We performed a comparison between LogRhythm SIEM and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has a lot of great features."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It's pretty powerful and its performance is pretty good."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"Simple configuration and automatically syncs to the cloud platform."
"The alerting to drive investigations and remediation has been its most valuable feature."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"It is a very stable solution."
"I would like to see more AI used in processes."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"We'd like to see more connectors."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"It's not easy for someone new to the solution."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"The product's stability needs improvement."
"The responses provided by the cloud team are inefficient."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"Sometimes the Platform Manager crashes because it's built around Windows."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The main problem lies in the processes within the client's operating systems."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. LogRhythm SIEM is rated 8.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Trellix ESM, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Next DLP. See our LogRhythm SIEM vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.