TrustRadius Insights for LogRhythm NextGen SIEM Platform are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.
Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.
Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.
Loading Reviews List....
LogRhythm NextGen SIEM Platform Reviews
1 Review
Engineering
Search is temporarily unavailable. Filters are still applied.
I manage multiple instances of LogRhythm for customers that my company provides managed security services for. My team provides the rules, reports, and dashboards. Analysts use it to detect and respond to threats in our customers' environments. Our customers use LogRhythm to monitor their entire organizations ranging in size from 100-10,000+ end points plus network and security devices. The primary business problems that the SIEM solves is providing a single pane of glass for security while also providing a platform for conducting correlation across the network and time.
Pros
LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
Cons
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
Likelihood to Recommend
I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.