement from physical to virtual and then the upgradation to 7.3 and 7.4.
View full review »MN
Mike Natale
Information Security Analyst at Endicott College
The few issues that I have had while doing upgrades, LogRhythm's support answered them incredibly quickly.
View full review »I was involved in the initial setup. It was very straightforward. I had used a different product previous to LogRhythm, so I had a basis of what I wanted to compare to. I was able to take that little bit of experience and bring it to LogRhythm, and ask them how do I accomplish these goals, and it was very straightforward. They helped through that process.
View full review »MR
Moshiur Rahman Khan
CEO at a tech services company with 51-200 employees
The initial setup process is very user-friendly. It takes 15 days to complete.
View full review »The installation is straightforward.
I rate the installation of LogRhythm NextGen SIEM a four out of five.
View full review »JW
James Whistler
Security Administrator at a non-profit with 501-1,000 employees
The initial setup was actually me and the technician. I did 90% of the installation myself and he basically came on board and verified everything I did and gave me some pointers as I went through.
Installation was incredibly straightforward. I was able to get it set up. I said, I stood it up on my own about ninety percent of the way, without any input from anybody else and just the final pieces of staging was done with somebody else.
View full review »EH
Eric Hart
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
I was not initially involved in the setup. I came in to manage the SIEM solution three years after its deployment.
View full review »AB
SeniorSe307d
Senior Security Analyst at a consultancy with 1,001-5,000 employees
I do the deployment and maintenance for the solution.
View full review »We definitely had to get some assistance, because we didn't have the expertise. Once we got the product in place, it's good at maintaining itself, along with the support.
If you're going anything more than the single box solution, I would not try to set it up by yourself. I would get the expertise to help you get it right.
View full review »JT
Jorge Trujillo
Information Security Engineer at a financial services firm with 501-1,000 employees
I actually was hired within the last five months. I showed up, and they said, "Hey, you're going to get to deploy this." I said, "Sounds great."
Deployment was fairly easy. They gave us some prerequisites that they needed us to have ready for them, so we went ahead and got those all ready, went through change management, got everything approved.
They needed to have - if you want it to collect logs remotely - a service account created, you needed to have specific ports already open, to make sure that everything communicates properly.
We went ahead and had everything set up. We got the support call because we got the DMX appliance. The day came, we got it all set up, it was fairly simple. The support agent walked us through everything we needed to do. He showed us tips, and tricks, and best practices for specific situations. He did training at the same time as we were deploying. It was a fairly simple, easy process.
View full review »GN
productm1010136
Head Of Technical Services at a tech services company with 51-200 employees
The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.
MC
reviewer1283208
Information Security Officer, Network Analyst at a university with 1,001-5,000 employees
It was complex simply because we had different products.
View full review »JA
Jeremy Alder
Security Lead at a financial services firm with 201-500 employees
We've had CloudAI implemented into our deployment for about three months so far, and out of that three months, we've only had one day of downtime. That was with a scheduled transfer from how they were hosting it before to where they're hosting it now. Stability and uptime has been 99% plus. It's been something that I can count on every day to come in and see this report and rely on it. We really haven't had the chance to scale CloudAI. We're a growing organization, but we're not ballooning, and we're not adding on new users. CloudAI is a great option to sync with AD to pull all your users and, and you can just set up the identities and run with it on day one. The reason why we went with CloudAI and decided that it was something we needed in our environment was because we had the log data for a lot of our servers, a lot of our hosts.
We had the authentication data from our domain controller on the users, but we really wanted to understand what the users were doing and why they were doing it. So we looked into other artificial intelligence programs that would do some of the similar things, but we realized that CloudAI would do what we wanted but then feed the data right back into the LogRhythm platform. With that, we were able to see what the users were doing along with what our servers were doing, what the hosts were doing, and we would have all that data correlated, and we could understand it in one big picture right in the web console.
The implementation of CloudAI was incredibly easy. We just ran a script, added a certificate, and all of the sudden, we were sending the data to them, and we had a report the next day. When we choose a vendor to work with, the number-one thing that we want to understand is that they understand the product. We aren't just going to go to a vendor and say, "Here's our money, please go learn about this product and then implement it in our environment," because I'll just implement it, I'll just learn about it myself and do it. But if I go to a vendor and learn that they know about this product, they've implemented something before, I'm going to go with them nine times out of 10 because they will do something that I can't do myself because I don't understand what's going on.
View full review »SB
Steve Bonek
Information Security Manager at a tech vendor with 1,001-5,000 employees
I was involved, actually one of the first. It was one of the first products involved when I started with the company. We didn't have a SIEM, didn't have any really from a monitoring standpoint, didn't have anything. So LogRhythm was really the first major product that we bought and the installation was awesome. I mean it went as expected, moved it along quickly, and it provided value as soon as we were done with the installation. So the install was amazing.
We're about 20 different log source types. I mean all total log sources, we're probably in the 400-500 range, so I mean it has a log source, there are log source types for everything that we have right now. One of the challenges we have had is adding all of our cloud infrastructure in there as well. So I know that's something that logarithm was working on.
We're doing about 2000 messages per second.
View full review »In the various guises that I've had over the years, we've gone from multiple installations across 54 datacenters, globally, into our smaller setups. It's easy to install, it's pretty much, as they say, "out of the box," but it needs to be fed and watered on a daily basis. You do need a team to look after it, which I think is the same with any SIEM out there, but this is much easier to use. And because it's out of the box, you get the information you need within the first couple of hours.
I was involved in the initial setup. It was straightforward, but it was seven years ago. We have gotten more complex as the system's evolved.
View full review »The initial setup is straightforward. Follow the initial setup guide and the solution works within hours. Easy to use configuration tools are included.
View full review »It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.
View full review »The initial setup is straightforward. The deployment takes between nine to twelve hours.
View full review »The initial setup is a bit complex because we need to be certified first. Otherwise, we have to get their PS for the deployment process. Even if you're certified, they shadow us. There are some processes for which we need to obtain their advice.
The initial setup and configuration can take around half a day. That is, a single box deployment can take 6 hours.
If I were to rate my deployment experience, I would give it a four out of five.
I always recommend training for everything, but that really is use, not setup. Setup is very easy. I do recommend people take advantage of the LogRhythm Professional Services. They make it very helpful, it's easy to get up and running in a day or two. Use Professional Services is my recommendation.
View full review »It was very straightforward.
View full review »SK
Security40a8
Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
The initial setup was fairly straightforward.
View full review »It was straightforward.
The initial configuration was easy.
View full review »PC
PH Chiu
Consultant at RIPEN
The initial setup is complex and I rate it a six out of ten.
View full review »Depending on the size and complexity of the deployment, i recommend paying for the Professional Services team to assist. All work was done in a remote session.
I also recommend not attending the training sessions until a few weeks of bake-in have occurred. Too many topics were covered to fully absorb all the information that was disseminated.
View full review »NC
Nuwan Chathuranga
Team Lead - Network and Security at Connex Information Technologies
The tool's setup is very straightforward. I would rate the tool's setup a ten out of ten. The tool's deployment depends on the use cases, environment, etc. The tool's deployment takes one month to complete.
View full review »YI
reviewer1007241
security solutions integrator at a consultancy with 1-10 employees
Setting up LogRhythm is straightforward. It is not complicated.
View full review »SR
Sadat Mohammad Rifat
Senior System Engineer at a tech services company with 11-50 employees
The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However, the deployment of LogRhythm is very easy.
It takes 12 to 15 days for a full deployment.
We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.
It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.
In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.
MS
MarkSemkiw
Senior Network Engineer with 201-500 employees
The initial setup is easy with the physical appliance.
View full review »It pre-existed before I got there.
View full review »I think that anytime you're integrating SIEM monitoring tools into an environment, it is complex, but the LogRhythm Professional Services help make things easier, and I've worked with them every step of the way.
It's straightforward, to the point that we brought it. We did a week of engagement with our security value-added reseller, and we were basically shoulder surfing. Everything looked like it made sense and why they were doing it, and it's not that complicated.
Where it can get more complicated, like I said, is if you're a big organization, you didn't have it all on one platform. Those components would have to be put together, and there can be a little bit more to the infrastructure.
The SIEM's a very technical tool, but LogRhythm - that's one of the beauties of it - once you figure out how it's installed, the care and fitting of it, the updating of the SIEM to new versions, and even the monitor agents, it's really pretty straightforward. Good documentation.
View full review »The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.
View full review »MB
Mark Baksh
IT Specialist at a healthcare company with 51-200 employees
The initial setup is complex.
I've been very lucky that some of my staff have very high technical knowledge on configuration of LogRhythm. If I didn't have those staff available to me, I would certainly recommend the Co-Pilot, which is an option that LogRhythm provides. I think that gives you the confidence that you've not only bought a product but, at that point, how to configure it and use it.
We used their Professional Services, I was one of a group of three - and the professional services - that helped roll out. It was pretty straightforward. Of course, it was different because it was all new to us, and using the Professional Services was very helpful.
View full review »The recommendation from VAR was to actually have Professional Services engagement. That was one week. Basically, that was just building out the SIEM, creating some basic rules, showing it lay of the land, where things are, where you go to administer, how do you create a case. Really basic administration.
Then, what LogRhythm also built into that was a one-week training, which we did online, which was great. That just built on to that first week of here's how it's built out, and then here's how to use it, here's how the administrate it, here's how you use it for analyzing alarms in your environment.
They go pretty well. Of course there are bumps and bruises, especially with LogRhythm being such a massive application. If it was to go 100% well, I would honestly think that it didn't go that well, and I just don't know about it.
View full review »The main challenge with setting up LogRhythm is you cannot just put LogRhythm in and let it run. You have to put some care and feeding into it. You really have to work on it.
LogRhythm gives you a lot of standard rules, but some of those, a lot of them, do need tweaking, and there are reasons for it. They can create a global rule that would work for maybe 20% of their customers, but everyone needs to go in and actually make changes. You have to have a staff on prem to be able to know your organization, know what your organizations looking for, and to be able to make those tweaks.
So the challenge with setting up LogRhythm is you don't just flip it on, you work at it, you make sure that you're invested in it. You have to have a team. It doesn't necessarily have to be a huge team of people that are working on LogRhythm 24/7. I'm sure for some financial institutions, or some institutions, that has to happen. But you need to align resources internally to be able to know the product.
It's almost best if you have a first-line support for LogRhythm internally, because you can't always rely on somebody else to fix your problems. You really have to know your system. So taking the LogRhythm training - when we've had other people come on to our staff - I've done a lot of training, but we have had Professional Services come back and do more internal training.
View full review »It was a little bit of both straightforward and complex. There were certain parts of it that were very straightforward. There were other pieces where we just had to get a grip on which log sources we were going to send where, and how to manage it all.
I was just involved in the decision-making process. However, I know that the setup was straightforward.
View full review »It was straightforward and, like I said, a lot of good knowledge transfer on what to do and how to proceed.
I was involved in the setup. It was mostly straightforward.
View full review »We have implemented the core implementation, but we haven't done any of the onboarding or anything like that yet, but I was there.
We were overwhelmed at first, and now we're starting to figure out what the capabilities are.
EC
Security7ef8
Security Admin with 1,001-5,000 employees
I was involved in the initial setup, and it was fairly complex. We did use a professional services to do most of the work, but, yeah, it was somewhat complex compared to some other solutions I've used in the past. However, with the capabilities of the product, it wasn't surprising, because, you know, with the feature-rich product, you're gonna have some complexity with it, as well.
View full review »CO
SnrArchi4b5a
Senior Architect at a energy/utilities company with 201-500 employees
We did an on-premise solution. If I had to do it again, I would probably do a cloud-based solution. They basically shipped two boxes which were essentially ready to go. Then, I worked with an engineer who had a block of hours and he got the HA capability going. We got it dialed in and tied it up with the mainframe.
Our team is in the process this week of doing a health check and trying to get everything up to speed. We are doing an upgrade, because we are still on 7.3. We need to be upgraded to 7.4.
We have been using it for about a year. We are probably only about 75 percent there. We need help getting it dialed in, having some of the noise tuned out, and getting the alerts set up properly, so we can work off hours on different triggers. This is where we are struggling because we need to sleep, and we are blind during that time. So, we something to help us with that.
View full review »CG
NetworkS5932
Network Security at a energy/utilities company
My deployment is very new so we are still implementing it. There’s a little bit of work left to be done to get it to full capacity. I would say that it’s been relatively painless.
View full review »The setup requires an agent to be installed on all the machines and we have an in-house intrusion prevention system server base. We did a fair amount of finagling with that. I would say in an organization without those types of software running, it would be a piece of cake. I think it would be excellent. With us, we had a few extra hurdles to jump through just because of the fact that we had to be so secure in-house here.
View full review »Our entire implementation was completed in one day.
View full review »TS
Timothy Sueck
Security Analyst at a financial services firm with 201-500 employees
I was not involved in the initial setup. I inherited it from a previous admin.
We probably had close to 2,000 log sources at this time. Setup for them is variable. Some are straightforward, supported out of the box, some take a little more technical expertise.
View full review »For me, not having been in the security world, at least on the SIEM appliance side, it was a lot to take in at first. We had an onsite engineer come in, help us put it in play. We had a week's worth of training. All in all, it went pretty smoothly.
There were gaps in our knowledge, I think, but that's where we opened up customer service requests and they came through and helped us out. But for me, personally, I would say it went well. It was just "a lot," it was new to us, it was new to our organization, so it was just a lot of information, but as far as it goes, it was pretty smooth.
I did oversee the implementation, and the initial setup that we did seemed to be fairly straightforward. My engineers were very happy with the simplified installation process.
Being an all-in-one appliance, that helps a lot in the initial setup. You rack it, you perform the updates, being a Windows box. And even some of the software upgrades that we've done since our initial purchase and installation, those have been fairly trivial as well.
View full review »It was pretty easy.
View full review »AW
Andy-Wijaya
Principal Consultant at ITSEC Asia
Setting up LogRhythm SIEM is complex. Everything is complicated — the activity, integration, and analysis.
View full review »SB
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
The initial setup is not complicated. It's quite easy and very straightforward if you follow the guides provided. I followed the guides and found it to be rather simple. It's not difficult to get everything up and running.
The deployment doesn't take too long. You can have it ready to go in one working day. That includes installation and configuration.
We have a minimum of five people who handle maintenance and deployments.
View full review »A little complex, but usually any SIEM is; just all the components that are in that one appliance.
View full review »I was involved in the initial deployment and setup. I have used another SIEM solution. It's not easy, but it's not also that really complicated to setup.
View full review »I was involved in the initial setup. It was somewhat straightforward, somewhat complex. There are a lot of moving parts.
If they had some type of a script, which you could run depending on the solution and what boxes you have. A script that would just go and automatically configure things and get that part of it done, then you could focus on getting the events in, things like that.
We undersized the environment from a hardware perspective, which led to the system not performing well.
I'd say the requirements weren't really well defined, in our particular situation, but from what I've heard, other customers don't necessarily have that same issue. I think it was more so that LogRhythm was just growing at that time, and they had more customers than they knew what to do with.
View full review »On the last upgrade, I was part of the group to implement it. We did have some challenges, because the previous deployment was not configured right, then we did the implementation and it was very straightforward.
View full review »It was good. We have a lot of collectors, we ended up having almost 50 collectors in total, so it was a little bit challenging, but it's not bad.
Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.
View full review »Pretty straightforward.
It was a little complex, I did not have training prior to, so it was more of a hands-on learning, which I appreciate. I prefer to do hands-on. It's easier for me to learn that way. It was complex but at the same time it was educational. It had benefits.
I'd say straightforward. We did have PS as well, so it was very helpful.
SS
reviewer1306557
Systems Administrators at a tech services company with 201-500 employees
It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.
We have two administrators and two analysts. Four of us are managing the system.
View full review »CE
Chamini Ellawala
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.
The initial setup is easy. It can take two hours. The first day of deployment is easy. Then depending on the devices and log servers, it can take time. We can give them predefined or pre-created devices and logs. The deployment depends on the devices and systems we are integrating. But the initial stage is easy.
View full review »We thought the setup was very quick and easy, of course we didn't try to boil the ocean all at once. We've been, over the years, adding more and more phases to our system, completed it in phases.
RJ
reviewer1115169
Consultant at a tech services company with 11-50 employees
The initial setup was straightforward.
View full review »MR
Muhammad Umar Raza
SOC Analyst
The initial setup was simple, and it took two days to deploy.
View full review »SB
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
The initial setup was very straightforward. We deployed LogRhythm very easily. In total, including configuration, we deployed this solution in less than one day.
View full review »It was fairly straightforward.
View full review »The initial setup was straightforward.
View full review »Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,415 professionals have used our research since 2012.