LogRhythm NextGen SIEM Valuable Features

Gene Cupstid
Security Engineer at a logistics company with 10,001+ employees
Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just in real time is incredibly powerful. It's very fast. That's one of the things that I love about it is that we can get trending information at a moment's notice for just about anything that we have packed into the SIEM. So it's incredibly quick to get very easy high level information on any field we're looking for in the SIEM, and then be able to drill down into that through the log feature at the bottom. We are using their AI engine, we're using the actual web console itself. We're using lists in some of their automated list for generating content of blacklisted hosts or known malware sites and things like that. Most of those features are turned on at this point in time. We're actually pretty new, I think that says a lot to the amount of use we've been able to get out of it. We've only installed it maybe three or four months ago. And the amount of data that we have going into the SIEM at this point in time, which amounts to nearly 20,000 events per second, plus all the different features we have turned on is pretty impressive. So I think that that speaks a lot to the ease of getting it stood up and running, which is something that I've seen be way more difficult in other SIEMs in the past. We will be using the playbooks immediately, on day one, as soon as they're available. I've attended some of the playbook sessions here already and we're looking at which ones are already out there for use and how we're going to integrate them into our environment. So, playbooks are going to be a huge point of focus for the next year for sure for us. View full review »
JimMohr
Principal Security Analyst at a healthcare company with 10,001+ employees
Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring everything is just not possible. So we centralize everything and then we get it, come into the web console and we're able to triage and respond quickly to anything that is important. We do use many other capabilities with LogRhythm. We of course collect from our printer devices and our servers as well as some of our security specific systems. We'll drink from API's. We'll also implement file integrity monitoring in our data environment. So we use a lot of different features available within LogRhythm. It makes is possible to stay aware of much more of what's going on. We get an overview, a macro view that we can zoom in on as opposed to prior to that we had individual panes of glass. You might be stuck in the firewall interface for half a day whereas something goin on is not getting addressed that we really should probably investigate. So that's our biggest benefit. We're not using any of the built in playbooks. We are about to go up to version 7.4 once it becomes available. We were not an early adopter because of our size. View full review »
Reno Thomas
Senior Security Engineer at Augeo Marketing
Provides visibility into the network. We got it for PCI compliance for the most part, and we also do SOC 1 and SOC 2 compliance, so we can show that we're secure to our clients. We have a lot of financial and other customers that care about security with the kind of business that we do. But we're looking at it to do SOC Light, not 24/7, but we want have a visibility into everything that is going on in our network, be able to respond, and do incident response using LogRhythm as our main console. View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2019.
353,599 professionals have used our research since 2012.
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web console usage across multiple layers of IT, and I didn't have to sit back and teach everybody complex SQL queries. Just that point-and-click interface, it's nice and bouncy and it's beautiful to look at has really driven the adoption of the use of the software. Secondarily, I think another really great feature is the community. And the content that that provides has enhanced our adoption over the years. We don't use the full-spectrum analytics capabilities of the SIEM mainly because I'm a lone wolf in running it. It's just a matter of timing and focus. We do a lot of analytics around user behavior although we're not a cloud AI customer yet. We're doing a lot of what they call the AI engine to do user behavioral modeling and we're starting to onboard some network behavior modeling analytics as well. View full review »
Jeremy Alder
Security Lead at a financial services firm with 201-500 employees
LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to us, I can remediate that almost immediately, and then feel secure again knowing that that data is coming to LogRhythm, and LogRhythm is correctly dealing with it. I can know that our security is in place. We haven't used any of the LogRhythm built-in playbooks yet. Stability has been really good. The LogRhythm platform in our environment actually sat for three years with no one really using it. I came in about six months ago. I was able to pull it from generating about a thousand alarms a day that were just heartbeat errors, or critical components going down, to it actually only generating about 100 alarms a day, some of those being diagnostic alarms, but most of them being very helpful alarms that rarely ever point to having a component being down. With some short maintenance daily, LogRhythm has been a very stable platform. View full review »
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
I've worked with a lot of SIEMs. It's nice that it's straightforward. View full review »
Jim Mohr
Principal Security Analyst at a healthcare company with 501-1,000 employees
There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man all the interfaces that come with the products. View full review »
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value depends on how the vendor formats it. Fields within log messages, such as a time stamp or source IP address, are delimited by spaces. Depending on the type of device, the information varies because if it's a temperature sensor you'll get temperature, or if it's a pressure sensor you'll get pressure, but if it's an active directory server you'll get an active directory message. The problem comes about because in some cases, the fields are not labeled. Rather than an identifier for a source IP address (e.g. "SRCIP="), it will just have the address, and you have to determine what it is based on its location within the message. Of course, even though the field name is not in the log message itself, the field will still have a name. Extracting it correctly requires that you understand how the vendor formatted it. With LogRhythm, it does a better job than some products at slotting every field into a field name. View full review »
Jack Callaghan
Senior Security Analyst at a financial services firm with 501-1,000 employees
The breadth and harvesting of information the SIEM is capable of doing. I've been in this probably going on 30 years, and I've seen the growth. I found a resource that's outstanding in finding information and then the most important thing, distilling it, putting it together, which is a real big challenge in this field. View full review »
Aaron Mueller
Security Analyst at Xanterra
The PCI compliance pieces that help us produce reports for our external auditor, and their support. I constantly sing the praises of their support group. It's a complicated, vast product with a lot of breadth and depth. Things go wrong. But when I have a problem their support group will get a hold of me within minutes to hours, at the most. If it takes a group of people to solve the problem they pull a group of people together. They will create remote sessions. I don't have any other vendors with the same level of support that LogRhythm does. View full review »
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
The ability for me to go into the Web UI, and just learn what's going on in my environment. Being able to go in and show our company's management, "Look, this is what we can see. This is what we can now know about our environment." Then, using the past several months to baseline what's normal, it has been invaluable, and we have also been able to stop things that were bad, at the same time. We were able to actually show value, while we were still building out the solution. View full review »
Computer0e92
Administrator Executive at a individual & family service with 10,001+ employees
It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast. Our operation is small. I am a one-man shop right now, so it gives me a chance to aggregate all my events and logging, alerting, in one spot. I come in and can see exactly what is happening. View full review »
Informat8c3b
Information Security Officer at a insurance company with 201-500 employees
Any SIEM, in and of itself, should be easy to ingest data, it should also be easy for the analyst to assess the different types of events that are coming through, be able to sift through false positives, and ensure that they are only acting on things that are truly actionable, that need to have attention. It's not one of those things that you want to have analysts spending a lot of time on, and then seeing false positives in the system. It just gets to a lack of trust within the system. LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts. View full review »
David Kehoe
Information Security Analyst at a pharma/biotech company with 51-200 employees
The most valuable features for me are the customization features. I can build it out to do whatever I want. I've created rules in there for Crypto mining and Crypto jacking. The compliance aspect is phenomenal. The reporting in there is fantastic. It helps our internal audit team. It also helps us with our compliance, as well, for our audit. So it's a lot of good options in there. CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks. A lot of bad habits. Just for a specific use case, I've identified where an account that should have been disabled was being used by another user inside of our network. A lot of policy violations. A lot of geographical location identification inside of the networks. CloudAI-UEBA has enhanced my security operations because I've been able to track down users with anonymous behavior. To be more specific about that, I've been able to track down users that were using accounts that they shouldn't have. So for example, we had a user that left the company and another user was using that account to access servers inside of our network that they didn't have access to. So it's very powerful. It just takes some learning to get used to. View full review »
Eric Knopp
Data Sec Program Manager at a insurance company
The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources. Every different log has a different time stamp, it has a different user, things are in different places. But with LogRhythm you can take all of your logs from all the different sources and make them relevant to each other. So if you're looking for a user that is doing something malicious or if you're looking for a computer that is maybe making some calls out to systems that you've never made before, you can correlate based on a user attribute or a computer attribute to say, "Go find me everything that that user is doing." Because of the correlation, you can then have alarms and reporting off of multiple log sources. View full review »
David Schell
IT Security Analyst
The most valuable feature I get out of the LogRhythm platform is being able to take machine data and present it in a format that's easy to understand, easy to analyze, easy to pivot through to get answers to the questions that I had that I'm investigating, whether they're security related or operationally related. At this time, we're not using any of the playbooks in LogRhythm because it's currently not available in our version. However we are very excited about that feature coming out in the near future and we're definitely looking at using playbooks to do phishing, unauthorized access and our other use cases we're gonna identify in the future to make sure that our analysts are responding to the threats in similar ways and that the correct actions are being taken. We have around 75 different types of log sources coming into the environment right now. The log source support is good, there's always room for improvement. One of the areas that LogRhythm's kind of pushing really hard right now is to integrate more cloud solutions, so your Office 365, your Azure, your AWS, making sure that those SaaS and other cloud platforms are getting the data you need into that platform. It's getting better but there's definitely still work to be done. We currently have 3000 messages per second in our environment but we still have a number of different resorts to onboard in our tenant. So we're definitely looking to push above, probably the 7, 8000 range. View full review »
SeniorNead2e
Senior Network Systems Engineer at a non-profit
The ability to threat-hunt and, being a small staff of five people, we can actually not put a lot of time in administration, the care and feeding of it, and get useful analytics out of it. View full review »
Steve Bonek
Information Security Manager at a healthcare company with 1,001-5,000 employees
I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment. As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so. View full review »
Tommy Scott
Operations Team Lead at Mary Kay Inc
Most valuable feature is really providing us visibility into our infrastructure. Frequently, I'm reaching out to our partners in the business, and I'm asking them how I can assist them, and how I can improve their visibility from a security perspective. Often times, like many of the users I've met this week here at the LogRhythm User conference, we've encountered that the business owners, they're not familiar with their logs. Some of them haven't even really looked at them. But when I delve into the logs with them, and identify some things we can trigger on and alert on, and really help them improve the efficacy of their tool, it's really been a big benefit to have that visibility. Not only from the security perspective, but an operational perspective. It's really helped to build a relationship between us and the business. View full review »
Marc White
Chief Security Officer at Optomany
The most valuable feature for me is that it's a single pane of glass for all of the analysts in my team. It gives us complete eyes and ears into what's going on within our environment. We run two separate installations. One is in our datacenter where we handle all of the sensitive data, and one is on the enterprise side, so it gives us a real good visualization of what's really going on. View full review »
Jacob Hinkle
Security Engineer at Managed Technology Services LLC
The most valuable features are the reporting tools. A lot of times as security, we are tasked with explaining to management and the executives how the security program is going, what our concerns are, and if we want to get anything out of them as far as budget to fix some issues. We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program. View full review »
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
The most valuable feature that we use is the AI Engine itself. View full review »
Dan Ney
Sec And Risk Lead at Baker Tilly Virchow Krause, LLP
We're fairly new to LogRhythm. One of the things that we really liked in the deployment PoC phase was the dashboard. How easily it percolated critical information up onto a screen that we could immediately review, and drill-down to look at the raw logs. That was one of the key features that we liked in the PoC. Still today, that is by far one of the best features. View full review »
James Whistler
Security Administrator at a non-profit with 501-1,000 employees
The most valuable feature has just been the log reporting. Within three hours of installation of LogRhythm, we were pulling error reports that actually indicated we had a switch about to fail. It saved us about ten thousand dollars of a potential failed switch. We are ramping up the analysis and the analytics part of the LogRhythm. We're in the process of building a lot of that. We're trying to build out as clean as possible, so what we have in place is a lot of the intrusion detection and basic PCI compliance. View full review »
SeniorNead2e
Senior Network Systems Engineer at a non-profit
Favorite feature of the product is the ease of administration. There's not a lot of overhead. We don't need a FTE dedicated just to admin the product. That was one of the biggest selling features for us. View full review »
Punit Patel
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
Some of the valuable features, I find it's very easy for me to integrate new log source types within the SIEM. The MPEs, there's plenty out of the box solutions that we can integrate new appliances with. We're constantly buying and upgrading our appliances, so it makes it easy for me to ingest logs and run correlations in the AI Engines. Currently, we don't have full spectrum capabilities. We're using AI Engine mostly to run correlations, and then we obviously have our dashboards and stuff, but apart from that, we're working on the UEBA implementation for users to run more correlations. We do have our net monitors that we use to run packet monitors, packet captures, and even traces. View full review »
SnrArchi4b5a
Senior Architect at a energy/utilities company with 201-500 employees
We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot. View full review »
reviewer748821
Information Security Analyst at a non-profit with 1,001-5,000 employees
The most valuable features for me is just to be able know who's in the network, being able to drill down on the alarms, to being able to look at the different rules or whatever that's been impacted within the network for anyone being in the network. At this point we don't use the full spectrum of analytics. We're still fairly new and trying to tweak our system to get the information that we want out of it. So we're still at the beginning stage. We are not using the playbooks, we're still on a version that doesn't support them. But yes, after going through the session today, the preview session, we definitely want to use the playbooks. View full review »
SystemsA0c45
Systems Architect at a university with 10,001+ employees
* The integratedness * The parsing * Their partnerships with various device manufacturers They keep it up to date, you don't have to worry about that when their products change. I think as an aggregator it works very well, and as a case management tool it works very well. I think it works reasonably well for parsing. I think there's always room for improvement there; I'm thinking any solution that I've seen, it's just a difficult problem to solve. View full review »
David Butterell
Threat And Awareness Manager at a tech services company with 1,001-5,000 employees
It is the dashboards. Up until just a couple of weeks ago, we were just using the standard dashboards. We actually had our account manager and professional services team members come out to our Security Operations Center (SOC) and essentially walked through our processes and how the SOC operates. One of the immediate improvements was using the dashboards more effectively, so we just used the standard, out-of-the-box dashboard, and it actually wasn't really telling us much. Now, the SOC have custom dashboards, showing them a lot more useful information, puts the information in context, and they are actively using it for proactive investigations, rather than just responding to alarms. View full review »
Security7ef8
Security Admin with 1,001-5,000 employees
The most valuable features are probably the AI Engine is very valuable, as well as Netmon. We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks. View full review »
Securityb29a
Security Analyst at a financial services firm
The most valuable part of the solution is being to view all of the logs whenever you want. Any time an issue comes in or something that needs to be researched, I have the logs there. I can go in, run an investigation. It's pretty much at my hands. Information is available on demand. I feel like I'm in control of it, which gives me warm, fuzzy feeling. View full review »
Seth Shestack
Deputy Ciso at Temple University
The thing that I find most valuable is that every interface is consistent. Whether you're looking at a dashboard, a drill-down, an alarm, a search, the interface is exactly the same. As you move through the experience of looking at some type of event, some type of incident, following up on a search, everything is consistent throughout the whole user experience. View full review »
Wadson Fleurigene
Information Security Engineer at Seminole Tribe of Florida
The most valuable feature is the Threat Intelligence Services (TIS). View full review »
Shane Addison
Information Security Officer at First Mid-Illinois Bank And Trust
The scalability. We had a huge problem with that before. Now, we can quickly search through all of our logs. If we have an issue that, perhaps there's something suspicious from a particular host, we can quickly go through there and search all the logs for anything that had to do with that host for a specific time frame, and anything coming to or from that host, or if it's a user, or whatever it is. Investigations, its really been helpful for. View full review »
Alex Wood
Systems CSO at a manufacturing company with 1,001-5,000 employees
From an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have. We use the full-spectrum analytics capabilities. We have a number of rules that we've built, and built-in rules that we leverage as well. We've got a whole bunch of dashboards and the like to do the analytics. We definitely find the full-spectrum analytics to be valuable. View full review »
reviewer711480
User at a aerospace/defense firm with 1,001-5,000 employees
My favorite part of LogRhythm is its ease of use. Everything I have used is designed very well, and makes sense after little time on the system. The new web interface is very fast and easy to use and see what is going on in a glance. The AIE rule set is easy to setup and use. They have a lot of built in modules that have the rules already created for you. The deployment guides are easy to follow for setting up the modules. Personally I love the UBA or threat modules. These will first do a system baseline then start flagging events outside your normal operations. Creating new rules is very easy with the GUI. Compliance reporting is another great feature of this product. It has built in reports right out of the box. Plus it was one of the few products with FIPS 140-2 encryption for the data base. View full review »
Security72a8
Security Operations Analyst
The features I find valuable as a user, from a first-hand experience, are that it's very user friendly. I can feel comfortable with using it and train someone else to use it as well. The reporting aspects are great, the AI engine rules that create the tools, the reporting aspects all round are great. There are some ins and outs that may not be big, but there could be something that comes from a later model, such as flagging it for false positives, either as a tag or just like a drop-down option, or customization tag, to add on your own tags or statuses. Those things are not, they're not a complete no, but it's one of those where it feels there; I'll be so excited for it and just be like, “Alright!” View full review »
Doug Dayley
IT Infrastructure Manager at Jeunesse Global
Well our eCommerce site is very important to our business. So not only NetMon, but also just knowing the traffic that's coming in and out of there, and whether it's coming from bad sources. We have to protect our eCommerce site and it is helping us do that. View full review »
Seth Shestack
Deputy Ciso at Temple University
The consistency of its interface, whether you go to a dashboard, a search, an alarm - everything comes back consistently. There isn't a different interface for every function that you do, so it makes it very usable. View full review »
SeniorITa2b0
Senior IT Security Analyst at a financial services firm
It is creating a whole ecosystem, integrating different security components together, whether it is bringing the CloudAI, a UABE solution or smart response case management. View full review »
Anthony Workman
Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees
The most valuable features would be the automation, reporting, and the support. I do plan to use the full extent of the correlation and AI Engine to streamline our processes. View full review »
Securityd711
Security Architect at a leisure / travel company
We're doing almost 10,000 EPS right now and we have anywhere between 5000 and 6000 servers, and a couple thousand network devices more or less. Our goal is pretty much to gather all those logs. Keeping track of when new servers are deployed and new network equipment gets put out there and then have them report to LogRythm. That's mainly the biggest challenge so far. Mostly for us the most valuable feature is its aggregation of all the logs into a single platform, and then doing the real-time monitoring based on that. Also, the real-time monitoring piece of it, that's extremely valuable. Plus you can tweak a lot of their settings while other systems don't really let you. View full review »
ManagerSc364
Manager Security Operations Center at a leisure / travel company
One of the most valuable features is the investigation tab. It allows us to dig in deeper into the alerts that we receive today, based on the policies, that get triggered by our end-user population. View full review »
Rob Haller
Security Engineer at US Acute Care Solutions
The analytics that it does. Full-spectrum analytics capabilities, which we use for: * User behavior. * Watching and monitoring for login events or any anomalies. * Going through and watching trends. * Knowing what activities endpoints are doing, where they're going, what websites they visit, then making sure that they're in the normal or making sure they pick up on any outliers. View full review »
Kurt Schroeder
Senior Security Engineer at a manufacturing company with 5,001-10,000 employees
The AI Engine can take an event and correlate it into something else giving meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system. Therefore, if I find somebody needs to action other things on it, I can just forward the ticket along. This is all done via email, which is pretty slick. View full review »
it_user576042
Senior IT Security Analyst at a retailer with 1,001-5,000 employees
It's a compliance tool for our needs. Security analytics, cloud security, log management are also definitely valuable. We're looking at all the cloud features at this point, even antivirus is going to cloud. A lot of analytics are going to the cloud. So, we're looking at LogRhythm, what it's going to do at with the AI cloud stuff. View full review »
Robert Sweeney
Information Security Engineer at Lancaster General Health
* SmartResponse flexibility * Ease of use * Ease of administration Overall, versus competitors, it is a lot easier to use, a lot more user friendly, but it still gives you a lot of flexibility to do whatever you want. The limit is your imagination, for SmartResponses at least. View full review »
ManagerO3308
Manager Of Cyber Security at a healthcare company
The most valuable feature to me is certainly the CloudAI, which I have been a beta tester of, and also the SIEM capabilities and automation. I see CloudAI expanding greatly. It's obviously a new product for them. It will be able to give contextual evidence of people's behavior which, at the moment, whilst the SIEM does that, AI actually is that specification and concentration on people's behavior, which is a huge component in cybersecurity. View full review »
Daniel Galvin
Principal Security Specialist at University Of Massachusetts
I would say the amount of data that it collects and the way it correlates it, extracts it, and makes it easy for an analyst to look at it and deep dive into it. I had another SIEM before LogRhythm and it was nowhere near what LogRhythm does. The idea to me is collecting all this data and then extrapolating all that data, and it's phenomenal. View full review »
Technicaefde
Technical Architect at a financial services firm with 10,001+ employees
* The overall view of the solution: It encompasses end-to-end analysis and response. * Log management * Threat management: Threat hunting is going to be a large topic for us as well, which being a big data engine, will go a long way for us, too. We have not move into cloud security so much, but eventually we will be there. View full review »
Jorge Trujillo
Information Security Engineer at a financial services firm with 501-1,000 employees
Right now I really like the dashboard, and being able to view it easily, and to just have all the data right there available for me. View full review »
ITAnalysaaa6
IT Analyst at a energy/utilities company with 501-1,000 employees
Visibility, obviously. Seeing all the logs from all the various log sources, be it perimeter, internal, overall security controls; getting it in one pane of glass. And alerting, obviously. View full review »
Technica560a
Technical Systems Analyst
I would say to us, the thing that matters most is the automation of the AI rules that are being sent to our emails to let us know what's happening within our network and within our environment. When we set it up, we went through and probably turned on about 14 AI rules that we found to be really advantageous to us, and have tuned those over the past couple years. It's just worked out really well for us. View full review »
Briane Harris
SOC Analyst at a financial services firm with 1,001-5,000 employees
Being able to find everything in one place is really nice when you're doing your searches. View full review »
ITSecuri3467
IT Security Architect at a construction company with 10,001+ employees
Out-of-the-box, it already has a knowledge base solution. Therefore, if you do a little bit of work, such as configure the lists and log sources, you can have use cases implemented quickly. View full review »
Mike Natale
Information Security Analyst at Endicott College
* The threat analytics * Seeing what potentially could be happening; what are the riskiest things going on. View full review »
Chris Goff
Senior Security Engineer at a healthcare company with 10,001+ employees
The functionality of it. It definitely does a lot of things out of the box. You don't have to do a ton of tweaking and tuning, but that's there for you if you want it. Big-time usability and implementation is easy. View full review »
SecurityOps35453
Security Operations Center Manager at a financial services firm with 1,001-5,000 employees
We find the user interface and the ability to pivot near search from one particular item to the next part item to be highly valuable. Its ability to work with all different sorts of log sources has been extremely valuable. View full review »
Security40a8
Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing. View full review »
JuniorIndc40
Junior Information Security Analyst at a financial services firm with 51-200 employees
The fact that I can quickly determine if there is a threat actor from internal to external. That's our primary goal. We have a lot of traders and a lot of developers, internal, so that's generally where our presence is. We don't have a whole lot of online presence. We're not so much worried about external actors. Being able to determine what a user is doing is really helpful for us. View full review »
Securityd96b
Security Administrator at a tech services company
The artificial intelligence engine. View full review »
Gordon Wallum
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
We like the alerting features. They seem a little more hands-on and easier to set up. View full review »
SecEng3904
Senior Security Engineer at a marketing services firm with 1,001-5,000 employees
The most valuable features are the alarms, and some of the reporting features in the product are great. The web interface is awesome, it's very intuitive and gives a lot of great information. View full review »
SocManagf24d
SOC Manager at a energy/utilities company with 10,001+ employees
The important thing in LogRhythm is the correlation in the AIE rules. It correlates all the logs to give meaningful events. View full review »
Ashlish Baria
Manager of Information Security at a real estate/law firm with 51-200 employees
I wish I could just name one feature! There are so many: * The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market. * LogRhythm differentiates itself through its usability. * Its simplicity. It can do more than just basic simplicity. View full review »
Eric Hart
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
The capabilities that we mostly take advantage of in the LogRhythm platform is the wide array of log formats that we can bring in from various systems, and the capability to create custom role processing capabilities for log sources that may not already be a part of the platform. Currently, LogRhythm, the playbook's functionality is not in my version, so we're looking forward to utilizing playbooks. That's part of the main draw for me to come here, was to learn more about the playbook functionality and how we can incorporate that into our platform. But right now, the functionality is not there. View full review »
Ted Trembler
Lead Info Security Architect with 501-1,000 employees
Using the web console to get a quick look at what's happening on the network, so the different dashboards that are available. Those are probably the things I look at first. Probably very useful at really analyzing what's going on. View full review »
Tom Bies
Security Advisor at a manufacturing company
The UI. We can give it down to our SOC and we can train them. View full review »
Derek Perri
Senior Security Analyst at a energy/utilities company with 1,001-5,000 employees
The recognition of many device types, log message formats, and the most common device types out there. Then, the ability to quickly display data, and do the classification on it. That is the big value. I have used it a lot. I have used it against other SIEMs. I have used it in conjunction with other SIEMs, and it is the easiest to use and makes the most sense to me. View full review »
CyberSec605c
Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
* The SmartResponse piece of it. * It supports most standard log sources. View full review »
Brian Bolton
SYM Engineer Specialist at FIS
Visibility. Being able to see the system, see what's coming in, and being able to report on the logs coming in. Seeing what other people are doing and being able to track down quickly what is going on in your network. View full review »
Security9162
Security Engineer at a financial services firm with 1,001-5,000 employees
The Web Console is my favorite. It enables me, at a glance, to see the health of the environments. That is really important to me and to us. View full review »
William Spencer
Senior Manager IT Security at Virginia Premier Health
* Being able to gather logs in one place * Being able to process them and generate alarms View full review »
JohnHill
Senior Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
I like the usability of it. I like the web console and the ability to pivot through all the data in real-time. View full review »
ManagerO3308
Manager Of Cyber Security at a healthcare company
As a healthcare company, what we use it for is compliance, then to protect our data from exaltation. View full review »
ITSecuri59d3
IT Security Administrator at a financial services firm
The Web Console, and digging in through the logs. View full review »
Timothy Sueck
Security Analyst at a financial services firm with 501-1,000 employees
The most valuable features, for me as user, is probably the AI engine rules and dashboards, which give us a lot more insight into our security. The playbooks functionality will be valuable down the road, but right now my team is too small to really take advantage of it. Our messages per second right now is probably about 4,500. View full review »
SecEng3904
Senior Security Engineer at a marketing services firm with 1,001-5,000 employees
* AI Engine * Alarm rules correlation * Web interface * The amount of information it has throughout the web interface * The drill-down View full review »
it_user256056
Director Of Infrastructure And Security
* Ability to collect logs * File integrity monitoring View full review »
Informat0a27
Information Security Analyst at Aims Community College
* Log correlation * Aggregation * Being able to quickly identify threats in our network. View full review »
InforSec091900
Information Security Analyst 2 at a non-profit with 1,001-5,000 employees
* Visibility * The AI Engine for rule generation View full review »
Vp9875
Vice President at a financial services firm with 201-500 employees
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature. View full review »
Security0ebd
Security Analyst at a tech services company
Being able to have all our logs all in one place, so we can easily correlate across the environment. View full review »
Anthony Stein
Security Analyst 3 at a comms service provider with 1,001-5,000 employees
* The user interface (UI) * Ease of use, especially if you are starting off * The AI View full review »
ChrisSmith1
Information Security Architect at a healthcare company with 1,001-5,000 employees
I believe the most valuable feature for us has been that we have all the logs together. We can query them, we can find all kinds of different situations that are going on in our network that we wouldn't have knowledge of without searching many different servers and logs. View full review »
Manuel Ayala
EMS-Scada Infrastructure Engineer at a energy/utilities company
Compliance. It's the main focus of the solution, and that is what we've been doing: logging, monitoring, and alerting. View full review »
SecSMgr739
Sr. Systems Support Analyst at a manufacturing company with 10,001+ employees
Mark Baksh
IT Specialist at a healthcare company with 51-200 employees
The AI Engine. View full review »
Jon Nicholson
Cyber Security Operations Manager at Old National Bancorp
Probably the investigation part, being able to investigate any log. We've got so many sources that go in there that, at any given time, we can easily look up the logs on just about any system that we have. View full review »
NetworkS5932
Network Security at a energy/utilities company
For me, one of the most valuable things about it is it helps me to produce evidence in my compliance role for NERC. It helps me to really bring all my logs together and easily translate that into evidence, to show I’m doing what I’m supposed to be doing. View full review »
NetworkS5932
Network Security at a energy/utilities company
For me, the NERC compliance modules are probably the best thing. And the system monitors, they really pick up a lot for me. It helps you get an eagle-eye view and then delve down granularly. The ease of that is pretty amazing. View full review »
SeniorSe307d
Senior Security Analyst at a consultancy with 1,001-5,000 employees
* Out-of-the-box features, like widgets and dashboards. * The content in the community is very helpful and useful for new users. View full review »
it_user576042
Senior IT Security Analyst at a retailer with 1,001-5,000 employees
For my situation, besides the investigation that LogRhythm offers, it's the AI Engine rule set that it offers. It has brought us more significant changes in how we alarm and notify our users about what's going on in our network. It's not just one specific log, it's the correlation of multiple logs on different log sources. View full review »
Informat1561
Information Security Analyst at a legal firm
The visibility that it gives us into all of our data at once. View full review »
Steven McDonald
Sec Eng at a financial services firm
What I found most helpful out of it is the ability to see all of the same data, that I would get from my appliances, in one place. I don't have to log in to six or seven different appliances and hunt for that kind of information. I can just do some queries within LogRhythm and it tells me the same information. View full review »
MarkSemkiw
Senior Network Engineer with 201-500 employees
* AI * SMART Response * Looking forward to using the playbooks View full review »
Mark Semkiw
Senior Network Engineer at a transportation company
* The SmartResponse and the alarming * The ability to write your own rule set View full review »
SeniorSe0355
Senior Security Analyst at a leisure / travel company with 10,001+ employees
The AI Engine is the most valuable feature. View full review »
SystemsA2e92
Systems Administrator at a construction company
* Security analytics * Compliance: The reason we implemented was compliance. We're hoping to use it more now. View full review »
Rob Wilcox
Security Analyst at Guitar Center
Melissa Vidrine
IT Security Analyst at a financial services firm with 201-500 employees
* The web console * The case management View full review »
Jeff Hawkins
Director Information Security at Vail Resorts
Being able to centralize and have one view of all the threat events coming out of all my multiple security sensors. It has been the easiest SIEM platform that I have worked with or seen in production. View full review »
Timothy Sueck
Security Analyst at a financial services firm with 501-1,000 employees
The dashboards and the AI Engine. View full review »
KatMcMillian
Sr IT Security Engineer at a energy/utilities company with 1,001-5,000 employees
The most valuable feature is scheduling the KB update, which reduces administrative effort. View full review »
Lindsay Mieth
CISO with 1-10 employees
Daily alerts: These allow me to quickly find security and operational issues which need to be addressed. View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: July 2019.
353,599 professionals have used our research since 2012.
Sign Up with Email