We performed a comparison between NetWitness Platform and RSA enVision based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The automation feature is valuable."
"The main benefit is the ease of integration."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It has basic out-of-the-box integrations with multiple log sources."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Their technical support responds quickly and are knowledgable."
"The most valuable feature is the hunting ability to work in a CERT."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable features are the threat prediction and network forensics."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable feature is the security that it provides."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The playbook is a bit difficult and could be improved."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Its technical support could be better."
"The solution should have more integration capabilities with different platforms."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"RSA enVision log manager is out of date and is not in use anymore."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews. NetWitness Platform is rated 7.4, while RSA enVision is rated 6.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". NetWitness Platform is most compared with Splunk Enterprise Security, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas RSA enVision is most compared with Splunk Enterprise Security and IBM Security QRadar.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.