Skip to main content
TrustRadius
LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform

Overview

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…

Read more
Recent Reviews

TrustRadius Insights

LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed …
Continue reading

LogRhythm is on beat!

8 out of 10
September 05, 2019
Incentivized
This product is mostly used by our security team, but it is also used by our firewall administrator. We use it for log aggregation as well …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (20)
    9.0
    90%
  • Correlation (20)
    8.1
    81%
  • Event and log normalization/management (20)
    8.0
    80%
  • Custom dashboards and workspaces (20)
    7.5
    75%
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

43 people also want pricing

Alternatives Pricing

What is Blumira?

Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.

Return to navigation

Product Demos

Unleash the Power of Your SOC: LogRhythm NextGen SIEM Platform Demo | InfoSec Matters

YouTube

How to Stop Phishing Attacks with LogRhythm | LogRhythm in Action

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.4
Avg 7.8
Return to navigation

Product Details

What is LogRhythm NextGen SIEM Platform?

LogRhythm NextGen SIEM Platform Video

How would you score the maturity of your security operations program? Assessing and improving your security operations maturity can help you reduce risk in your organization and prove the effectiveness of your security. The LogRhythm Security Operations Maturity Model (SOMM)...
 Show More

LogRhythm NextGen SIEM Platform Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.

Reviewers rate Centralized event and log data collection highest, with a score of 9.

The most common users of LogRhythm NextGen SIEM Platform are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(70)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed security services providers rely on LogRhythm to detect and respond to threats in their customers' environments effectively. Additionally, organizations use LogRhythm to monitor their entire infrastructure, including endpoints, network devices, and security systems, providing a comprehensive view of their network.

For information security departments, LogRhythm serves as a valuable tool for collecting logs from important systems and helps with log management in cloud environments. This allows users to identify live attacks and configure environments for customer demos. The platform also supports compliance regulations by providing auditing and compliance features, such as NERC CIP and HIPAA.

Furthermore, LogRhythm facilitates incident response and improves overall security posture by collecting logs from various systems and monitoring critical infrastructure. It allows for alerting and monitoring specific events like machine restarts or new user account creations. The drill-down feature enables users to extract information efficiently and detect problems in a well-structured manner with easy-to-understand visualizations.

Non-technical users find LogRhythm user-friendly as it requires no coding or programming knowledge, allowing them to easily build rules and manage servers. The extensive documentation, support, and community surrounding LogRhythm make it easy for users to learn and configure the highly customizable SIEM platform. Overall, LogRhythm NextGen SIEM Platform has proven to be an invaluable tool in meeting compliance requirements, improving incident response capabilities, and enhancing overall security monitoring for organizations across various industries.

Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.

Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.

Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.

Limited error handling: Some users have expressed frustration with the limited error handling capabilities of LogRhythm NextGen SIEM Platform. They feel that when an error occurs, the platform does not provide sufficient information or guidance on how to resolve it.

Lack of customization options: Several reviewers have mentioned that they would like more customization options within LogRhythm NextGen SIEM Platform. They feel restricted in their ability to tailor the platform to meet their specific needs and preferences.

Complex user interface: A number of users have found the user interface of LogRhythm NextGen SIEM Platform to be complex and difficult to navigate. They have mentioned that it can take time and effort to learn how to effectively use all the features and functionalities of the software.

Users commonly recommend LogRhythm's SIEM for its ease of use and monitoring capabilities, making it a good all-in-one tool for SIEM needs in larger and mid-sized setups. They consider LogRhythm one of the best SIEM tools available, praising its impact and GUI compared to RSA NetWitness. Users appreciate LogRhythm's cost-effectiveness, easy configuration and administration, as well as its ability to consume less CPU memory. They also highlight the availability of support and conferences in the community. Users suggest having patience during the initial setup and build-out process, as they believe the end result is worth it. Improved overall performance, control, and functionality with LogRhythm's instrument panel are also praised.

Furthermore, users recommend LogRhythm for companies that can develop sufficient expertise in its software and have an in-house SQL expert. They advise making the best use of LogRhythm for complete visibility of the network. Some suggestions for improvement include enhancing the dashboard process, offering a community version for trial and certification preparation purposes, adding more features to the web interface, and incorporating AI capabilities to streamline threat identification. Users find LogRhythm to be a great tool for work in medium-large size companies, suitable for achieving high fidelity security context. It is recommended for security event analysis and considered a leader in SIEM solutions that provide good support and meet customer requirements. Users suggest trying LogRhythm for better results in enterprise solutions compared to other SIEM tools.

Additionally, users emphasize LogRhythm's affordability, streamlining SIEM experience, and its suitability for mid-size and large organizations, especially those with widely dispersed endpoints and multi-tiered SOCs. LogRhythm is seen as a powerful network monitoring tool with pricing advantages. Recommendations include purchasing it for specific compliance requirements and critical environment protection, involving system administrators early to help filter traffic, and allowing multiple people to administer the system to avoid bottlenecks.

In conclusion, LogRhythm's SIEM is consistently recommended for its ease of use, monitoring capabilities, impact and GUI, cost-effectiveness, configuration flexibility, support availability, improved performance and control, integration possibilities, and affordability. It is considered a leader in the market and an alternative worth considering for organizations seeking a reliable SIEM solution.

Attribute Ratings

Reviews

(1-9 of 9)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We have deployed LogRhythm NextGen SIEM to incorporate all of our system logs, network appliances, and security servers. It provides well-profiled logs that we use in daily operational in-depth diagnosing. The SIEM also offers automated reports that review our logs daily. The inbuilt and customized dashboards monitor events' real-time security. The AI engine regulations rapidly detect malicious events and send us immediate alerts. It also issues organized reports to fully meet our HIPAA compliance needs.
  • Massive log incorporation.
  • Top notch reporting and alerting features.
  • It rapidly detects hostile activities through the AI engine regulations.
  • Executing huge web searches on web traffic can make it a bit rickety.
  • It has a tight support for cloud domains.
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
James Harrison, CISSP | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Incentivized
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
  • Great Web UI for help desk troubleshooting.
  • Identification and drilldown of authentication issues.
  • Performance trending.
  • Correlation of events.
  • Access and group policy change monitoring.
  • Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
  • Query building in the WebUI has little or no documentation.
  • Depth of training on reporting is lacking.
Logging is always necessary if
1. You have audit requirements for system access
2. You need to alert and report on user activity
3. You need to troubleshoot issues
4. You want to monitor, report and alert on malicious / suspicious activity
5. You want to impress your management team with statistics...

I cannot think of any computing environment where logging is not appropriate.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Our Security Team is using LogRhyhthm NextGen SIEM Platform at the University of Colorado.
This our alarming default system that parses logs from our firewall, outlook, system logs, IDS logs, and some confidential cloud data logs and displays tickets.
LogRhythm NextGen SIEM Platform is right for our organization as it requires no knowledge in coding or programming. Therefore non-technical users can also use this product to build rules and manage the servers.
The second benefit is the "drill down" feature that goes to the depth of the event, extracts information, and display in a very well structured manner with easy to understand visualization. It is very easy to go through and detect the problem. It also has a robust search tool for parsing through a high volume of logs.

In a nutshell, our overall incident response went a lot better than what it used to be five years ago.
  • LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
  • The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
  • The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
  • I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
  • In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
  • The LogRhyhtm NextGen SIEM Platform is good in terms of looks, but sometimes it is too sophisticated to do the simplest of tasks like, for example: counting the number of occurrences of a particular IP address in total logs for that specific day or month.
  • They can provide a simple syntax bar like Splunk, for technical users who feel a syntax-based query is more powerful than just GUI.
  • There can be a feature that can help you customize the amount of data to be displayed without "drill down." A lot of the time, it isn't worth waiting 10-15 seconds to find 5% extra required information that could be displayed easily before drilling down.
  • It doesn't have any online community or proper documentation that has a user rating on it. A lot of the times, their documentation doesn't help us.
I will say that the LogRhythm NextGen SIEM Platform is well suited for an organization that is not very big but has multiple log sources. Or a lot of non-technical employees who do not know how to code or do write custom queries. Typically it is a good fit for universities and mid-range startups. This has an excellent interface, dashboard, useful for managing roles, but it doesn't provide the level of customization that a technical person with knowledge of coding probably would prefer. Software like Splunk and Elastic Search are much more flexible in terms of the granularity of the search.
Score 5 out of 10
Vetted Review
Verified User
Incentivized
Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.
  • Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
  • LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
  • Searching/Investing thru logs is extremely quick with LogRhythm.
  • While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
  • Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
  • The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.
Ivan Montilla Miralles | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
ResellerIncentivized
We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.
  • The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence.
  • The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard.
  • The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.
  • I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management.
  • The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep.
  • I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.
A good scenario to have LogRhythm SIEM is when you have an enterprise environment with specific compliance requirements and/or if you have a critical environment you need to make sure is really protected, along with proper SmartResponse rules to take action when an alarm triggers. If your environment is mission critical, but your company is an SMB, LogRhythm might be overkill for you, as it's a solution that has a great upfront cost. The cost of investment [is] worth it given a minimum company size, but it makes sense only if you can really afford it.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
LogRhythm is used throughout our organization and managed by the Information Security department
We collect logs from many systems that are important to managing our security infrastructure.
These include all of our security systems (FW, IPS, Endpoint protection), all of our AAA systems (LDAP, Radius Active Directory), as well as sytems contain data of concern.
  • Central Management and storage of logs
  • Parses all logs into a readable format
  • Correlates events from various systems to provide a consolidated view of activity
  • Alerts and alarms on various events of possible concern
  • Reports should be available in the Web Console
  • Detail contained in Alarms should be configurable to provide more or less information as applicable
  • Case in the case management module should allow investigation playbook templates
LogRhythm is well suited for managing logs from disparate systems, correlating events, and providing a comprehensive view of the environment. One of its main strengths is the continuity of dashboards, drill downs in data, searches, and alarms.
All of the screens use the same format moving from module to module, making this product very intuitive to use.
Jacob Steffen | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use LogRhythm to collect logs from a variety of devices. We then use this data to alert us when certain events occur. For example if a machine is restarted or a new user account is created. Only my department is using LogRhythm for these types of situations. The big driver for us getting LogRhythm was compliance NERC/CIP regulations pushed us to purchase LogRhythm. Overall I am really satisfied with the decision we are going to continue doing business with them for the foreseeable future.
  • One is alerting when certain events take place such as when a machine reboots. This is helps to gain more transparency as to what is going on within your network.
  • The features LogRhythm offers in terms of reporting are very helpful as well. For example we can do monthly reports on a given Windows server to show all activity on that server.
  • I know in the past LogRhythm was talking about a web application for administration. I think this would be a lot better than having an application to log into.
  • I think offering more video content on their site would also be beneficial. The last time I had issues I was reading through a lot of forum postings, I was able to get the job done but in 2017 video is the king of content.
Where it is more appropriate would be for alerting for near real time events such as a new user being created or machine restarting. If you don't need to have real time alerting or log aggregation I would say LogRhythm would be a bad decision. However, in an Enterprise environment you are more than likely going to want to use LogRhythm to track logs over time.
Joel Eng | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I manage multiple instances of LogRhythm for customers that my company provides managed security services for. My team provides the rules, reports, and dashboards. Analysts use it to detect and respond to threats in our customers' environments. Our customers use LogRhythm to monitor their entire organizations ranging in size from 100-10,000+ end points plus network and security devices. The primary business problems that the SIEM solves is providing a single pane of glass for security while also providing a platform for conducting correlation across the network and time.

  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
  • LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
  • LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
  • The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.
Stephen Ilbery | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use LogRhythm to give the Information Systems Engineering department insight into our network environment.
  • LogRhythm imports log files from hundreds of devices into one, easy to search database.
  • LogRhythm sends me email alerts when various things take place on the network.
  • The upgrade process could be easier.
LogRhythm provides a good view of the network equipment, traffic, and the servers.
Return to navigation