LogPoint: a solid SIEM solution!
July 20, 2021

LogPoint: a solid SIEM solution!

Louis MILCENT | TrustRadius Reviewer
Score 9 out of 10
Vetted Review

Overall Satisfaction with LogPoint

We are an MSSP company with a SOC providing multiple security services, including forensic, pentest, incident response, etc. Initially we were only reseller and LogPoint integrator. The current SIEM we use for our SOC (LogRhythm) has many problems, is very expensive and the technical support team is slow to answer. Especially on log normalization. That is why we have started a migration to use LogPoint instead of LogRhythm in the next month.

LogPoint is not identical with LogRhythm, but has solid strengths, at least:
  • license model
  • technical support team (with possibility of support IP through VPN)
  • log normalization creation for unknown logs are pretty fast
  • no extra cost for high availability architectures
The only drawback for now are:
  • To simple alert management interface. When there is 10 identical alerts, it is difficult to still have a global vision of everything and it is time consuming to resolve all of them. LogPoint is clearly not usable as is for MSSP or big customers, a SOAR solution should be used in addition.
  • Clear interface, except sometime where it is a little bit confusing
  • Lack of self monitoring, we cannot know from the web UI if an alert rule is consuming to much resources.

  • Technical support team is fast and competent
  • License management and cost
  • Log parsing
  • New logs can be provided to the support team for parser creation
  • High Availability architecture does not cost more
  • Alerts interface is too simple, hard to keep visibility if there is more that 10 alarms
  • Web UI is clear but sometimes confusing
  • LogPoint never warns on bad practices that could leads to performance issues
  • Lack of self monitoring, to display which alert rule is consuming too much resources
For all points I already wrote before this question ;)

Do you think LogPoint delivers good value for the price?


Are you happy with LogPoint's feature set?


Did LogPoint live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of LogPoint go as expected?


Would you buy LogPoint again?


Support team is very fast to answer and very kind.
(Cannot skip without answer)
LogPoint can be deployed easily in high availability to absorb a lot of log per seconds. But LogPoint only, without SOAR, is not well suited for MSSP or big companies that could have a lot of alarm rules every days. There is no link between old and new alarms (for same IOC for example), and the interface is not enough clear to manage them all.

LogPoint Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Host and network-based intrusion detection