TrustRadius Insights
LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed …
LogRhythm NextGen SIEM Platform
Overview
What is LogRhythm NextGen SIEM Platform?
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…
Recent Reviews
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (20)9.090%
- Correlation (20)8.181%
- Event and log normalization/management (20)8.080%
- Custom dashboards and workspaces (20)7.575%
Pricing
N/A
Unavailable
What is LogRhythm NextGen SIEM Platform?
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
43 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Unleash the Power of Your SOC: LogRhythm NextGen SIEM Platform Demo | InfoSec Matters
YouTube
How to Stop Phishing Attacks with LogRhythm | LogRhythm in Action
YouTube
Features
Return to navigation
Product Details
- About
- Tech Details
- FAQs
What is LogRhythm NextGen SIEM Platform?
LogRhythm NextGen SIEM Platform Video
How would you score the maturity of your security operations program?
Assessing and improving your security operations maturity can help you reduce risk in your organization and prove the effectiveness of your security.
The LogRhythm Security Operations Maturity Model (SOMM)...
Show More LogRhythm NextGen SIEM Platform Technical Details
| Operating Systems | Unspecified |
|---|---|
| Mobile Application | No |
Frequently Asked Questions
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
Reviewers rate Centralized event and log data collection highest, with a score of 9.
The most common users of LogRhythm NextGen SIEM Platform are from Enterprises (1,001+ employees).
Comparisons
Compare with
Reviews and Ratings
(70)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
- Recommendations
LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed security services providers rely on LogRhythm to detect and respond to threats in their customers' environments effectively. Additionally, organizations use LogRhythm to monitor their entire infrastructure, including endpoints, network devices, and security systems, providing a comprehensive view of their network.
For information security departments, LogRhythm serves as a valuable tool for collecting logs from important systems and helps with log management in cloud environments. This allows users to identify live attacks and configure environments for customer demos. The platform also supports compliance regulations by providing auditing and compliance features, such as NERC CIP and HIPAA.
Furthermore, LogRhythm facilitates incident response and improves overall security posture by collecting logs from various systems and monitoring critical infrastructure. It allows for alerting and monitoring specific events like machine restarts or new user account creations. The drill-down feature enables users to extract information efficiently and detect problems in a well-structured manner with easy-to-understand visualizations.
Non-technical users find LogRhythm user-friendly as it requires no coding or programming knowledge, allowing them to easily build rules and manage servers. The extensive documentation, support, and community surrounding LogRhythm make it easy for users to learn and configure the highly customizable SIEM platform. Overall, LogRhythm NextGen SIEM Platform has proven to be an invaluable tool in meeting compliance requirements, improving incident response capabilities, and enhancing overall security monitoring for organizations across various industries.
Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.
Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.
Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.
Limited error handling: Some users have expressed frustration with the limited error handling capabilities of LogRhythm NextGen SIEM Platform. They feel that when an error occurs, the platform does not provide sufficient information or guidance on how to resolve it.
Lack of customization options: Several reviewers have mentioned that they would like more customization options within LogRhythm NextGen SIEM Platform. They feel restricted in their ability to tailor the platform to meet their specific needs and preferences.
Complex user interface: A number of users have found the user interface of LogRhythm NextGen SIEM Platform to be complex and difficult to navigate. They have mentioned that it can take time and effort to learn how to effectively use all the features and functionalities of the software.
Users commonly recommend LogRhythm's SIEM for its ease of use and monitoring capabilities, making it a good all-in-one tool for SIEM needs in larger and mid-sized setups. They consider LogRhythm one of the best SIEM tools available, praising its impact and GUI compared to RSA NetWitness. Users appreciate LogRhythm's cost-effectiveness, easy configuration and administration, as well as its ability to consume less CPU memory. They also highlight the availability of support and conferences in the community. Users suggest having patience during the initial setup and build-out process, as they believe the end result is worth it. Improved overall performance, control, and functionality with LogRhythm's instrument panel are also praised.
Furthermore, users recommend LogRhythm for companies that can develop sufficient expertise in its software and have an in-house SQL expert. They advise making the best use of LogRhythm for complete visibility of the network. Some suggestions for improvement include enhancing the dashboard process, offering a community version for trial and certification preparation purposes, adding more features to the web interface, and incorporating AI capabilities to streamline threat identification. Users find LogRhythm to be a great tool for work in medium-large size companies, suitable for achieving high fidelity security context. It is recommended for security event analysis and considered a leader in SIEM solutions that provide good support and meet customer requirements. Users suggest trying LogRhythm for better results in enterprise solutions compared to other SIEM tools.
Additionally, users emphasize LogRhythm's affordability, streamlining SIEM experience, and its suitability for mid-size and large organizations, especially those with widely dispersed endpoints and multi-tiered SOCs. LogRhythm is seen as a powerful network monitoring tool with pricing advantages. Recommendations include purchasing it for specific compliance requirements and critical environment protection, involving system administrators early to help filter traffic, and allowing multiple people to administer the system to avoid bottlenecks.
In conclusion, LogRhythm's SIEM is consistently recommended for its ease of use, monitoring capabilities, impact and GUI, cost-effectiveness, configuration flexibility, support availability, improved performance and control, integration possibilities, and affordability. It is considered a leader in the market and an alternative worth considering for organizations seeking a reliable SIEM solution.
Attribute Ratings
Reviews
(1-9 of 9)Companies can't remove reviews or game the system. Here's why
July 14, 2021
Fantastic Product For SIEM LogRhythm
It's been 3 years that I started using LogRhythm. It is very good. The LogRhythm SIEM is an extremely well-rounded platform, definitely one of the best on the market when compared to the many other products I've used in the 6 years of my career in information security. The product and its features have continued to evolve over the past 4 years that I've Managed it by making it easy for new and veteran analysts to get the information they need in a timely fashion. The setup, installation, and maintenance of the solution are seamless for our implementation. The product has a great community and slack channel where people share ideas or help each other. The documentation and support for the SIEM product are extensive and easy to find, and without much interaction, with LogRhythm support, we were able to learn just about any aspect of the highly configurable SIEM. A great product.
- Paltform
- UI
- ENGINE
- nothing is missing
- all good
- with futuristic room
July 17, 2020
LogRhythm Logging for the masses (of stuff you own)
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
- Great Web UI for help desk troubleshooting.
- Identification and drilldown of authentication issues.
- Performance trending.
- Correlation of events.
- Access and group policy change monitoring.
- Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
- Query building in the WebUI has little or no documentation.
- Depth of training on reporting is lacking.
October 14, 2019
Delivers enterprise level SIEM at a reasonable cost
We utilize LogRhythm across our entire organization for log collection and security investigations. We utilize both log collectors and Syslog pulls across all Windows platforms as well as Linux systems.
- Centralized log collection database.
- Searching logs for security incidents.
- Running smart responses for more routine checks via API's with other platforms.
- Configuring log collectors could be more intuitive via the thick clients.
- Merging the Thick and Thin client consoles would be a nice architecture change.
October 14, 2019
If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect
Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.
- Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
- LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
- Searching/Investing thru logs is extremely quick with LogRhythm.
- While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
- Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
- The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
September 13, 2019
A very powerful SIEM with a robust AI engine
We currently are utilizing the LogRhythm SIEM primarily for Information Technology needs. This product is leveraged in a number of ways, one of which is to help auditing security events such as someone being added to the "Domain Administrators" security group in Active Directory. Additionally, we utilize the dashboards (both built-in and custom) to monitor events such as successful authentications from outside of the United States (since all our offices are within the USA).
- LogRhythm SIEM provides an amazing granularity when it comes to building reports and alerts/alarms. There are a variety of syntaxes that are supported (regex, boolean, Lucene, etc) so getting exactly what you want is easy.
- There is a vast amount of pre-defined log source types already available so adding new log sources is a breeze. Additionally, you have the ability to custom-parse a log type for those instances in which there isn't already a pre-defined log type.
- LogRhythm is constantly improving its software and the capabilities/integrations that it provides. SmartResponses are also frequently being developed, which really help us to quickly (or automatically) take action when certain events are triggered.
- They have been expanding the functionality of the "cases" features in the SIEM, which works fine, however, we don't utilize that feature in our deployment so (for us) it is a wasted feature.
- Since the application provides such granularity/control, it can seem a little overwhelming to someone unfamiliar with the software. Luckily the software is pretty intuitive and laid out in a manner that is easy to understand. I would highly recommend sending your administrator to the (1 week long) on-site training that LogRhythm offers.
- In order to really get the most out of the software, it takes a decent amount of work to get it configured. The software will function without specifying your subnets/VLANs, but for more accurate reporting it is recommended to define that information. I don't really consider that to be an oversight or issue with the software, but it is something to think about with any SIEM solution. It takes a little bit to really get it defined before you get the most out of it.
September 17, 2018
Effective security at your hands.
We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.
- The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence.
- The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard.
- The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.
- I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management.
- The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep.
- I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.
August 01, 2018
LogRhythm - excelling in customer support and innovation
LogRhythm is used by both our managed security services partner (level 1) and the internal team members who manage our SOC. We leverage the complete set of SIEM features offered by LogRhythm to meet requirements for PCI in addition to comprehensive support for our evolving process to meet the changing data security needs of a retail organization.
- LogRhythm's technical customer support is exceptional.
- The product roadmap is extensive.
- Automation and AI continue to evolve rapidly.
- LogRhythm has recently updated their agent to support a push process for upgrade - until this was done, it was a source of frustration.
October 12, 2016
LogRhythm for your SIEM Needs
It is being used to not only to help us achieve PCI compliance but collect logs from various systems to monitor the landscape and critical infrastructure systems. It alerts us to various anomalies that we set up to monitor such as the use of privileged accounts within the environment.
- Easy to set up/configure out of the box.
- Easy to manage/administer.
- Quickly processes logs/events within the central console for review.
- Allows us to correlate activities across multiple systems we capture logs/events for.
- The upgrade process from version 6.x to 7.x was a bit messy.
- Should be able to update software within the application for minor updates without the need to download separate software from the support portal.
June 07, 2016
LogRhythm does what it promises.
We use LogRhythm to give the Information Systems Engineering department insight into our network environment.
- LogRhythm imports log files from hundreds of devices into one, easy to search database.
- LogRhythm sends me email alerts when various things take place on the network.
- The upgrade process could be easier.