We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"We have no complaints about the features or functionality."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The initial setup is very simple and straightforward."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"It's quite economical compared to other solutions in the market."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable feature is the security that it provides."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Performance and reporting are very good."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"The web interface is great — very useful and user-friendly."
"The UI is very good."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"It improved my organization by building a security alerting program."
"The solution's initial setup is easy."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The playbook is a bit difficult and could be improved."
"We are invoiced according to the amount of data generated within each log."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The tool's integration capability isn't so great."
"The initial setup is complex. There are other solutions that are easier to implement."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"An area for improvement would be better automation and more inbuilt use cases."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.