5 out of 5.0, Reviewed Dec 2, 2016
LogRhythm has been quick to respond to queries and very helpful when we've run into roadblocks.
License the product to the number of messages per second (MPS) you think you will need, but be ready to increase the MPS license as the number of logs coming in can be larger than expected.
The dashboard and support are excellent.
4 out of 5.0, Reviewed Dec 1, 2016
PreSales support was great. Post sales support was lacking. MSSP and vendor spent more time finger pointing and took too long to resolve issues. There were some misses on the licensing but can be attributed to us just as much as LogRhythm.
This is a great SIEM but as with anything, requires a lot of care and feeding to get the results you need. Lean on the vendor for support and they will help.
Modification of rules/thresholds can be cumbersome. Still easier than other SIEMs but not an easy task.
I wish they had sold us what we needed, not what we budgeted. We should have increased our spend to get the capabilities we needed for our organization.
Chose a better MSSP for the implementation and 24x7 monitoring.
Mostly due to MSSP, not LogRhythm.
4 out of 5.0, Reviewed Nov 28, 2016
The functionality is valuable, but the licensing model doesn't meet our needs.
You need to have a good understanding of the EPS before selecting a product.
Redo their licensing model.
We may build an internal SIEM solution with open source tools
5 out of 5.0, Reviewed Sep 16, 2016
It's a great SIEM product right out of box and replaced our previous SIEM tool. From the beginning we just bring in log sources, go through the core module and turn on each AI engine rule to start. As we go through training and gain more experience with the product, we find even more use case and more value to the product.
Understand your environment and log sources. You might have more hidden log sources that can be utilized by the tool that you don't know.
The AIE provide correlation that help identify anomaly automatically so we can be notified through alarm or email alert.
None so far.
Identify all the log sources and discuss the deployment scenario with professional service at the beginning to get a full picture.
The product has all the capabilities we are looking for. There are several other features that we have not implemented yet/looking into implementing, such as threat intelligence feed, honeypot, File Integrity Monitoring...etc.
Support was very responsive.
4 out of 5.0, Reviewed Aug 17, 2016
LogRhythm can do a lot. But, it takes a lot to configure it properly. If you have other responsibilities and no one dedicated to the security role, you may find yourself getting it set up just enough to give you some alerts and then leaving it alone. This can cause problems for two reasons. One, when you do get back to it you find it hard to remember what to do. Two, I have logged into the appliance after a long period of not managing it and noticed the system monitors down. This ended up being due to Windows Updates that had happened on these devices a month before. Overall, it's a great product but it does take the time to manage. It is not a drop in and forget it device. Yes, you can do that and yes it will work, but that is nowhere near ideal.
Support is usually very quick to respond and they have always been able to find an answer quickly.
2 of 2 peer(s) found this review helpful.
4 out of 5.0, Reviewed Aug 15, 2016
We transitioned from the other big-name SIEM to LogRhythm, and have been pleased with the product.
Much easier to use out-of-the-box than Splunk, although there is a learning curve and takes some time getting used to.
Could be a little more intuitive on setting up alerts.
Support is helpful land timely. Only glitch would be that it took a week to get support portal access.
Professional services team were fantastic. Very helpful in transitioning from one SIEM to another, on the SAME infrastructure hardware (physical box)
4 out of 5.0, Reviewed Aug 9, 2016
The non-HA solution is very simple to implement and deploy. HA brought about some degree of complexity in terms of installation and configuration. The benefits of HA, however, are noteworthy particularly when updates/patches need to be installed and log collection cannot be interrupted. The recent addition of ElasticSearch for search and analysis is phenomenal.
We had a central Syslog collector that was hard to use, and by replacing it with LogRhythm, security incident investigations became a lot easier.
HA is of great benefit and would provide the optimum benefit when it becomes automated in terms of switch over.
The support team has been very responsive to our cases and provided acceptable solutions.
Syslog collection is the easiest to set up. Windows logs require an agent that is easy to install.
5 out of 5.0, Reviewed Aug 1, 2016
Willingness to work with their customers to deliver what they need.
5 out of 5.0, Reviewed Jul 26, 2016
Over the years LogRhythm has been extremely helpful and attentive. We have utilized this product since 2009, and while it was a better product at the time than the rest, it has only improved with age, and at the same time as the company has grown so large, they have managed to keep the loyalty to its customers by acknowledging the importance of customer service. Every upgrade has been well documented, easily performed, and team members have been in constant contact making sure we were satisfied. All tickets are addressed in a timely manner, with great knowledge. LogRhythm is an unbeatable solution whose capability keeps growing and improving while offering customer service and technical solutions of equal caliber.
The product is highly scalable and allows us to collect millions of logs each day, only to be limited by our personal resources (RAM/Storage).
We can't even keep up with the capabilities, but upon release, capabilities fuction as advertised or are annotated and disclosed.
4 out of 5.0, Reviewed Jun 16, 2016
Great organization to work with. It grows with my company and leverages peer groups to look at business functions.
Use a LogRyhtm TAM and configure the system to what your initial needs are. Then speak to your peers.
The hunting capabilities. It will go through 1.7 million logs and show me the few anomalies to focus on.
Support is great and the company is led by innovators.
I invested in a SOC, Not sure I see the value.
You need to completely bring in all log sources the more sources the greater value.