We performed a comparison between LogRhythm SIEM and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"Their customer support is friendly and willing to help."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"We now have a central point of monitoring for all potential threats."
"It's reliable and the performance is good."
"The user interface is good."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"The web interface is great — very useful and user-friendly."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"It is a very stable solution."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"InsightIDR’s ability to process millions of transactions per day, and to notify me of the most critical ones, is priceless. InsightIDR has the alerts tuned, and has the ability to quickly drill down to determine the threat level."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"I think the number one area of improvement for Sentinel would be the cost."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"We are invoiced according to the amount of data generated within each log."
"The AI capabilities must be improved."
"The initial setup is not so easy because it is quite a process."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"I would like to see case management become more independent from LogRhythm itself."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"The log storage capacity should be increased."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"I feel it would greatly benefit from more supported log sources."
"The APIs can be further improved in Rapid7."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The main problem lies in the processes within the client's operating systems."
"The dashboard is an area that could be simplified."
"The product allows us to make only 30 custom rules."
"They should add more configuration and security features to it."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. LogRhythm SIEM is rated 8.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Trellix ESM, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Next DLP. See our LogRhythm SIEM vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.