We performed a comparison between Microsoft Sentinel and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The main benefit is the ease of integration."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"Offers a good wireless feature."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The playbook is a bit difficult and could be improved."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"We'd like to see more connectors."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"We have encountered issues with unresolved crashes."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"It is not so easy to customize this product."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews while NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews. Microsoft Sentinel is rated 8.2, while NetWitness Platform is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Microsoft Sentinel vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.