We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Performance and reporting are very good."
"The most valuable features are the integration and ease of use."
"The solution is really scalable for the high-end power, enterprise customer."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"This is a straightforward solution, easy to configure."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"Speeds up root cause analysis and can help identify issues that your organization never realized were occurring."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"The ability to ingest different log types from many different products in our environment is most valuable."
"Splunk has give us the capability to easily track problems and their status."
"The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The initial setup is complex. There are other solutions that are easier to implement."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"Splunk could have more built-in use case presets that customers can build on and customize."
"The user experience could be improved."
"Its user interface for everything other than the charts can be improved. Some parts of it can be simplified a bit, such as when importing documents that have the network traffic. When you're going through the information about the network traffic, you have to have the expertise, but even if a program is supposed to be for IT support, it is good to make it user-friendly because it gets easier to train people. When something goes wrong, the more difficult a program is in terms of UI, the harder it is to fix the issue."
"It does not give us permission to implement on-premise so we implement them on the cloud."
"While Splunkbase (the app repository) has a lot of great content, some apps are terribly old and could stand to be updated or purged."
"Delays in responses from the technical team can pose challenges for both vendors and clients, especially considering that Splunk applications and machine solutions are critical assets."
"Professional support is great, but too expensive."
"The price has room for improvement."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 246 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Microsoft Sentinel and Trellix Network Detection and Response, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.