TrustRadius: an HG Insights company

LogRhythm NextGen SIEM Platform Reviews & Insights

Score7.7 out of 10

70 Reviews and Ratings

Get a Demo

Community insights

TrustRadius Insights for LogRhythm NextGen SIEM Platform are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.

Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.

Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.

Reviews

22 Reviews

Nice features that you wont be able to use 24/7.

Rating: 6 out of 10
Incentivized

Use Cases and Deployment Scope

LogRhythm is a great SIEM with many needed features and competitive pricing. They also offer both on-premises and cloud solutions based on your needs. They have a decent community and support. They offer many needed features, such as UBEA, NDR, and file monitoring. Their web console is well-designed, while I can't say the same for their client console.

Pros

  • Live monitoring.
  • UBEA
  • File activity monitoring.
  • Dashboards.

Cons

  • Reliability.
  • Customer support.
  • Overall system reliability and availability and development.

Likelihood to Recommend

Having mostly worked with their on-premises solution, I think it's well-suited for small , medium, and even big organisations. I feel it might be less suited if the customer wants a SIEM with 100% uptime, as it goes down a lot. Or if they want to depend on customer support. I suggest that if you want to go with LR, you have to have your own experienced engineers to work on.
MI
Mohamad Islam Hamadieh
SOC Engineer in Engineering at Dell technology (10,001+ employees)
Vetted Review
LogRhythm NextGen SIEM Platform
5 years of experience
View profile

Review

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We use LogRhythm NextGen SIEM Platform to monitor and manage security incidents. The business problem it addresses is it enables quick response to incidents. The scope is enterprise wide.

Pros

  • The User and Entity Behavior Analytics feature to help us detect anomalous user behavior before data is corrupted or exfiltrated
  • LogRhythm's integration of Security Orchestration and Automation capabilities to automate repetitive tasks and labor-intensive work, improving response times
  • The large number of out-of-the-box threat detection capabilities mapping them to the MITRE ATT&CK framework.

Cons

  • Parsing techniques could be improved to more effectively handle data from various devices
  • The user interface could be more user-friendly with drag-and-drop features, would be beneficial
  • Log source management is time-consuming, and requires expert-level regex knowledge to customize

Likelihood to Recommend

LogRhythm NextGen SIEM Platform is particularly well-suited for scenarios where we need to monitor and respond to security incidents efficiently.

Scenario where it is less appropriate is when system performance and efficiency is needed when providing threat detection
VU
Verified User
Employee in Information Technology (1001-5000 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
5 years of experience

Top Rated SIEM Platform

Rating: 7 out of 10

Use Cases and Deployment Scope

We use LogRhythm NextGen SIEM Platform in our university to ingest all types of logs. Be it firewall logs, window events logs etc. If it has a log then we send it to LogRhythm NextGen SIEM Platform. This ensures that we have all our logs in one central place which can then be used to analysis and cross section and use case creation.

Pros

  • Log Ingestion
  • Dashboards
  • Alerts

Cons

  • Hard to Use
  • Multiple modules with different points of entry
  • Needs AI

Likelihood to Recommend

If you want one of the best SIEM platforms out there with in built ready to use dashboards and use cases then LogRhythm NextGen SIEM Platform is the SIEM for you. However, you will need technical training and expertise to make sure that it runs smoothly and to built your own custom use cases. And also it's expensive.
MY
Mohammed Younus Siddiqui
Security Specialist in Information Technology at King Fahd University of Petroleum & Minerals (1001-5000 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
5 years of experience
View profile

LogRhythm is definitely worth the price especially in large organizations.

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We have deployed LogRhythm NextGen SIEM to incorporate all of our system logs, network appliances, and security servers. It provides well-profiled logs that we use in daily operational in-depth diagnosing. The SIEM also offers automated reports that review our logs daily. The inbuilt and customized dashboards monitor events' real-time security. The AI engine regulations rapidly detect malicious events and send us immediate alerts. It also issues organized reports to fully meet our HIPAA compliance needs.

Pros

  • Massive log incorporation.
  • Top notch reporting and alerting features.
  • It rapidly detects hostile activities through the AI engine regulations.

Cons

  • Executing huge web searches on web traffic can make it a bit rickety.
  • It has a tight support for cloud domains.

Likelihood to Recommend

LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
VU
Verified User
Engineer in Information Technology (10,001+ employees)
Vetted Review
LogRhythm NextGen SIEM Platform
2 years of experience

Fantastic Product For SIEM LogRhythm

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

It's been 3 years that I started using LogRhythm. It is very good. The LogRhythm SIEM is an extremely well-rounded platform, definitely one of the best on the market when compared to the many other products I've used in the 6 years of my career in information security. The product and its features have continued to evolve over the past 4 years that I've managed it by making it easy for new and veteran analysts to get the information they need in a timely fashion. The setup, installation, and maintenance of the solution are seamless for our implementation. The product has a great community and slack channel where people share ideas or help each other. The documentation and support for the SIEM product are extensive and easy to find, and without much interaction, with LogRhythm support, we were able to learn just about any aspect of the highly configurable SIEM. A great product.

Pros

  • Paltform
  • UI
  • ENGINE

Cons

  • nothing is missing
  • all good
  • with futuristic room

Likelihood to Recommend

It is well suited for infra where Info security is needed. as and when
  • Enhance decision making
  • Improve compliance & risk management
  • Improve business process agility
  • Create internal/operational efficiencies
  • Improve business process outcomes
  • Product roadmap and future vision
  • Strong services expertise
  • Product functionality and performance
  • Breadth of services
  • Strong customer focus
  • Strong user community
VU
Verified User
Professional in Information Technology (10,001+ employees)
Vetted Review
LogRhythm NextGen SIEM Platform
6 years of experience

Great SIEM, especially the auto-defending piece

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We are using this as our SIEM taking in all of our logs from various networking, security, servers, and workstations.

Pros

  • Ease of use.
  • Multiple dashboards.
  • Advanced defense.

Cons

  • Digging into alerts and log files is a little bit hard.

Likelihood to Recommend

One thing I really like with LogRhythm is that we can have it set up to auto defend certain attacks to help out with some of the basic attacks.
VU
Verified User
Engineer in Information Technology (201-500 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
1 year of experience

LogRhythm: A NextGen tool for NextGen analysts

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

Our Security Team is using LogRhyhthm NextGen SIEM Platform at the University of Colorado.
This our alarming default system that parses logs from our firewall, outlook, system logs, IDS logs, and some confidential cloud data logs and displays tickets.
LogRhythm NextGen SIEM Platform is right for our organization as it requires no knowledge in coding or programming. Therefore non-technical users can also use this product to build rules and manage the servers.
The second benefit is the "drill down" feature that goes to the depth of the event, extracts information, and display in a very well structured manner with easy to understand visualization. It is very easy to go through and detect the problem. It also has a robust search tool for parsing through a high volume of logs.

In a nutshell, our overall incident response went a lot better than what it used to be five years ago.

Pros

  • LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
  • The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
  • The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
  • I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
  • In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.

Cons

  • The LogRhyhtm NextGen SIEM Platform is good in terms of looks, but sometimes it is too sophisticated to do the simplest of tasks like, for example: counting the number of occurrences of a particular IP address in total logs for that specific day or month.
  • They can provide a simple syntax bar like Splunk, for technical users who feel a syntax-based query is more powerful than just GUI.
  • There can be a feature that can help you customize the amount of data to be displayed without "drill down." A lot of the time, it isn't worth waiting 10-15 seconds to find 5% extra required information that could be displayed easily before drilling down.
  • It doesn't have any online community or proper documentation that has a user rating on it. A lot of the times, their documentation doesn't help us.

Likelihood to Recommend

I will say that the LogRhythm NextGen SIEM Platform is well suited for an organization that is not very big but has multiple log sources. Or a lot of non-technical employees who do not know how to code or do write custom queries. Typically it is a good fit for universities and mid-range startups. This has an excellent interface, dashboard, useful for managing roles, but it doesn't provide the level of customization that a technical person with knowledge of coding probably would prefer. Software like Splunk and Elastic Search are much more flexible in terms of the granularity of the search.
VU
Verified User
Analyst in Information Technology (5001-10,000 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
1 year of experience

Delivers enterprise level SIEM at a reasonable cost

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We utilize LogRhythm across our entire organization for log collection and security investigations. We utilize both log collectors and Syslog pulls across all Windows platforms as well as Linux systems.

Pros

  • Centralized log collection database.
  • Searching logs for security incidents.
  • Running smart responses for more routine checks via API's with other platforms.

Cons

  • Configuring log collectors could be more intuitive via the thick clients.
  • Merging the Thick and Thin client consoles would be a nice architecture change.

Likelihood to Recommend

It is well suited If you just have Windows servers and platforms that utilize sys logging the process is relatively easy to collect logs.
VU
Verified User
Analyst in Finance and Accounting (1001-5000 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
2 years of experience

If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect

Rating: 5 out of 10
Incentivized

Use Cases and Deployment Scope

Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.

Pros

  • Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
  • LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
  • Searching/Investing thru logs is extremely quick with LogRhythm.

Cons

  • While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
  • Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
  • The LogRhythm agent, when used for FIM and RIM, is very memory intensive.

Likelihood to Recommend

The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.
VU
Verified User
Team Lead in Information Technology (10,001+ employees)
Vetted Review
LogRhythm NextGen SIEM Platform
1 year of experience

SIEM That Ticks All Major Boxes With a User Friendly Platform

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

My current company provided the solution to one of our clients and I was involved in the implementation process. It's being used by the IT security department to primarily monitor financial & security problems. LogRhythm is used in detecting unusual financial transactions, new/existing security threats within the network, and in detecting when people are not following corporate policy around avoiding particular applications/websites.

Pros

  • User-Friendly UI
  • GUI based control panel
  • Integrated platform

Cons

  • Reporting
  • More Correlation Rules Needed based on Behavior Analytics

Likelihood to Recommend

It is suited for all kinds of organizations especially for those where IT security professionals are involved in multiple activities. LogRhythm is really easy to get used to, so even if the users don't get to spend enough time with this solution, they will still be able to understand the basic offerings.
VU
Verified User
Engineer in Information Technology (501-1000 employees)
Vetted Review
LogRhythm NextGen SIEM Platform
2 years of experience