We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Their technical support responds quickly and are knowledgable."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"The data representation options in the dashboards are excellent."
"Splunk is a user-friendly solution."
"Great platform with user-friendly interface and GUI."
"We can quickly search for almost anything across many log sources in seconds."
"The product has a good security posture."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"The solution's most valuable features are its ability to transact in the cloud and its ability to onboard data easily with minimum connectors."
"The on-prem log sources still require a lot of development."
"The solution should allow for a streamlined CI/CD procedure."
"The only thing is sometimes you can have a false positive."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"I would like to be able to monitor applications outside of the Azure Cloud."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The implementation needs assistance."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Health monitoring of the event sources and devices."
"The log system is a bit complex and has room for improvement."
"The product must improve insider threat detection."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"The threat management part is still lagging. There are some gaps in threat management. Other vendors have built-in threat management systems, but Splunk lacks the threat management component in its portal. The UEBA and everything else is perfect, but it lacks a unified threat intelligence and management part."
"You do need a lot of training and certification with this product."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"Their technical support sucks."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"Splunk has a steeper learning curve, making it feel less user-friendly."
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 235 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.