LogRhythm NextGen SIEM Valuable Features

Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value depends on how the vendor formats it. Fields within log messages, such as a time stamp or source IP address, are delimited by spaces. Depending on the type of device, the information varies because if it's a temperature sensor you'll get temperature, or if it's a pressure sensor you'll get pressure, but if it's an active directory server you'll get an active directory message. The problem comes about because in some cases, the fields are not labeled. Rather than an identifier for a source IP address (e.g. "SRCIP="), it will just have the address, and you have to determine what it is based on its location within the message. Of course, even though the field name is not in the log message itself, the field will still have a name. Extracting it correctly requires that you understand how the vendor formatted it. With LogRhythm, it does a better job than some products at slotting every field into a field name. View full review »
reviewer1283208
Information Security Officer, Network Analyst at a university with 1,001-5,000 employees
Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools. View full review »
Surendra Singh
Systems Administrator at a tech services company with 11-50 employees
File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting. View full review »
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,812 professionals have used our research since 2012.
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
The UEBA flow is the most useful aspect of the solution. The initial setup is pretty easy. While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind. View full review »
Vp9875
Vice President at a financial services firm with 201-500 employees
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature. View full review »
Chmini Ellawala
Engineer - Network & Security at Connex Information Technologies
The most valuable feature is that we can alternate incident automations. View full review »
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios. View full review »
Shreenkhala Bhattarai
Cyber Security Researcher at a tech services company with 1-10 employees
In terms of security, LogRhythm NextGen SIEM is great. View full review »
KatMcMillian
Sr IT Security Engineer at Puget Sound Energy
The most valuable feature is scheduling the KB update, which reduces administrative effort. View full review »
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,812 professionals have used our research since 2012.