LogRhythm NextGen SIEM Valuable Features

Gene Cupstid
Security Engineer at a logistics company with 10,001+ employees
Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just in real time is incredibly powerful. It's very fast. That's one of the things that I love about it is that we can get trending information at a moment's notice for just about anything that we have packed into the SIEM. So it's incredibly quick to get very easy high level information on any field we're looking for in the SIEM, and then be able to drill down into that through the log feature at the bottom. We are using their AI engine, we're using the actual web console itself. We're using lists in some of their automated list for generating content of blacklisted hosts or known malware sites and things like that. Most of those features are turned on at this point in time. We're actually pretty new, I think that says a lot to the amount of use we've been able to get out of it. We've only installed it maybe three or four months ago. And the amount of data that we have going into the SIEM at this point in time, which amounts to nearly 20,000 events per second, plus all the different features we have turned on is pretty impressive. So I think that that speaks a lot to the ease of getting it stood up and running, which is something that I've seen be way more difficult in other SIEMs in the past. We will be using the playbooks immediately, on day one, as soon as they're available. I've attended some of the playbook sessions here already and we're looking at which ones are already out there for use and how we're going to integrate them into our environment. So, playbooks are going to be a huge point of focus for the next year for sure for us. View full review »
JimMohr
Principal Security Analyst at a healthcare company with 10,001+ employees
Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring everything is just not possible. So we centralize everything and then we get it, come into the web console and we're able to triage and respond quickly to anything that is important. We do use many other capabilities with LogRhythm. We of course collect from our printer devices and our servers as well as some of our security specific systems. We'll drink from API's. We'll also implement file integrity monitoring in our data environment. So we use a lot of different features available within LogRhythm. It makes is possible to stay aware of much more of what's going on. We get an overview, a macro view that we can zoom in on as opposed to prior to that we had individual panes of glass. You might be stuck in the firewall interface for half a day whereas something goin on is not getting addressed that we really should probably investigate. So that's our biggest benefit. We're not using any of the built in playbooks. We are about to go up to version 7.4 once it becomes available. We were not an early adopter because of our size. View full review »
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web console usage across multiple layers of IT, and I didn't have to sit back and teach everybody complex SQL queries. Just that point-and-click interface, it's nice and bouncy and it's beautiful to look at has really driven the adoption of the use of the software. Secondarily, I think another really great feature is the community. And the content that that provides has enhanced our adoption over the years. We don't use the full-spectrum analytics capabilities of the SIEM mainly because I'm a lone wolf in running it. It's just a matter of timing and focus. We do a lot of analytics around user behavior although we're not a cloud AI customer yet. We're doing a lot of what they call the AI engine to do user behavioral modeling and we're starting to onboard some network behavior modeling analytics as well. View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,401 professionals have used our research since 2012.
Jeremy Alder
Security Lead at a financial services firm with 201-500 employees
LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to us, I can remediate that almost immediately, and then feel secure again knowing that that data is coming to LogRhythm, and LogRhythm is correctly dealing with it. I can know that our security is in place. We haven't used any of the LogRhythm built-in playbooks yet. Stability has been really good. The LogRhythm platform in our environment actually sat for three years with no one really using it. I came in about six months ago. I was able to pull it from generating about a thousand alarms a day that were just heartbeat errors, or critical components going down, to it actually only generating about 100 alarms a day, some of those being diagnostic alarms, but most of them being very helpful alarms that rarely ever point to having a component being down. With some short maintenance daily, LogRhythm has been a very stable platform. View full review »
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
I've worked with a lot of SIEMs. It's nice that it's straightforward. View full review »
Jim Mohr
Principal Security Analyst at a healthcare company with 501-1,000 employees
There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man all the interfaces that come with the products. View full review »
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value depends on how the vendor formats it. Fields within log messages, such as a time stamp or source IP address, are delimited by spaces. Depending on the type of device, the information varies because if it's a temperature sensor you'll get temperature, or if it's a pressure sensor you'll get pressure, but if it's an active directory server you'll get an active directory message. The problem comes about because in some cases, the fields are not labeled. Rather than an identifier for a source IP address (e.g. "SRCIP="), it will just have the address, and you have to determine what it is based on its location within the message. Of course, even though the field name is not in the log message itself, the field will still have a name. Extracting it correctly requires that you understand how the vendor formatted it. With LogRhythm, it does a better job than some products at slotting every field into a field name. View full review »
David Kehoe
Information Security Analyst at a pharma/biotech company with 51-200 employees
The most valuable features for me are the customization features. I can build it out to do whatever I want. I've created rules in there for Crypto mining and Crypto jacking. The compliance aspect is phenomenal. The reporting in there is fantastic. It helps our internal audit team. It also helps us with our compliance, as well, for our audit. So it's a lot of good options in there. CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks. A lot of bad habits. Just for a specific use case, I've identified where an account that should have been disabled was being used by another user inside of our network. A lot of policy violations. A lot of geographical location identification inside of the networks. CloudAI-UEBA has enhanced my security operations because I've been able to track down users with anonymous behavior. To be more specific about that, I've been able to track down users that were using accounts that they shouldn't have. So for example, we had a user that left the company and another user was using that account to access servers inside of our network that they didn't have access to. So it's very powerful. It just takes some learning to get used to. View full review »
David Schell
IT Security Analyst
The most valuable feature I get out of the LogRhythm platform is being able to take machine data and present it in a format that's easy to understand, easy to analyze, easy to pivot through to get answers to the questions that I had that I'm investigating, whether they're security related or operationally related. At this time, we're not using any of the playbooks in LogRhythm because it's currently not available in our version. However we are very excited about that feature coming out in the near future and we're definitely looking at using playbooks to do phishing, unauthorized access and our other use cases we're gonna identify in the future to make sure that our analysts are responding to the threats in similar ways and that the correct actions are being taken. We have around 75 different types of log sources coming into the environment right now. The log source support is good, there's always room for improvement. One of the areas that LogRhythm's kind of pushing really hard right now is to integrate more cloud solutions, so your Office 365, your Azure, your AWS, making sure that those SaaS and other cloud platforms are getting the data you need into that platform. It's getting better but there's definitely still work to be done. We currently have 3000 messages per second in our environment but we still have a number of different resorts to onboard in our tenant. So we're definitely looking to push above, probably the 7, 8000 range. View full review »
Steve Bonek
Information Security Manager at a healthcare company with 1,001-5,000 employees
I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment. As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so. View full review »
Jacob Hinkle
Security Engineer at Managed Technology Services LLC
The most valuable features are the reporting tools. A lot of times as security, we are tasked with explaining to management and the executives how the security program is going, what our concerns are, and if we want to get anything out of them as far as budget to fix some issues. We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program. View full review »
Jason Gagnon
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
The most valuable feature that we use is the AI Engine itself. View full review »
James Whistler
Security Administrator at a non-profit with 501-1,000 employees
The most valuable feature has just been the log reporting. Within three hours of installation of LogRhythm, we were pulling error reports that actually indicated we had a switch about to fail. It saved us about ten thousand dollars of a potential failed switch. We are ramping up the analysis and the analytics part of the LogRhythm. We're in the process of building a lot of that. We're trying to build out as clean as possible, so what we have in place is a lot of the intrusion detection and basic PCI compliance. View full review »
Punit Patel
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
Some of the valuable features, I find it's very easy for me to integrate new log source types within the SIEM. The MPEs, there's plenty out of the box solutions that we can integrate new appliances with. We're constantly buying and upgrading our appliances, so it makes it easy for me to ingest logs and run correlations in the AI Engines. Currently, we don't have full spectrum capabilities. We're using AI Engine mostly to run correlations, and then we obviously have our dashboards and stuff, but apart from that, we're working on the UEBA implementation for users to run more correlations. We do have our net monitors that we use to run packet monitors, packet captures, and even traces. View full review »
SnrArchi4b5a
Senior Architect at a energy/utilities company with 201-500 employees
We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot. View full review »
reviewer748821
Information Security Analyst at a non-profit with 1,001-5,000 employees
The most valuable features for me is just to be able know who's in the network, being able to drill down on the alarms, to being able to look at the different rules or whatever that's been impacted within the network for anyone being in the network. At this point we don't use the full spectrum of analytics. We're still fairly new and trying to tweak our system to get the information that we want out of it. So we're still at the beginning stage. We are not using the playbooks, we're still on a version that doesn't support them. But yes, after going through the session today, the preview session, we definitely want to use the playbooks. View full review »
Security7ef8
Security Admin with 1,001-5,000 employees
The most valuable features are probably the AI Engine is very valuable, as well as Netmon. We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks. View full review »
Wadson Fleurigene
Information Security Engineer at Seminole Tribe of Florida
The most valuable feature is the Threat Intelligence Services (TIS). View full review »
Alex Wood
Systems CSO at a manufacturing company with 1,001-5,000 employees
From an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have. We use the full-spectrum analytics capabilities. We have a number of rules that we've built, and built-in rules that we leverage as well. We've got a whole bunch of dashboards and the like to do the analytics. We definitely find the full-spectrum analytics to be valuable. View full review »
Anthony Workman
Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees
The most valuable features would be the automation, reporting, and the support. I do plan to use the full extent of the correlation and AI Engine to streamline our processes. View full review »
Rob Haller
Security Engineer at US Acute Care Solutions
The analytics that it does. Full-spectrum analytics capabilities, which we use for: * User behavior. * Watching and monitoring for login events or any anomalies. * Going through and watching trends. * Knowing what activities endpoints are doing, where they're going, what websites they visit, then making sure that they're in the normal or making sure they pick up on any outliers. View full review »
Kurt Schroeder
Senior Security Engineer at a manufacturing company with 5,001-10,000 employees
The AI Engine can take an event and correlate it into something else giving meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system. Therefore, if I find somebody needs to action other things on it, I can just forward the ticket along. This is all done via email, which is pretty slick. View full review »
Briane Harris
SOC Analyst at a financial services firm with 1,001-5,000 employees
Being able to find everything in one place is really nice when you're doing your searches. View full review »
ITSecuri3467
IT Security Architect at a construction company with 10,001+ employees
Out-of-the-box, it already has a knowledge base solution. Therefore, if you do a little bit of work, such as configure the lists and log sources, you can have use cases implemented quickly. View full review »
Mike Natale
Information Security Analyst at Endicott College
* The threat analytics * Seeing what potentially could be happening; what are the riskiest things going on. View full review »
SecurityOps35453
Security Operations Center Manager at a financial services firm with 1,001-5,000 employees
We find the user interface and the ability to pivot near search from one particular item to the next part item to be highly valuable. Its ability to work with all different sorts of log sources has been extremely valuable. View full review »
Security40a8
Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing. View full review »
Gordon Wallum
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
We like the alerting features. They seem a little more hands-on and easier to set up. View full review »
SecEng3904
Senior Security Engineer at a marketing services firm with 1,001-5,000 employees
The most valuable features are the alarms, and some of the reporting features in the product are great. The web interface is awesome, it's very intuitive and gives a lot of great information. View full review »
Ashlish Baria
Manager of Information Security at a real estate/law firm with 51-200 employees
I wish I could just name one feature! There are so many: * The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market. * LogRhythm differentiates itself through its usability. * Its simplicity. It can do more than just basic simplicity. View full review »
Eric Hart
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
The capabilities that we mostly take advantage of in the LogRhythm platform is the wide array of log formats that we can bring in from various systems, and the capability to create custom role processing capabilities for log sources that may not already be a part of the platform. Currently, LogRhythm, the playbook's functionality is not in my version, so we're looking forward to utilizing playbooks. That's part of the main draw for me to come here, was to learn more about the playbook functionality and how we can incorporate that into our platform. But right now, the functionality is not there. View full review »
Security9162
Security Engineer at a financial services firm with 1,001-5,000 employees
The Web Console is my favorite. It enables me, at a glance, to see the health of the environments. That is really important to me and to us. View full review »
Timothy Sueck
Security Analyst at a financial services firm with 501-1,000 employees
The most valuable features, for me as user, is probably the AI engine rules and dashboards, which give us a lot more insight into our security. The playbooks functionality will be valuable down the road, but right now my team is too small to really take advantage of it. Our messages per second right now is probably about 4,500. View full review »
Vp9875
Vice President at a financial services firm with 201-500 employees
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature. View full review »
Mark Baksh
IT Specialist at a healthcare company with 51-200 employees
The AI Engine. View full review »
SeniorSe307d
Senior Security Analyst at a consultancy with 1,001-5,000 employees
* Out-of-the-box features, like widgets and dashboards. * The content in the community is very helpful and useful for new users. View full review »
MarkSemkiw
Senior Network Engineer with 201-500 employees
* AI * SMART Response * Looking forward to using the playbooks View full review »
SeniorSe0355
Senior Security Analyst at a leisure / travel company with 10,001+ employees
The AI Engine is the most valuable feature. View full review »
KatMcMillian
Sr IT Security Engineer at Puget Sound Energy
The most valuable feature is scheduling the KB update, which reduces administrative effort. View full review »
Lindsay Mieth
CISO at Regnum Christi
Daily alerts: These allow me to quickly find security and operational issues which need to be addressed. View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: March 2020.
407,401 professionals have used our research since 2012.