|
Capability |
LogRhythm on-prem |
LogRhythm Cloud |
Notes |
|
Entity, Network and Host Management |
Yes |
Yes |
|
|
AIE Rule creation |
Yes |
Yes |
|
|
Knowledge Base |
Yes |
Yes |
|
|
UEBA |
Yes |
Yes |
|
|
NDR |
Yes |
Partial |
Integration with on-premise Network Monitors to retrieve PCAP in the Web Console is not supported. |
|
TIS – Open Source & Commercial |
Yes |
Yes |
|
|
API access - Internal |
Yes |
Yes |
The REST API is available. The SOAP API is not. |
|
AD integration |
Yes |
No |
Affects Windows Host Wizard and Lists based on AD Groups. Workarounds available. User management has moved to Single Sign On. |
|
Single Sign On (SSO) |
Yes |
Yes |
|
|
Full Log Collection |
Yes |
Yes |
|
|
Data Archiving |
Yes |
Yes |
|
|
Reporting |
Yes |
Yes |
|
|
Case Management |
Yes |
Yes |
|
|
High Availability |
Yes |
N/A |
|
|
Disaster Recovery |
Yes |
N/A |
|
|
Web Console |
Yes |
Yes |
|
|
Custom Dashboards |
Yes |
Yes |
|
|
MPE Rule Creation |
Yes |
Yes |
|
|
SmartResponse |
Yes |
Yes, from Agent |
|
|
Playbooks |
Yes |
Yes |
|
|
Direct SQL Access |
Yes |
No |
Direct SQL Access is unavailable. As such, the following tools are unsupported: Echo, Kibana integration. |
|
Cloud to Cloud log collection |
No |
Yes |
|