LogRhythm NextGen SIEM Platform vs. SonarQube

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
LogRhythm NextGen SIEM Platform
Score 7.7 out of 10
N/A
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.N/A
SonarQube
Score 7.8 out of 10
N/A
SonarQube is an automated code review solution, serving as the verification layer for code quality and SDLC security. SonarQube is used to ensure that code is secure, reliable, and maintainable. It is available through SaaS or self-managed deployment.
$0
Pricing
LogRhythm NextGen SIEM PlatformSonarQube
Editions & Modules
No answers on this topic
Cloud-based: Free
$0
Self-managed: Developer
Starting at $720 annually
per year per installation
Self-managed: Enterprise
Contact sales for pricing
per year per installation
Cloud-based: Enterprise
Contact sales for pricing
per year per installation
Cloud-based: Teams
Starting at $32 per month
per month per installation
Self-managed: Data Center
Contact sales for pricing
per year per installation
Offerings
Pricing Offerings
LogRhythm NextGen SIEM PlatformSonarQube
Free Trial
NoYes
Free/Freemium Version
NoYes
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
LogRhythm NextGen SIEM PlatformSonarQube
Features
LogRhythm NextGen SIEM PlatformSonarQube
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
LogRhythm NextGen SIEM Platform
6.7
22 Ratings
16% below category average
SonarQube
-
Ratings
Centralized event and log data collection8.522 Ratings00 Ratings
Correlation7.522 Ratings00 Ratings
Event and log normalization/management8.022 Ratings00 Ratings
Deployment flexibility4.021 Ratings00 Ratings
Integration with Identity and Access Management Tools6.018 Ratings00 Ratings
Custom dashboards and workspaces7.022 Ratings00 Ratings
Host and network-based intrusion detection7.016 Ratings00 Ratings
Data integration/API management5.54 Ratings00 Ratings
Behavioral analytics and baselining7.04 Ratings00 Ratings
Rules-based and algorithmic detection thresholds7.04 Ratings00 Ratings
Response orchestration and automation6.04 Ratings00 Ratings
Reporting and compliance management6.05 Ratings00 Ratings
Incident indexing/searching8.04 Ratings00 Ratings
Best Alternatives
LogRhythm NextGen SIEM PlatformSonarQube
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 7.9 out of 10
GitLab
GitLab
Score 8.8 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Veracode
Veracode
Score 8.7 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Veracode
Veracode
Score 8.7 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
LogRhythm NextGen SIEM PlatformSonarQube
Likelihood to Recommend
7.0
(22 ratings)
8.8
(35 ratings)
Likelihood to Renew
8.0
(2 ratings)
-
(0 ratings)
Usability
6.5
(4 ratings)
9.1
(2 ratings)
Support Rating
8.2
(9 ratings)
9.0
(1 ratings)
Implementation Rating
8.0
(1 ratings)
-
(0 ratings)
User Testimonials
LogRhythm NextGen SIEM PlatformSonarQube
Likelihood to Recommend
LogRhythm
Having mostly worked with their on-premises solution, I think it's well-suited for small , medium, and even big organisations. I feel it might be less suited if the customer wants a SIEM with 100% uptime, as it goes down a lot. Or if they want to depend on customer support. I suggest that if you want to go with LR, you have to have your own experienced engineers to work on.
Read full review
SonarSource Sarl
SonarQube is excellent if you start using it at the beginning when developing a new system, in this situation you will be able to fix things before they become spread and expensive to correct. It’s a bit less suitable to use on existing code with bad design as it’s usually too expensive to fix everything and only allows you to ensure the situation doesn’t get worse.
Read full review
Pros
LogRhythm
  • LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
  • The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
  • The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
  • I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
  • In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
Read full review
SonarSource Sarl
  • Detecting bugs and vulnerabilities: SonarQube can identify a wide range of bugs and vulnerabilities in code, such as null pointer exceptions, SQL injection, and cross-site scripting (XSS) attacks. It uses static analysis to analyze the code and identify potential issues, and it can also integrate with dynamic analysis tools to provide even more detailed analysis.
  • Measuring code quality: SonarQube can measure a wide range of code quality metrics, such as cyclomatic complexity, duplicated code, and code coverage. This can help teams understand the quality of their code and identify areas that need improvement.
  • Providing actionable insights: SonarQube provides detailed information about issues in the code, including the file and line number where the issue occurs and the severity of the issue. This makes it easy for developers to understand and address issues in the code.
  • Integrating with other tools: SonarQube can be integrated with a wide range of development tools and programming languages, such as Git, Maven, and Java. This allows teams to use SonarQube in their existing development workflow and take advantage of its powerful code analysis capabilities.
  • Managing technical debt: SonarQube provides metrics and insights on the technical debt on the codebase, enabling teams to better prioritize issues to improve the quality of the code.
  • Compliance with coding standards: SonarQube can check the code against industry standards like OWASP, CWE and more, making sure the code is compliant with security and coding standards.
Read full review
Cons
LogRhythm
  • LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
  • LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
  • The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
Read full review
SonarSource Sarl
  • Importing a new custom quality profile on SonarQube is a bit tricky, it can be made easier
  • Every second time when we want to rerun the server, we have to restart the whole system, otherwise, the server stops and closes automatically
  • When we generate a new report a second time and try to access the report, it shows details of the old report only and takes a lot of time to get updated with the details of the new and fresh report generated
Read full review
Likelihood to Renew
LogRhythm
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
Read full review
SonarSource Sarl
No answers on this topic
Usability
LogRhythm
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
Read full review
SonarSource Sarl
It can improve in some user experience and usability parts, like the code view and the way we assign issues it's a bit hidden and not highlighted
Read full review
Support Rating
LogRhythm
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
Read full review
SonarSource Sarl
We we easily able to integrate the SonarQube steps into our TFS process via the Microsoft Marektplace, we didn't have the need to call SonarQube support. We've used their online documentation and community forum if we ran into any issues.
Read full review
Implementation Rating
LogRhythm
  • Buy professional services.
  • Buy and implement the system if possible.
  • Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
  • Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
  • Don't be afraid to call for help during your first months of use.
  • Don't close any ticket until you are sure the expected results are verified.
  • Use the community forums to discuss issues with your peers.
  • Watch the training videos offered by L R University.
Read full review
SonarSource Sarl
No answers on this topic
Alternatives Considered
LogRhythm
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
Read full review
SonarSource Sarl
SonarQube is an open-source. It's a scalable product. The costs for this application, for the kind of job it does, are pretty descent. Pipeline scan is more secured in SonarQube. Its a very good tool and its support multiple languages. Its main core competency is of static code analysis and that is why SonarQube exists and it does it exceedingly well. The quality of scan on code convention, best practices, coding standards, unit test coverage etc makes them one of the best competent tool in the market
Read full review
Return on Investment
LogRhythm
  • It gives the overall view of the environment so we are always aware of our security position.
  • It has created operational effectiveness; we are able to rapidly detect threats and resolve it fast.
  • We have been able to track inappropriate login attempts through tickets.
Read full review
SonarSource Sarl
  • Positive ROI from the standpoint of flagging several issues that would have otherwise likely been unaddressed and caused more time to be spent closer to launch
  • Slightly positive ROI from time-saving perspective (it's an automated check which is nice, but depending on the issues it finds, can take developers time to investigate and resolve)
Read full review
ScreenShots

SonarQube Screenshots

Screenshot of Projects.Screenshot of Static Application Security Testing.Screenshot of Software Composition Analysis.