TrustRadius Insights for LogPoint are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
User-friendly Interface: Users find LogPoint easy to use and appreciate its user-friendly interface, which makes tasks simple to navigate and perform effectively. Several reviewers have specifically mentioned this as a positive aspect of the platform.
Exceptional Sales Support: The salesperson provided exceptional support, impressing users with their knowledge, professionalism, and wealth of information, references, and contacts to address customer concerns. Many users have praised the sales support they received when interacting with LogPoint.
Search Templates for Account Lockouts: Users highly regard LogPoint's capabilities and its usefulness in investigating account lockouts through the Search Templates feature, which allows for defining searches across multiple log sources on a single page. This feature has been highlighted by a significant number of reviewers as being particularly valuable.
We are a LogPoint partner, and I'm in charge of integrating the solution in our customers' environments. <span style="letter-spacing: -0.6px;">The reasons our customers choose LogPoint vary from needing a central log repository for compliance reasons to speeding up investigations, etc.</span><span style="letter-spacing: -0.6px;"> The main reasons I see for LogPoint being chosen instead of other SIEM solutions is its pricing model.</span>
Pros
Pricing model
Active support
Ease of use
Cons
Stability (weird issues)
Transparency (hard to investigate issues)
Search template should be improved
Likelihood to Recommend
<div>LogPoint is well suited for smaller environments with small teams that don't have much time for training and need a solution that is quickly operational.</div><div>
In bigger environments, however, the fact that issues often need support to intervene--which causes delay--makes this solution less appropriate.
We purchased LogPoint to replace a legacy log collection tool that was end-of-life, but it has become so much more than a repository for logs. We use it to collect logs from endpoints, servers, firewalls, routers, applications etc. Being able to correlate searches across different log sources is invaluable. For example, it has helped us to investigate account lockouts much more quickly, getting the user involved back up and running as swiftly as possible. This used to be a laborious process, checking multiple logs in different locations. Now it's a simple dashboard on a webpage. It's also proved very useful in investigating suspected security incidents.
Pros
Log storage - depending on the value of the data, you can specify different retention periods.
Log enrichment - LogPoint can use various sources, such as Active Directory and threat intelligence feeds, to enrich logs and make them more useful.
Correlation - you can write complex search queries that bring in information from multiple log sources.
Alerting - any search can be used to configure an automatic alert, triggering an email if an event is detected, or passes a set threshold.
Support - LogPoint support is always incredibly helpful.
Cons
Ease of use - some aspects of LogPoint are difficult to find, hidden away in parts of the product that are not intuitive. For example, you have to go into the Knowledge Base to find the alert rules you've set up.
User community - the user community for LogPoint does not seem to be as large or active as some of their competitors.
UEBA - so far the UEBA functionality has not generated any usable insights for us.
Likelihood to Recommend
LogPoint is incredibly useful for pulling information from various log sources and combining them together to offer insights into suspicious or potentially malicious behaviour. It is not intuitive and can take some time to get used to. Once you're up and running though, it's easy to onboard new log sources. Search queries can again be tough to get used to, but LogPoint support is really helpful and can offer assistance with writing more complex searches.
VU
Verified User
Manager in Information Technology (1001-5000 employees)
LogPoint is used internally to consolidate logs into a single place. Based on that, we are now able to have a cross solution analyse, detect threats and help our operational team to provide the fastest solution. We use LogPoint in the whole organization.
Pros
Analyse in real time lots of different logs and alert security team based on predefined alert templates.
Simple and fast deployment.
Pre defined templates available for dashboarding, alerting, reporting and logs normalization.
Cons
Providing a full Cloud solution
Having more documentation for complex deployment
Likelihood to Recommend
LogPoint could be implemented in different use cases and company sizes based on their deployment options from all-in-one to multiple roles and servers.
LogPoint is less appropriate for "cloud first" companies because it could be complex to deploy to the Cloud.
LogPoint is used to aggregate all our important logs in one place, giving us an easy to use, reliable solution. We also rely on it to alert us to any anomalous behavior in the user base, the arrival of phishing emails, monitoring user web access, and many other things. It is used predominantly by the IT dept at all levels, providing deep detail along with easy to use search functionality.
Pros
Log aggregation
Log search functionality
Excellent customer service
Cons
Some maintenance tasks can only be performed by support
Likelihood to Recommend
If you need a good-looking, easy to use SIEM product then look no further.
VU
Verified User
Professional in Information Technology (501-1000 employees)
<div>We are an MSSP company with a SOC providing multiple security services, including forensic, pentest, incident response, etc. Initially we were only reseller and LogPoint integrator. <span style="letter-spacing: -0.6px; word-spacing: -0.75px;">The current SIEM we use for our SOC (LogRhythm) has many problems, is very expensive and the technical support team is slow to answer. Especially on log normalization. That is why we have started a migration to use LogPoint instead of LogRhythm in the next month.</span></div><div>
</div><div>LogPoint is not identical with LogRhythm, but has solid strengths, at least:</div><div><ul><li>license model</li><li>technical support team (with possibility of support IP through VPN)</li><li>log normalization creation for unknown logs are pretty fast</li><li>no extra cost for high availability architectures</li></ul><div>The only drawback for now are:</div><div><ul><li>To simple alert management interface. When there is 10 identical alerts, it is difficult to still have a global vision of everything and it is time consuming to resolve all of them. LogPoint is clearly not usable as is for MSSP or big customers, a SOAR solution should be used in addition.
</li><li>Clear interface, except sometime where it is a little bit confusing</li><li>Lack of self monitoring, we cannot know from the web UI if an alert rule is consuming to much resources.</li></ul><div>
</div></div></div>
Pros
Technical support team is fast and competent
License management and cost
Log parsing
New logs can be provided to the support team for parser creation
High Availability architecture does not cost more
Cons
Alerts interface is too simple, hard to keep visibility if there is more that 10 alarms
Web UI is clear but sometimes confusing
LogPoint never warns on bad practices that could leads to performance issues
Lack of self monitoring, to display which alert rule is consuming too much resources
Likelihood to Recommend
LogPoint can be deployed easily in high availability to absorb a lot of log per seconds. <span style="letter-spacing: -0.6px; word-spacing: -0.75px;">But LogPoint only, without SOAR, is not well suited for MSSP or big companies that could have a lot of alarm rules every days. There is no link between old and new alarms (for same IOC for example), and the interface is not enough clear to manage them all.</span>
