We performed a comparison between LogRhythm SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
"Their customer support is friendly and willing to help."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Incident management is its most valuable feature."
"The most valuable feature is the hunting ability to work in a CERT."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The most valuable features are the threat prediction and network forensics."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."
"I would like to see more integration with more products that are out there within the same security field."
"The log storage capacity should be increased."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"I would probably look for more things to go into the web console that is currently on the fat client."
"Health monitoring of the event sources and devices."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"It is not so easy to customize this product."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The initial setup is very complex and should be simplified."
"The tool's integration capability isn't so great."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. LogRhythm SIEM is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Microsoft Sentinel and LogRhythm Axon, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Fortinet FortiSIEM. See our LogRhythm SIEM vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.