LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform

Overview

Recent Reviews

LogRhythm is on beat!

8 out of 10
September 05, 2019
This product is mostly used by our security team, but it is also used by our firewall administrator. We use it for log aggregation as well …
Continue reading

Popular Features

View all 13 features

Centralized event and log data collection (22)

8.7
87%

Correlation (22)

8.4
84%

Custom dashboards and workspaces (39)

8.1
81%

Event and log normalization/management (39)

7.7
77%

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of LogRhythm NextGen SIEM Platform, and make your voice heard!

Pricing

View all pricing
N/A
Unavailable

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

11 people want pricing too

Alternatives Pricing

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate…

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

Features Scorecard

Security Information and Event Management (SIEM)

8.1
81%

Product Details

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.

LogRhythm NextGen SIEM Platform Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Comparisons

View all alternatives

Frequently Asked Questions

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.

What is LogRhythm NextGen SIEM Platform's best feature?

Reviewers rate Centralized event and log data collection highest, with a score of 8.7.

Who uses LogRhythm NextGen SIEM Platform?

The most common users of LogRhythm NextGen SIEM Platform are from Enterprises (1,001+ employees) and the Computer & Network Security industry.

Reviews and Ratings

 (65)

Ratings

Reviews

(1-22 of 22)
Companies can't remove reviews or game the system. Here's why
Mohammed Younus Siddiqui | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm NextGen SIEM Platform in our university to ingest all types of logs. Be it firewall logs, window events logs etc. If it has a log then we send it to LogRhythm NextGen SIEM Platform. This ensures that we have all our logs in one central place which can then be used to analysis and cross section and use case creation.
  • Log Ingestion
  • Dashboards
  • Alerts
  • Hard to Use
  • Multiple modules with different points of entry
  • Needs AI
If you want one of the best SIEM platforms out there with in built ready to use dashboards and use cases then LogRhythm NextGen SIEM Platform is the SIEM for you. However, you will need technical training and expertise to make sure that it runs smoothly and to built your own custom use cases. And also it's expensive.
Adrian Rodriguez | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We have used the services of LogRhythm NextGen SIEM Platform for a couple of years to be sure of the threats that exist in the network, as we already had previous experience with similar software, using it became easy for us, it is a system with good features for threat detection and response, the real-time analysis is perfect, the monitoring is very good and it offers us a threat detection that other systems cannot. The implementation went smoothly, the support team gave us some great suggestions to make us more successful with LogRhythm.
  • Real-time analysis that guarantees that our system is protected.
  • We can handle a large amount of log data.
  • I like how it protects our business environment, it also has simple and automatic functions to guarantee the perfect functioning of our activities.
  • The great board that facilitates understanding also has the ideal technical support, they are attentive and highly receptive to our sudden doubts.
  • We haven't had any problems so far, the only thing my colleagues don't agree with is its high price, but I know it's quality software and the price is fine with me.
If you want a great SIEM tool and can't get the ideal one, let me tell you LogRhythm NextGen SIEM Platform is a good solution as it is easy to implement, only basic knowledge required, very easy to use. the monitoring is automatic and with great detection capacity, it has good use case creation, it detects threats that really put our system at risk, there are no false positives and it has a dashboard that any beginner can understand at a glance. For me and our team, it has the highest score and is above similar software.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We have deployed LogRhythm NextGen SIEM to incorporate all of our system logs, network appliances, and security servers. It provides well-profiled logs that we use in daily operational in-depth diagnosing. The SIEM also offers automated reports that review our logs daily. The inbuilt and customized dashboards monitor events' real-time security. The AI engine regulations rapidly detect malicious events and send us immediate alerts. It also issues organized reports to fully meet our HIPAA compliance needs.
  • Massive log incorporation.
  • Top notch reporting and alerting features.
  • It rapidly detects hostile activities through the AI engine regulations.
  • Executing huge web searches on web traffic can make it a bit rickety.
  • It has a tight support for cloud domains.
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
Score 8 out of 10
Vetted Review
Verified User
Review Source
1)The LogRhythm solution is used to monitor the majority of our servers, and the use scenario is to ensure that nothing unusual is occurring. It has increased the organization's perception of security. We feel confident in the data it collects, and we can see if something isn't reporting through its metrics. 2)It allows us to create a more stable and safe environment in which to respond to attacks in real-time. It appeals to me because it enables us to more efficiently identify risks across our terminals, networks, Websites, and other sites, and prevent them in real-time.
  • The LogrhythmNextGen SIEM Framework is very convenient and easy to manage, and it comes with a slew of tools and features that no other SIEM remedy can match.
  • The LogrhythmNexGen SIEM System is a fantastic solution for creating a streamlined event response management process and ensuring unbreakable endpoint security.
  • We can manage all of our safety mechanism logs and topologies from one location, allowing us to keep track of what's going on across the organization and what adjustments we need to take to improve security.
  • Sometimes users authenticate from different hosts when, in actuality, it is only the individual's computer, the user's IP, and sometimes their domain names with our web address afterward.
  • Setup of LogRhythm can be a difficult task. Importing every log source and deciding what gets logged and what doesn't on a near device-by-device basis can take several weeks.
  • UI should be modified to latest model from traditional function.
1)Product functionality and performance.
2)Product roadmap and future vision.
Score 10 out of 10
Vetted Review
Verified User
Review Source
It's been 3 years that I started using LogRhythm. It is very good. The LogRhythm SIEM is an extremely well-rounded platform, definitely one of the best on the market when compared to the many other products I've used in the 6 years of my career in information security. The product and its features have continued to evolve over the past 4 years that I've Managed it by making it easy for new and veteran analysts to get the information they need in a timely fashion. The setup, installation, and maintenance of the solution are seamless for our implementation. The product has a great community and slack channel where people share ideas or help each other. The documentation and support for the SIEM product are extensive and easy to find, and without much interaction, with LogRhythm support, we were able to learn just about any aspect of the highly configurable SIEM. A great product.
  • Paltform
  • UI
  • ENGINE
  • nothing is missing
  • all good
  • with futuristic room
It is well suited for infra where Info security is needed. as and when
  • Enhance decision making
  • Improve compliance & risk management
  • Improve business process agility
  • Create internal/operational efficiencies
  • Improve business process outcomes
  • Product roadmap and future vision
  • Strong services expertise
  • Product functionality and performance
  • Breadth of services
  • Strong customer focus
  • Strong user community
James Harrison, CISSP | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Review Source
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
  • Great Web UI for help desk troubleshooting.
  • Identification and drilldown of authentication issues.
  • Performance trending.
  • Correlation of events.
  • Access and group policy change monitoring.
  • Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
  • Query building in the WebUI has little or no documentation.
  • Depth of training on reporting is lacking.
Logging is always necessary if
1. You have audit requirements for system access
2. You need to alert and report on user activity
3. You need to troubleshoot issues
4. You want to monitor, report and alert on malicious / suspicious activity
5. You want to impress your management team with statistics...

I cannot think of any computing environment where logging is not appropriate.
Over the last couple of years, we have had some challenges requiring longer and higher tiered support. Log Rhythm was quick to assign a 3rd tier engineer to assist us in identifying and re-mediating those problems. They have also assisted in getting us to later versions. They are willing to hand hold during platform upgrades.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using this as our SIEM taking in all of our logs from various networking, security, servers, and workstations.
  • Ease of use.
  • Multiple dashboards.
  • Advanced defense.
  • Digging into alerts and log files is a little bit hard.
One thing I really like with LogRhythm is that we can have it set up to auto defend certain attacks to help out with some of the basic attacks.
We use it through a Soc as a service provider and the support has been excellent so far.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our Security Team is using LogRhyhthm NextGen SIEM Platform at the University of Colorado.
This our alarming default system that parses logs from our firewall, outlook, system logs, IDS logs, and some confidential cloud data logs and displays tickets.
LogRhythm NextGen SIEM Platform is right for our organization as it requires no knowledge in coding or programming. Therefore non-technical users can also use this product to build rules and manage the servers.
The second benefit is the "drill down" feature that goes to the depth of the event, extracts information, and display in a very well structured manner with easy to understand visualization. It is very easy to go through and detect the problem. It also has a robust search tool for parsing through a high volume of logs.

In a nutshell, our overall incident response went a lot better than what it used to be five years ago.
  • LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
  • The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
  • The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
  • I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
  • In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
  • The LogRhyhtm NextGen SIEM Platform is good in terms of looks, but sometimes it is too sophisticated to do the simplest of tasks like, for example: counting the number of occurrences of a particular IP address in total logs for that specific day or month.
  • They can provide a simple syntax bar like Splunk, for technical users who feel a syntax-based query is more powerful than just GUI.
  • There can be a feature that can help you customize the amount of data to be displayed without "drill down." A lot of the time, it isn't worth waiting 10-15 seconds to find 5% extra required information that could be displayed easily before drilling down.
  • It doesn't have any online community or proper documentation that has a user rating on it. A lot of the times, their documentation doesn't help us.
I will say that the LogRhythm NextGen SIEM Platform is well suited for an organization that is not very big but has multiple log sources. Or a lot of non-technical employees who do not know how to code or do write custom queries. Typically it is a good fit for universities and mid-range startups. This has an excellent interface, dashboard, useful for managing roles, but it doesn't provide the level of customization that a technical person with knowledge of coding probably would prefer. Software like Splunk and Elastic Search are much more flexible in terms of the granularity of the search.
The overall support for LogRhythm NextGen SIEM Platform is not that impressive. There are customer support officers to help when required. However, the biggest challenge is the non-availability of an open community. LogRhythm NextGen SIEM Platform is expensive and is not open. Those who do not have access to the Software need to buy their documentation. That's why there isn't much help online. Skimming, through the documentation, doesn't always solve the necessary problem. The company themselves haven't put any useful docs online. This needs improvement.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We utilize LogRhythm across our entire organization for log collection and security investigations. We utilize both log collectors and Syslog pulls across all Windows platforms as well as Linux systems.
  • Centralized log collection database.
  • Searching logs for security incidents.
  • Running smart responses for more routine checks via API's with other platforms.
  • Configuring log collectors could be more intuitive via the thick clients.
  • Merging the Thick and Thin client consoles would be a nice architecture change.
It is well suited If you just have Windows servers and platforms that utilize sys logging the process is relatively easy to collect logs.
Support it relatively responses via email, but we can always get prompt help when calling to open a trouble ticket.
Score 5 out of 10
Vetted Review
Verified User
Review Source
Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.
  • Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
  • LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
  • Searching/Investing thru logs is extremely quick with LogRhythm.
  • While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
  • Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
  • The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
Score 9 out of 10
Vetted Review
Verified User
Review Source
My current company provided the solution to one of our clients and I was involved in the implementation process. It's being used by the IT security department to primarily monitor financial & security problems. LogRhythm is used in detecting unusual financial transactions, new/existing security threats within the network, and in detecting when people are not following corporate policy around avoiding particular applications/websites.
  • User-Friendly UI
  • GUI based control panel
  • Integrated platform
  • Reporting
  • More Correlation Rules Needed based on Behavior Analytics
It is suited for all kinds of organizations especially for those where IT security professionals are involved in multiple activities. LogRhythm is really easy to get used to, so even if the users don't get to spend enough time with this solution, they will still be able to understand the basic offerings.
I think they still need to try a little more to help out their customers even if the problem is out of their usual scope.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm NextGen SIEM as a centralized system log repository. We purchased the product 5 or so years back to satisfy PCI compliance as our company has to maintain level 1 PCI compliance which states that all your system logs have to be maintained in a central location. We review the logs daily via automated reports sent to our ticketing system. It helps us keep on top of issues and to maintain compliance.
  • Updated GUI interface is rather easy to use and looks nice
  • Once up and running, seems to remain that way, we don't really have any issues with it
  • Was cost effective compared to other solutions
  • Implementation is tricky, definitely requires having them do the implementation for/with you
  • The software can be overly complex at times
  • Adding a Windows server to the solution isn't hard but seems like it could be made quicker/easier
I'd say LogRhythm is best suited for larger environments with hundreds of servers and network devices. For smaller businesses you could probably get by with one of the many free open source logging solutions out there, though it may be harder to get up and running without some assistance. For example many years ago when we were much smaller we used a really cheap solution called Kiwi but back then we had maybe 20 servers instead of 250+ we have today and that worked fine for those, but no way could we do that now.
Support has always been fantastic for this product compared to many other support providers I've worked with. They are always very friendly and seem to be well trained and knowledgeable and never have to wait long for a solution. We usually get the issue fixed in the first call, but also we really haven't had to use support a ton so that's also a plus.
Score 10 out of 10
Vetted Review
Verified User
Review Source
We currently are utilizing the LogRhythm SIEM primarily for Information Technology needs. This product is leveraged in a number of ways, one of which is to help auditing security events such as someone being added to the "Domain Administrators" security group in Active Directory. Additionally, we utilize the dashboards (both built-in and custom) to monitor events such as successful authentications from outside of the United States (since all our offices are within the USA).
  • LogRhythm SIEM provides an amazing granularity when it comes to building reports and alerts/alarms. There are a variety of syntaxes that are supported (regex, boolean, Lucene, etc) so getting exactly what you want is easy.
  • There is a vast amount of pre-defined log source types already available so adding new log sources is a breeze. Additionally, you have the ability to custom-parse a log type for those instances in which there isn't already a pre-defined log type.
  • LogRhythm is constantly improving its software and the capabilities/integrations that it provides. SmartResponses are also frequently being developed, which really help us to quickly (or automatically) take action when certain events are triggered.
  • They have been expanding the functionality of the "cases" features in the SIEM, which works fine, however, we don't utilize that feature in our deployment so (for us) it is a wasted feature.
  • Since the application provides such granularity/control, it can seem a little overwhelming to someone unfamiliar with the software. Luckily the software is pretty intuitive and laid out in a manner that is easy to understand. I would highly recommend sending your administrator to the (1 week long) on-site training that LogRhythm offers.
  • In order to really get the most out of the software, it takes a decent amount of work to get it configured. The software will function without specifying your subnets/VLANs, but for more accurate reporting it is recommended to define that information. I don't really consider that to be an oversight or issue with the software, but it is something to think about with any SIEM solution. It takes a little bit to really get it defined before you get the most out of it.
I currently am leveraging LogRhythm to help me keep an eye on auditing. I have configured many different AI rules that look for specific event IDs such as users being added to administrator groups, accounts being locked out, or successful international logins. Additionally, since Windows Event logs frequently fill up and are overwritten, we use the LogRhythm SIEM as a log repository that can be searched to help identify the root cause of outages. The "second look" feature is nice as well because I can do a historical search in logs from well over a year in the past.
The overall support that we have received has been excellent. With the combination of professional services/support and the community website, we have been able to resolve all issues that we have encountered. There was at least one instance in which we experienced an issue for almost a year before the ultimate solution was discovered, but that was more about convenience in upgrading rather than the application functioning as a SIEM.
September 05, 2019

LogRhythm is on beat!

Score 8 out of 10
Vetted Review
Verified User
Review Source
This product is mostly used by our security team, but it is also used by our firewall administrator. We use it for log aggregation as well as event correlation and automation of firewall security policies. Its primary use case is to keep updated security policies regarding changing threat vectors on our internet edge.
  • Event Correlation
  • Log Aggregation
  • Security Policy Updating
  • User Interfacing
  • Troubleshooting the product itself isn't easy
  • Very Expensive
LogRhythm is best suited to an environment where there is a large number of devices with logging capabilities. Any infrastructure that is large and unwieldy would do well to implement LogRhythm. I would typically suggest it in high-security networks and networks looking to do security automation or networks with high audit requirements.
Being a major player in the market puts LogRhythm in a good place for support. Not only does their tech support have the chops to help out when you call (being a major player does well in setting them up to pay for good tech support), but other products almost have to integrate well with it to sell.
Score 4 out of 10
Vetted Review
Verified User
Review Source
We are using LogRhythm as our enterprise-wide SIEM tool for all log ingestion. We recently (3+mo) decided to uplift the implementation to include our AWS cloud environments. We need a SIEM tool to analyze and ingest event logs.
  • Event & Log ingestion - Enterprise grade SIEM tool.
  • Ease of implementation, support, documentation, and community.
  • Support for Cloud environments is fairly limited.
  • Improved log filtering.
  • The UI is extremely outdated.
It is great for on-prem, but not ideal for the cloud. It "works" for the cloud, but it is not optimized.
Ivan Montilla Miralles | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Reseller
Review Source
We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.
  • The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence.
  • The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard.
  • The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.
  • I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management.
  • The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep.
  • I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.
A good scenario to have LogRhythm SIEM is when you have an enterprise environment with specific compliance requirements and/or if you have a critical environment you need to make sure is really protected, along with proper SmartResponse rules to take action when an alarm triggers. If your environment is mission critical, but your company is an SMB, LogRhythm might be overkill for you, as it's a solution that has a great upfront cost. The cost of investment [is] worth it given a minimum company size, but it makes sense only if you can really afford it.
Score 10 out of 10
Vetted Review
Verified User
Review Source
LogRhythm is used by both our managed security services partner (level 1) and the internal team members who manage our SOC. We leverage the complete set of SIEM features offered by LogRhythm to meet requirements for PCI in addition to comprehensive support for our evolving process to meet the changing data security needs of a retail organization.
  • LogRhythm's technical customer support is exceptional.
  • The product roadmap is extensive.
  • Automation and AI continue to evolve rapidly.
  • LogRhythm has recently updated their agent to support a push process for upgrade - until this was done, it was a source of frustration.
LogRhythm is very well suited for retail organizations and others with a geographically dispersed set of endpoints. LogRhythm also works very well in situations where there is a multi-tired SOC - especially if an outsourced provider is involved that can manage the upgrade process to ensure that the system is always up-to-date without requiring the support of internal resources.
Score 10 out of 10
Vetted Review
Verified User
Review Source
LogRhythm is used throughout our organization and managed by the Information Security department
We collect logs from many systems that are important to managing our security infrastructure.
These include all of our security systems (FW, IPS, Endpoint protection), all of our AAA systems (LDAP, Radius Active Directory), as well as sytems contain data of concern.
  • Central Management and storage of logs
  • Parses all logs into a readable format
  • Correlates events from various systems to provide a consolidated view of activity
  • Alerts and alarms on various events of possible concern
  • Reports should be available in the Web Console
  • Detail contained in Alarms should be configurable to provide more or less information as applicable
  • Case in the case management module should allow investigation playbook templates
LogRhythm is well suited for managing logs from disparate systems, correlating events, and providing a comprehensive view of the environment. One of its main strengths is the continuity of dashboards, drill downs in data, searches, and alarms.
All of the screens use the same format moving from module to module, making this product very intuitive to use.
Jacob Steffen | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm to collect logs from a variety of devices. We then use this data to alert us when certain events occur. For example if a machine is restarted or a new user account is created. Only my department is using LogRhythm for these types of situations. The big driver for us getting LogRhythm was compliance NERC/CIP regulations pushed us to purchase LogRhythm. Overall I am really satisfied with the decision we are going to continue doing business with them for the foreseeable future.
  • One is alerting when certain events take place such as when a machine reboots. This is helps to gain more transparency as to what is going on within your network.
  • The features LogRhythm offers in terms of reporting are very helpful as well. For example we can do monthly reports on a given Windows server to show all activity on that server.
  • I know in the past LogRhythm was talking about a web application for administration. I think this would be a lot better than having an application to log into.
  • I think offering more video content on their site would also be beneficial. The last time I had issues I was reading through a lot of forum postings, I was able to get the job done but in 2017 video is the king of content.
Where it is more appropriate would be for alerting for near real time events such as a new user being created or machine restarting. If you don't need to have real time alerting or log aggregation I would say LogRhythm would be a bad decision. However, in an Enterprise environment you are more than likely going to want to use LogRhythm to track logs over time.
Score 10 out of 10
Vetted Review
Verified User
Review Source
It is being used to not only to help us achieve PCI compliance but collect logs from various systems to monitor the landscape and critical infrastructure systems. It alerts us to various anomalies that we set up to monitor such as the use of privileged accounts within the environment.
  • Easy to set up/configure out of the box.
  • Easy to manage/administer.
  • Quickly processes logs/events within the central console for review.
  • Allows us to correlate activities across multiple systems we capture logs/events for.
  • The upgrade process from version 6.x to 7.x was a bit messy.
  • Should be able to update software within the application for minor updates without the need to download separate software from the support portal.
It helps achieve various aspects of compliance needs and requirements. It also provides a nice overview of what is going on within the environment in respect to security threats. It is less appropriate if there is no internal team that can properly manage it and respond to alerts/events that are triggered.
Joel Eng | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
I manage multiple instances of LogRhythm for customers that my company provides managed security services for. My team provides the rules, reports, and dashboards. Analysts use it to detect and respond to threats in our customers' environments. Our customers use LogRhythm to monitor their entire organizations ranging in size from 100-10,000+ end points plus network and security devices. The primary business problems that the SIEM solves is providing a single pane of glass for security while also providing a platform for conducting correlation across the network and time.

  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
  • LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
  • LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
  • The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.
Stephen Ilbery | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm to give the Information Systems Engineering department insight into our network environment.
  • LogRhythm imports log files from hundreds of devices into one, easy to search database.
  • LogRhythm sends me email alerts when various things take place on the network.
  • The upgrade process could be easier.
LogRhythm provides a good view of the network equipment, traffic, and the servers.