Skip to main content
TrustRadius
LogRhythm NextGen SIEM Platform

LogRhythm NextGen SIEM Platform

Overview

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…

Read more
Recent Reviews

TrustRadius Insights

LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed …
Continue reading

LogRhythm is on beat!

8 out of 10
September 05, 2019
Incentivized
This product is mostly used by our security team, but it is also used by our firewall administrator. We use it for log aggregation as well …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (20)
    9.0
    90%
  • Correlation (20)
    8.1
    81%
  • Event and log normalization/management (20)
    8.0
    80%
  • Custom dashboards and workspaces (20)
    7.5
    75%
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

43 people also want pricing

Alternatives Pricing

What is Blumira?

Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.

Return to navigation

Product Demos

Unleash the Power of Your SOC: LogRhythm NextGen SIEM Platform Demo | InfoSec Matters

YouTube

How to Stop Phishing Attacks with LogRhythm | LogRhythm in Action

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

7.4
Avg 7.8
Return to navigation

Product Details

What is LogRhythm NextGen SIEM Platform?

LogRhythm NextGen SIEM Platform Video

How would you score the maturity of your security operations program? Assessing and improving your security operations maturity can help you reduce risk in your organization and prove the effectiveness of your security. The LogRhythm Security Operations Maturity Model (SOMM)...
 Show More

LogRhythm NextGen SIEM Platform Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.

Reviewers rate Centralized event and log data collection highest, with a score of 9.

The most common users of LogRhythm NextGen SIEM Platform are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(70)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed security services providers rely on LogRhythm to detect and respond to threats in their customers' environments effectively. Additionally, organizations use LogRhythm to monitor their entire infrastructure, including endpoints, network devices, and security systems, providing a comprehensive view of their network.

For information security departments, LogRhythm serves as a valuable tool for collecting logs from important systems and helps with log management in cloud environments. This allows users to identify live attacks and configure environments for customer demos. The platform also supports compliance regulations by providing auditing and compliance features, such as NERC CIP and HIPAA.

Furthermore, LogRhythm facilitates incident response and improves overall security posture by collecting logs from various systems and monitoring critical infrastructure. It allows for alerting and monitoring specific events like machine restarts or new user account creations. The drill-down feature enables users to extract information efficiently and detect problems in a well-structured manner with easy-to-understand visualizations.

Non-technical users find LogRhythm user-friendly as it requires no coding or programming knowledge, allowing them to easily build rules and manage servers. The extensive documentation, support, and community surrounding LogRhythm make it easy for users to learn and configure the highly customizable SIEM platform. Overall, LogRhythm NextGen SIEM Platform has proven to be an invaluable tool in meeting compliance requirements, improving incident response capabilities, and enhancing overall security monitoring for organizations across various industries.

Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.

Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.

Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.

Limited error handling: Some users have expressed frustration with the limited error handling capabilities of LogRhythm NextGen SIEM Platform. They feel that when an error occurs, the platform does not provide sufficient information or guidance on how to resolve it.

Lack of customization options: Several reviewers have mentioned that they would like more customization options within LogRhythm NextGen SIEM Platform. They feel restricted in their ability to tailor the platform to meet their specific needs and preferences.

Complex user interface: A number of users have found the user interface of LogRhythm NextGen SIEM Platform to be complex and difficult to navigate. They have mentioned that it can take time and effort to learn how to effectively use all the features and functionalities of the software.

Users commonly recommend LogRhythm's SIEM for its ease of use and monitoring capabilities, making it a good all-in-one tool for SIEM needs in larger and mid-sized setups. They consider LogRhythm one of the best SIEM tools available, praising its impact and GUI compared to RSA NetWitness. Users appreciate LogRhythm's cost-effectiveness, easy configuration and administration, as well as its ability to consume less CPU memory. They also highlight the availability of support and conferences in the community. Users suggest having patience during the initial setup and build-out process, as they believe the end result is worth it. Improved overall performance, control, and functionality with LogRhythm's instrument panel are also praised.

Furthermore, users recommend LogRhythm for companies that can develop sufficient expertise in its software and have an in-house SQL expert. They advise making the best use of LogRhythm for complete visibility of the network. Some suggestions for improvement include enhancing the dashboard process, offering a community version for trial and certification preparation purposes, adding more features to the web interface, and incorporating AI capabilities to streamline threat identification. Users find LogRhythm to be a great tool for work in medium-large size companies, suitable for achieving high fidelity security context. It is recommended for security event analysis and considered a leader in SIEM solutions that provide good support and meet customer requirements. Users suggest trying LogRhythm for better results in enterprise solutions compared to other SIEM tools.

Additionally, users emphasize LogRhythm's affordability, streamlining SIEM experience, and its suitability for mid-size and large organizations, especially those with widely dispersed endpoints and multi-tiered SOCs. LogRhythm is seen as a powerful network monitoring tool with pricing advantages. Recommendations include purchasing it for specific compliance requirements and critical environment protection, involving system administrators early to help filter traffic, and allowing multiple people to administer the system to avoid bottlenecks.

In conclusion, LogRhythm's SIEM is consistently recommended for its ease of use, monitoring capabilities, impact and GUI, cost-effectiveness, configuration flexibility, support availability, improved performance and control, integration possibilities, and affordability. It is considered a leader in the market and an alternative worth considering for organizations seeking a reliable SIEM solution.

Attribute Ratings

Reviews

(1-1 of 1)
Companies can't remove reviews or game the system. Here's why
James Harrison, CISSP | TrustRadius Reviewer
Score 6 out of 10
Vetted Review
Verified User
Incentivized
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
  • Great Web UI for help desk troubleshooting.
  • Identification and drilldown of authentication issues.
  • Performance trending.
  • Correlation of events.
  • Access and group policy change monitoring.
  • Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
  • Query building in the WebUI has little or no documentation.
  • Depth of training on reporting is lacking.
Logging is always necessary if
1. You have audit requirements for system access
2. You need to alert and report on user activity
3. You need to troubleshoot issues
4. You want to monitor, report and alert on malicious / suspicious activity
5. You want to impress your management team with statistics...

I cannot think of any computing environment where logging is not appropriate.
Security Information and Event Management (SIEM) (7)
100%
10.0
Centralized event and log data collection
100%
10.0
Correlation
100%
10.0
Event and log normalization/management
100%
10.0
Deployment flexibility
100%
10.0
Integration with Identity and Access Management Tools
100%
10.0
Custom dashboards and workspaces
100%
10.0
Host and network-based intrusion detection
100%
10.0
  • LogRhythm has had a positive impact on our reporting capabilities, although the reporting module is very difficult to use.
  • Our support teams use LogRhythm to alert on, track and troubleshoot issues with authentication, inappropriate access attempts and other anomalous behavior.
  • The cost of deployment was significantly lower than the competitor QRadar.
We had business requirements for the following features:
  • Sustained flow acquisition and data collection of dissimilar log types from multiple sources.
  • Customization for Reporting and Alerting in near real time.
  • Offer Dynamic Monitoring.
  • Presented in a Security Event Console.
  • Automated Response Generation for Security Events.
  • Support for Regulatory Compliance.
  • Host, Application and Object Access Logs.
  • Integration with IAM (Identity Access Management).
  • Ability to Express and Track Compliance with User-Defined Policy.
  • Mapping of Events to NIST/CSF and ISO 27001 Control Frameworks and Regulations.
  • Incident Management and Workflow.
  • Data Collection and Archiving.
  • Redundancy, Scalability and Deployment Flexibility.
  • Correlation and Taxonomy.
  • Enterprise Administration, Auto-Discovery, Asset Classification, Embedded Security Knowledge
20
Information security is the product owner.
IT support staff including desktop and server support and analysts
Regulatory Auditors
Executives receive reports
Analysts, technicians, programmers, engineers
  • Regulatory compliance
  • Log collection and archiving
  • Log analysis for troubleshooting issues
  • Reporting of security and access activities
  • The AIEngine allows us to track and alert on anomalous activity
  • The dashboard gives a realtime view of activities
  • Scheduled reporting has reduced required audit findings for our numerous HIPAA and SOC audits.
  • File integrity monitoring will be added to our deployment
  • We are adding new threat feeds to our deployment
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
Yes
  • EIQnetworks SOCVue
Attempts to get the demo version running on our test server were unsuccessful even with the assistance of a EIQ support engineer
CorreLog
Successful tests were conducted over a period of two weeks. It appears the Windows solution will require a great amount of customization to be useful in our environment. Agents would be required to every endpoint. Company was disqualified by our team when Gartner failed to review them due to financial stability of the company. Size of development and support team is also a concern.
Alien Vault
A review of available feature set did not fit the XYZ WIDGET CO. model.
EventLog Analyzer
Off shore company, missed two different appointments for demo
IBM QRadar
Rebranded version of our current solution. Got quote to replace what we currently have. 2 weeks ago I was promised a call from IBM sales to discuss further. Never got that call.
LogRhythm
Appliance based solution. Online evaluation, full demo, great interaction with presales engineering. International support team.
  • Price
  • Product Features
  • Product Usability
  • Product Reputation
  • Third-party Reviews
LogRhythm is an appliance based solution. We deployed it as a high-availability collector, with servers in all our geographically diverse data centers. The appliance had the ability to add additional storage to the repository as our storage requirements and retention times are extensive. We looked for a solution that had great reviews in the vertical space (SEIM). Log Rhythm's core business is just that.
I would have required all competitors to provide custom reports that mirrored what we were getting from the system we retired. I would have asked for a side by side evaluation to be run for 30 days in our environment to compare all features. Log Rhythm advertised the features, but it took some time (up to a year) to realize that value.

Would I buy it again? Yes, but I would hire the Pro Services team to come on site and see our old platform, before deploying the new one.
  • Implemented in-house
  • Professional services company
The implementation was two tiered in so much as our internal teams provided the initial rack and cable, base configuration and turn on. We then worked with the Pro Serve team at L R to get the system configured. There was issues not discussed by the sales team such as the need for a license for the full feature System monitor agent. Part of that disconnect was due to our changing sales force reps in the middle of the negotiation.
Yes
Physical installation. Rack, cable and network configuration
Power on and initial configuration of appliances
Configuration of log collectors
Configuration of endpoints to direct logs to the system (this is the most time consuming of all the steps)
Verify and accept logs from various resources
Begin creating lists of resources
Create reports and validate expected results, Tune report criteria, repeat
Create training documents for internal users

Change management was a small part of the implementation and was well-handled
Our company has a well defined change management program. The most challenging issue is getting the project team to understand the steps required to implement a system of this type. The other challenging issue was the steps to configure Windows logging and alerting. Tuning of logs could only be accomplished after the collection of a large number of logs. The tuning phase did not require C M approval or oversight.
  • Configuration of the Life Keeper software
  • Configuration of the endpoints. We have a large group of dissimilar systems including AIX, *inux, Cisco, Windows and other resources.
  • Pruning of logs not needed for daily operations.
  • Learning to generate reports similar to the ones previously available through our old SIEM Platform
  • Buy professional services.
  • Buy and implement the system if possible.
  • Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
  • Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
  • Don't be afraid to call for help during your first months of use.
  • Don't close any ticket until you are sure the expected results are verified.
  • Use the community forums to discuss issues with your peers.
  • Watch the training videos offered by L R University.
Yes
UP time is of the essence. I have a high availability deployment and must keep logs flowing into the system. Our desktop and analyst support teams uses the WebUI for daily operational and troubleshooting. The security team uses LR for reporting, alerting and monitoring of bad behavior trends.

Additionally, support is needed to assist when we can't get the information we know is there.
Over the last couple of years, we have had some challenges requiring longer and higher tiered support. Log Rhythm was quick to assign a 3rd tier engineer to assist us in identifying and re-mediating those problems. They have also assisted in getting us to later versions. They are willing to hand hold during platform upgrades.
Yes
I have discovered a couple of bugs in the reporting tools. Log Rhythm was quick to find workarounds and the issues were corrected in patch deployments.
During a recent update, there were issues with the 3rd party app (Life Keeper) that manages the high availability connection between the main system and backup server. That app had issues, and required the L R tech staff to engage other teams. They coordinated a conference call and worked with the other parties to insure I would get the assistance required to solve the issue. At the end of a couple of days, the issue had been corrected and the L R tech called to review and verify that failover was working as expected.
  • The WebUI is the most used part of the platform, used by our Desktop support analysts, engineers and others for daily operations.
  • The security team uses the console and reporting tool on a daily basis.
  • Adding new assets to the system is very easy.
  • Performing an investigation results in a case, which can be shared with team members.
  • The knowledge base is a great feature and keeps the system up to date with relevant data include report templates
  • The Malware feed monitor keeps the database up to date with potential threat information.
  • Reporting is very difficult, and results are often unpredictible
  • Building queries in the WebUI require a bit of scripting to get the desired result.
  • The AI Engine is a bit corny with the graphical cube approach to build out alert scenarios.
Training is lacking for the reporting and query building. Overall, the investigation tool is my most used feature. It is very easy to drill down when searching for an interesting event.
The real time dashboard in the console is feature rich and provides graphical views and the ability to see associated logs.

The alarms dashboard displays the most recent significant events, and the ability to track and document how the event is being handled.
Return to navigation