LogRhythm has served enterprise security operations teams for over two decades with a consistent strength: built-in SOAR case management that does not require a separate SOAR product. The native playbook engine, FedRAMP authorisation, and particularly strong NERC CIP compliance reporting for energy and utilities organisations reflect a product built for regulated industries with specific operational requirements.
The concern for buyers in 2025 is the Thoma Bravo acquisition and the announced merger with Exabeam. Both LogRhythm and Exabeam are now under the same PE ownership and the integration path between the two products creates genuine roadmap uncertainty.
The verdict: LogRhythm is worth evaluating for energy, utilities, and regulated industries where NERC CIP compliance is a requirement and built-in SOAR is valued. Organisations without these specific requirements should evaluate Microsoft Sentinel or Splunk, which have clearer ownership and roadmap stability.
Last reviewed: May 2026
G2
4.0143 reviews
Gartner
4.4706 reviews
PeerSpot
7.8130 reviews
Gartner MQ: Challenger
SIEM assessment
PROTECTIONAdequate
Log source coverage
3 / 5
Good log coverage for traditional enterprise sources. Scored 3 because cloud-native source integration is less mature — a documented gap in Gartner's move of LogRhythm from Leaders to Challengers.
Sources: Gartner MQ SIEM 2025
Detection content
3 / 5
Solid rule-based detection content. Scored 3 because UEBA and ML-based detection are less advanced than modern SIEM vendors.
Sources: LogRhythm documentation, Gartner reviews
OPERATIONSAdequate
SOAR & automation
4 / 5
LogRhythm SOAR is built-in — case management and playbooks are native to the platform. One of the stronger built-in SOAR integrations for a mid-market SIEM.
Sources: LogRhythm SOAR documentation
Cost model
3 / 5
MPS (Messages Per Second) pricing. Scored 3 because pricing model can be confusing and expensive at scale. Thoma Bravo PE ownership adds pricing uncertainty.
Sources: Gartner reviews, G2 review sentiment
ANALYTICSStrong
Compliance reporting
4 / 5
Strong compliance reporting — particularly for NERC CIP (energy/utilities). FedRAMP authorised. 30-day free trial is unique among enterprise SIEMs.
Sources: LogRhythm compliance documentation
TRUST & ECOSYSTEMAdequate
Ecosystem support
3 / 5
Solid but narrower ecosystem than top-tier vendors. Scored 3 because merger with Exabeam (Thoma Bravo 2024) creates integration uncertainty.
Sources: LogRhythm partner documentation
Strongest: SOAR & automation
Watch out for: Ecosystem support
Strengths & limitations
Strengths
●706 Gartner reviews — one of most-reviewed SIEMs
●Embedded security orchestration and rich case management
●30-day free trial; FedRAMP authorised
Watch out for
●Fell from Leaders to Challengers — cloud SIEM deficiencies
●Thoma Bravo PE ownership raises roadmap questions
●MPS pricing model confusing
Best for
Mid-market needing full-featured hybrid SIEM with built-in orchestration, especially in energy (NERC CIP).
Not suitable for: Cloud-native orgs — dropped from Gartner Leaders