A very powerful SIEM with a robust AI engine
Anonymous | TrustRadius Reviewer
September 13, 2019

A very powerful SIEM with a robust AI engine

Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with LogRhythm NextGen SIEM Platform

We currently are utilizing the LogRhythm SIEM primarily for Information Technology needs. This product is leveraged in a number of ways, one of which is to help auditing security events such as someone being added to the "Domain Administrators" security group in Active Directory. Additionally, we utilize the dashboards (both built-in and custom) to monitor events such as successful authentications from outside of the United States (since all our offices are within the USA).
  • LogRhythm SIEM provides an amazing granularity when it comes to building reports and alerts/alarms. There are a variety of syntaxes that are supported (regex, boolean, Lucene, etc) so getting exactly what you want is easy.
  • There is a vast amount of pre-defined log source types already available so adding new log sources is a breeze. Additionally, you have the ability to custom-parse a log type for those instances in which there isn't already a pre-defined log type.
  • LogRhythm is constantly improving its software and the capabilities/integrations that it provides. SmartResponses are also frequently being developed, which really help us to quickly (or automatically) take action when certain events are triggered.
  • They have been expanding the functionality of the "cases" features in the SIEM, which works fine, however, we don't utilize that feature in our deployment so (for us) it is a wasted feature.
  • Since the application provides such granularity/control, it can seem a little overwhelming to someone unfamiliar with the software. Luckily the software is pretty intuitive and laid out in a manner that is easy to understand. I would highly recommend sending your administrator to the (1 week long) on-site training that LogRhythm offers.
  • In order to really get the most out of the software, it takes a decent amount of work to get it configured. The software will function without specifying your subnets/VLANs, but for more accurate reporting it is recommended to define that information. I don't really consider that to be an oversight or issue with the software, but it is something to think about with any SIEM solution. It takes a little bit to really get it defined before you get the most out of it.
  • The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
  • Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
  • The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
The overall support that we have received has been excellent. With the combination of professional services/support and the community website, we have been able to resolve all issues that we have encountered. There was at least one instance in which we experienced an issue for almost a year before the ultimate solution was discovered, but that was more about convenience in upgrading rather than the application functioning as a SIEM.

Do you think LogRhythm NextGen SIEM Platform delivers good value for the price?

Yes

Are you happy with LogRhythm NextGen SIEM Platform's feature set?

Yes

Did LogRhythm NextGen SIEM Platform live up to sales and marketing promises?

Yes

Did implementation of LogRhythm NextGen SIEM Platform go as expected?

Yes

Would you buy LogRhythm NextGen SIEM Platform again?

Yes

I currently am leveraging LogRhythm to help me keep an eye on auditing. I have configured many different AI rules that look for specific event IDs such as users being added to administrator groups, accounts being locked out, or successful international logins. Additionally, since Windows Event logs frequently fill up and are overwritten, we use the LogRhythm SIEM as a log repository that can be searched to help identify the root cause of outages. The "second look" feature is nice as well because I can do a historical search in logs from well over a year in the past.

LogRhythm NextGen SIEM Platform Feature Ratings

Centralized event and log data collection
10
Correlation
9
Event and log normalization
10
Deployment flexibility
8
Integration with Identity and Access Management Tools
8
Custom dashboards and views
10
Host and network-based intrusion detection
9