We performed a comparison between LogRhythm SIEM and Recorded Future based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The product can integrate with any device."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The pricing of the product is excellent."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"The feature that makes it usable is the web interface."
"Provides visibility into the network."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"The security operation center is excellent."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"As a threat intelligence tool, it's very helpful."
"The solution is diverse and provides me with a lot of different mechanisms for evaluation."
"From the feedback I've received from my clients, the most valuable feature is the ability to personalize the solution. The ability to have a customized dashboard makes it easy for leadership and management to obtain details. Intelligence analysts or security engineers care about the actions and results, whereas the leadership care about graphs and reports. Recorded Future helps my clients create reports and also determine how the intelligence that is generated is consumed. They can easily show the benefits to the leadership without them having to invest 10 hours a week into transferring numbers into a graph or into creating reports."
"The most valuable features of Recorded Future are the useful alerts it provides. If we are monitoring a domain, the solution will provide us with an alert in a prompt manner. It is simple for clients to receive alerts. The advanced search is useful for more accurate filter results."
"It can collect data from various sources, including social media and the dark web."
"The tool is helpful in vulnerability assessment of zero-day vulnerabilities and phishing domains. The solution provides information on any domains of the organization that has undergone phishing or any other cyberattacks."
"Has the ability to conduct and build any query without limitations."
"The intel that they were providing us over the emails was very good. If it found any hashtag in our organization's name on the dark web, a rogue IP, or a marketplace, it would send us an email and notify us that this is being mentioned, and if we want, they can take some action."
"The on-prem log sources still require a lot of development."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"We are invoiced according to the amount of data generated within each log."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"The responses provided by the cloud team are inefficient."
"In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."
"There is a semantic oncology dynamic relationship between how the MIGR Tech framework needs more data infusion enrichment capabilities."
"We can get the data of different malware active throughout the globe, but it would be good if we can do sandboxing of a file. For example, on Any Run, we can perform sandboxing of malware along with their intel about a particular file or hash. It would be great if they have a feature like that."
"It sometimes detects false positives and reduces the overall accuracy of the system."
"Recorded Future is a very expensive solution, and its pricing could be improved."
"The solution could improve in reducing the false positives. However, most of the other tools on the market have false positives. If they enhance their data algorithm, it could improve the accuracy of results and minimize false positives. Identifying patterns of false possibilities can aid in developing better reporting features that could potentially eliminate them in the future. This recording feature tool could benefit from adopting similar techniques utilized by other tools to enhance its functionality. By doing so, it could minimize the need for manual efforts in distinguishing true positives from false positives, ultimately reducing the workload."
"The product gives many false positives. If someone talks about the brand or organization name in the public domain over chats or blocks, it gets highlighted. It may not necessarily be a threat but still gets highlighted which increases the false positive count."
"The solution would benefit from introducing automation."
"At present, my clients need to be trained by me or another organization on how to use Recorded Future and how to get the best out of it as an analyst, engineer, and administrator. It would be better if clients could directly learn these things without having to go through me or other organizations."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Recorded Future is ranked 1st in Threat Intelligence Platforms with 10 reviews. LogRhythm SIEM is rated 8.4, while Recorded Future is rated 8.6. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Recorded Future writes "Traceless online searches, stable, and scalable". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Recorded Future is most compared with ZeroFOX, CrowdStrike Falcon, Intel 471, Digital Shadows and Anomali ThreatStream.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.