We performed a comparison between Google Chronicle Suite and LogRhythm SIEM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The UI-based analytics are excellent."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"Google Chronicle Suite provides useful APIs."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The support team is responsive."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The log folder is fairly simple."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The tool's most valuable feature is the search option, allowing easy navigation."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"Technical support is very helpful and responsive."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"NextGen SIEM's most valuable feature is its user-friendliness."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"There is room for improvement in entity behavior and the integration site."
"I think the number one area of improvement for Sentinel would be the cost."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The solution could be more user-friendly; some query languages are required to operate it."
"The product can be improved by reducing the cost to use AI machine learning."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The solution's graphical user interface (GUI) should be more user-friendly."
"A few areas are difficult to understand for someone who has less experience using the product."
"The product's default dashboard feature has a few limitations regarding availability."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The configuration is not optimal."
"The tool is complicated for a first-time user. It should also include newer APIs."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."
"The customer support system is time-consuming."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Google Chronicle Suite is rated 7.8, while LogRhythm SIEM is rated 8.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Fortinet FortiSIEM, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM. See our Google Chronicle Suite vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.