We performed a comparison between LogRhythm SIEM and Snare based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"It's reliable and the performance is good."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"We should be able to response to threats and gain visibility into our environment that we don't currently have."
"In terms of security, LogRhythm NextGen SIEM is great."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"Snare has good agents, especially for Windows."
"The best thing about Snare is its format and consistency."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"There is room for improvement in entity behavior and the integration site."
"I think the number one area of improvement for Sentinel would be the cost."
"We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes."
"The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
"We've had issues with scaling and local support."
"There is room for improvement with separate running sources or better integration."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Users will initially find it difficult to identify the event types and installation in Snare."
"Snare should modernize its GUI a little bit."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while Snare is ranked 41st in Log Management with 3 reviews. LogRhythm SIEM is rated 8.4, while Snare is rated 8.0. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Snare is most compared with Splunk Enterprise Security, syslog-ng, SolarWinds Kiwi Syslog Server, ArcSight Enterprise Security Manager (ESM) and Elastic Security. See our LogRhythm SIEM vs. Snare report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.