The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
ServiceNow IT Service Management
Score 8.2 out of 10
N/A
Built on the ServiceNow Now Platform, the IT Service Management bundle provides an agent workspace with knowledge management, and modules supporting issue tracking and problem resolution, change, release and configuration management.
N/A
Pricing
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Editions & Modules
No answers on this topic
ITSM Standard
Custom Quote
ITSM Pro
Custom Quote
ITSM Enterprise
Custom Quote
Offerings
Pricing Offerings
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
ITSM Pro and ITSM Enterprise also are available with optional "Plus" add-ons. These include AI Agents, an AI Agent Studio, and other features that augment the capabilities of the platform using AI Virtual Agents to automate tasks.
More Pricing Information
Community Pulse
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Considered Both Products
LogRhythm NextGen SIEM Platform
Verified User
Analyst
Chose LogRhythm NextGen SIEM Platform
We researched Splunk as well but it seemed to require more programming experience than LogRhythm which we currently do not have and could not support another FTE for. SolarWinds SIEM product was another product we researched, although it's basic functionality was good, it was …
Having mostly worked with their on-premises solution, I think it's well-suited for small , medium, and even big organisations. I feel it might be less suited if the customer wants a SIEM with 100% uptime, as it goes down a lot. Or if they want to depend on customer support. I suggest that if you want to go with LR, you have to have your own experienced engineers to work on.
It is well suited for medium to large companies that require a tool to allow users to create IT requests, have a self-service portal, track the completion of such requests and have access to KPIs to understand the satisaction level of the requestors. It is not the best tool if you want to have a heavy personalized IT Service Management tool to cater to all your needs or when you want to have an easy way to search for past tickets using specific keywords.
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
Finding requests that I opened and have since been completed by the assigned group/individual is very difficult to accomplish unless I've written down the request numbers somewhere.
Requests that I opened and are subsequently closed, often continue to appear in the list of "My Open Requests" giving the appearance that they were not completed when in fact they were.
It may exist, but if it does I haven't found it yet, which makes it less than intuitive, but I would like to see the ability to recall a request in ServiceNow.
I believe our firewall rule change request for is a custom form, but it has a serious drawback. If I submit such a request and need to make a correction to it before it is approved, there isn't anyway for me to do so. The request has to first be rejected with the creation of a sub-task in order to edit it before it is resubmitted for approval.
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
To be completely honest setting up a new ticketing system can be a pain in the ass. Once you have it setup and customized the way you want it, you don't want to switch unless you're unhappy with the product. Unless future releases and updates really muck the system up, I wouldn't change.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
It has helped us a lot, and after some training and getting to know the product, we are quite comfortable with it and feel much more capable of understanding what's going on in our IT environment. The only reason it doesn't get a perfect score from me is that there is a learning curve for both end users and IT admins using ServiceNow. Once you customize the UI and remove unnecessary fields. You are left with a very clean product that does what it needs to and does it well.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
I would give it this rating because we have had no major issues with the support for ServiceNow after we implemented it at our organization. They seem to respond promptly and efficiently if we ever do need to open a support case with them about an issue we are having.
To type in what should be a text box, you have to click an empty cell, a tiny text box pop up opens with a check box and an X. You the. Type in the text box and have to click the check mark. If you have a bunch of fields to fill out, doing this is very annoying. Absolutely know thought went in to this. I'm sure somebody in marketing thought it was a good idea. It wasn't.
Without exception, every client I have worked with has been very happy with their resulting product. While this is partly due to my work, I must point out that the platform is the winning decision, not the implementer.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
We used to use Jira to handle service tickets but it's way too robust for something this straightforward. Due to the nature of Jira, you needed to already have a lot of documentation and knowledge about who should be assigned the ticket, so the lift of creating a ticket was time consuming.
We don't currently have a CMDB, so we are leveraging ServiceNow to build one using their ITSM and ITOM tools. This is a huge gap for us as a company and it will be a big win once this is in place.
The core help desk functions are comparable to most other tools on the market, but SN does a great job of integrating that data with other modules like Problem, Change and Event Management to provide a truly integrated solution.
The tool is expensive, so you will need to try to do as much as you can with the platform. We currently use other systems for HAM and SAM but will be including these in our ServiceNow instance in the future to help maximize our ROI.
