We performed a comparison between LogRhythm SIEM and Palo Alto Networks AutoFocus based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
"This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The user interface is pretty good compared to other SIEM tools."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"The content in the community is very helpful and useful for new users."
"The feature that makes it usable is the web interface."
"The feature that I like best is the dashboard."
"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."
"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."
"It integrates well with other solutions and provides good threat intelligence in terms of external threats."
"The most valuable feature is alerting."
"I would really like to see some type of group or global management for RIM policies,"
"Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"The initial setup is not so easy because it is quite a process."
"Sometimes the Platform Manager crashes because it's built around Windows."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"NextGen SIEM's integration with other software is good but could be improved."
"It is a completely cloud-based product at present."
"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."
"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."
"It would be helpful to have better documentation for configuring and installing the solution."
"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Palo Alto Networks AutoFocus is ranked 11th in Threat Intelligence Platforms with 5 reviews. LogRhythm SIEM is rated 8.4, while Palo Alto Networks AutoFocus is rated 7.8. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Palo Alto Networks AutoFocus writes "Impressive performance and monitoring capabilities but lacks in documentation". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel, whereas Palo Alto Networks AutoFocus is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, VirusTotal and Cisco Threat Grid.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.