// Trust & Security Report

    LogRhythm (part of Exabeam post-2024 merger) logo

    LogRhythm (part of Exabeam post-2024 merger)

    Enterprise SIEM platform with behavioral analytics, threat detection, and compliance automation modules. LogRhythm merged with Exabeam on July 17, 2024, and now operates as a product line within Exabeam with maintained brand presence.

    Certifications held

    10

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    SOC 2 Type II Report

    Verify on exabeam.com
    ISO 27001
    HELD

    ISO 27001 certification held

    Verify on exabeam.securitypal.com
    ISO 27017
    HELD

    ISO 27017 certification held

    Verify on exabeam.securitypal.com
    ISO 27018
    HELD

    ISO 27018 certification held

    Verify on exabeam.securitypal.com
    GDPR
    HELD

    Exabeam complies with GDPR with appropriate technical and organizational measures in place. Certified to EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework.

    Verify on exabeam.com
    PCI DSS
    HELD

    PCI DSS certification listed in trust center

    Verify on exabeam.securitypal.com
    CCPA
    HELD

    CCPA certification listed in trust center

    Verify on exabeam.securitypal.com
    IRAP (Australian)
    HELD

    IRAP assessment at PROTECTED level completed

    Verify on exabeam.com
    TRUSTe
    HELD

    TRUSTe certification listed in trust center

    Verify on exabeam.securitypal.com
    Cyber Essentials
    HELD

    Cyber Essentials certification listed in trust center

    Verify on exabeam.securitypal.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    LogRhythm provides HIPAA compliance automation modules and healthcare security solutions but is not formally HIPAA certified. Offers prebuilt compliance modules to help customers meet HIPAA requirements.

    source: logrhythm.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Multiple regions supported with regional terms and conditions (APJ, Europe, Middle East/Africa, North America). Data Privacy Framework certifications indicate compliance with EU-U.S., UK, and Swiss-U.S. standards.

    Privacy policy does not mention training on customer data. Focus is on operational data collection, security incident analysis, and service delivery.

    // Security controls

    Encryption in Transit

    TLS encryption enforced for data transfer from all collectors to cloud

    logrhythm.com

    Encryption at Rest

    Customer data encrypted at rest

    logrhythm.com

    Vulnerability Management

    Regular vulnerability scans of product code; annual third-party Attack and Penetration Test with results shared to customers

    exabeam.com

    Data Processing Addendum

    LogRhythm Data Processing Addendum available for SaaS offerings (dated 05-2024)

    logrhythm.com

    Sub-Processor Information

    Sub-processor information available to customers

    logrhythm.com

    // Products & data scope

    LogRhythm SIEM PlatformSecurity Information and Event Management

    data: Ingests security logs and events from enterprise infrastructure

    Core SIEM product with behavioral analytics, threat detection, and compliance automation. On-premises and cloud deployment options.

    LogRhythm Cloud PlatformCloud SIEM / SaaS

    data: Cloud-native SIEM as-a-service

    Managed cloud offering with same compliance and security capabilities as on-premises version.

    Healthcare Security Compliance AutomationCompliance Automation

    data: Healthcare-specific compliance (HIPAA, HITECH, PI)

    Pre-built modules for healthcare organizations. Includes AIE rules, investigations, alarms, and reports.

    Compliance Automation ModulesCompliance

    data: Multi-framework compliance support (SOC 2, PCI DSS, GDPR, ISO 27001, FISMA, CMMC, NERC, etc.)

    Pre-built automation modules available at no charge to customers via Knowledge Base updates.

    User and Entity Behavior Analytics (UEBA)Analytics

    data: User behavior monitoring and threat detection

    Baseline activity detection and anomaly identification. Part of core SIEM platform and newer agent behavior analytics capabilities.

    // What to watch

    • HIPAA support: LogRhythm provides HIPAA compliance modules and automation but is NOT formally HIPAA certified. Marketing may emphasize healthcare compliance without clarifying this distinction.
    • Trust center accessed via Exabeam domain (exabeam.securitypal.com) reflecting post-merger structure - all certifications listed are shared across both brands

    // At a glance

    Pricing model

    Enterprise - typically subscription-based for cloud offerings, perpetual license with maintenance for on-premises

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on LogRhythm (part of Exabeam post-2024 merger)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    exabeam.securitypal.com

    > Browse all vendor trust reports