We performed a comparison between LogRhythm SIEM and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Log aggregation and data connectors are the most valuable features."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The UI-based analytics are excellent."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
"The GUI is very intuitive and the solution has good integration."
"LogRhythm does a very good job of helping SOCs manage their workflows."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"It allows us to automate a lot of things with a smaller team."
"The content in the community is very helpful and useful for new users."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"It provides easy visibility. I also like the shareable queries because we share a lot across groups."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The playbook is a bit difficult and could be improved."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"The installation was a bit complex because we are running a virtual infrastructure."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"I would like a more fuller implementation of STIX/TAXII so I can pull in some of the government lists without having to go implement a whole new STIX/TAXII platform."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"The initial setup is the most stressful, like learning how to use it."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"Sumo Logic Security is expensive, and its pricing could be improved."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. LogRhythm SIEM is rated 8.4, while Sumo Logic Security is rated 8.6. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiSIEM, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and Falcon LogScale. See our LogRhythm SIEM vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors, best Log Management vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.