The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
ManageEngine ADAudit Plus
Score 9.6 out of 10
N/A
ADAudit Plus offers real-time monitoring,
user and entity behaviour analytics, and change audit reports that helps users keep AD and IT infrastructure secure and compliant. Track all changes to Windows AD objects including users, groups,
computers, GPOs, and OUs. Achieve hybrid AD monitoring with a single, correlated view of all
the activities happening across both on-premises AD and Azure AD. Monitor every user's logon and logoff activity, including…
$595
per year
Pricing
LogRhythm NextGen SIEM Platform
ManageEngine ADAudit Plus
Editions & Modules
No answers on this topic
Standard
$595
per year
Professional
$945
per year
Offerings
Pricing Offerings
LogRhythm NextGen SIEM Platform
ManageEngine ADAudit Plus
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
Pricing is dependent on the number of domain controllers and starts at $595/year for the Standard edition, and $945/year for the Professional edition.
More Pricing Information
Community Pulse
LogRhythm NextGen SIEM Platform
ManageEngine ADAudit Plus
Considered Both Products
LogRhythm NextGen SIEM Platform
No answer on this topic
ManageEngine ADAudit Plus
Verified User
Manager
Chose ManageEngine ADAudit Plus
We were using the Snare client that was only capable of forwarding logs to some type of syslog server. To be able to get meaning full reports or alerts from that system it would all need to be customized. This would require that you had the expertise on staff to set up these …
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
ManageEngine is mostly a "check the box" solution for SIEM systems. We needed something that satisfied our customer and was cost-effective. I would highly rate the system on "worth what paid for". Support is eager to please and prompt. My only issue is that it's mostly based outside the US with helpful, but non-native speakers so it's hard to understand them. I wish they would spring for better help "phone lines" so I'm not dealing with difficult to understand and unclear speakers.
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
ManageEngine ADAudit Plus changes for user and group management can be looked up in builtin reports
You can build your own reports based on almost every logic you can think of
You have the ability to create alerts based on logic and filters and sendout custom alerts to email, SMS or other means.
First you need to understand the basics of the software, after that the software itself is very helpfull in configuring specific items.
I really love the support that ManageEngine is giving the customer, for all questions I use the chat on their website. This is for me the best remote support I ever saw, and I saw a lot in my 20 years of experience in IT.
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
In earlier releases there were quite a few bugs and performance issues. These have since been resolved.
When integrated with the Log360 Suite, it can be confusing on whether EventLog Analyzer or ADAudit Plus are "managing"/"Ingesting" the data from a given endpoint.
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
It works great for everything we need and use. Any issues in the software are pretty easy to resolve with tech support. And they are very responsive to resolving issues. Even ones where a fix/patch are required. At present, the software does everything we need it to for compliance, audit, and account review.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
ADAudit with its cloud and on prem install option allows any organization to get in on AD report management. Whether you need to report internally only for for external audit controls its a great tool with flexibility to handle most any user or group report capability. Since this also includes m365 integration it enables IT pros to administer usage, license, cost control and permission access to most anything in Microsoft's portfolio. Its a great tool all around for AD integrated access needs.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
The attention to cases or situations with the tool has been exceptional. being able to count on the manufacturer either by mail, call or chat. generate cases directly from the application allows you to have personalized support in order to solve problems that has been able to appear.
The remote setup team helped when i needed it and setup weas very straight forward and easy. The advanced setup for an external db and customizations for our latest version AD environment went pretty easy once they found documentation on customization.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
In terms of features, ADAudit Plus offers a comprehensive set of features for monitoring and auditing Active Directory, including real-time alerts, detailed reports, and user behavior analytics. The platform also offers support for multiple platforms, including Windows, UNIX, and Linux, as well as integration with other ManageEngine tools.
The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
