We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The pricing of the product is excellent."
"The analytic rule is the most valuable feature."
"Sentinel pricing is good"
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Log aggregation and data connectors are the most valuable features."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the packet inspection and the automated incident response."
"It's quite economical compared to other solutions in the market."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"The newer 11.5 version that my team is using has found it to have good mapping."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Incident management is its most valuable feature."
"NetWitness can be highly beneficial for incident detection and response."
"Visualizations are the best way to understand deviation techniques from the norm."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"I like the ease with which dashboards can be created."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"We solve issues that we previously could not since we now have the data."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution could be more user-friendly; some query languages are required to operate it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I would like to see more AI used in processes."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The user interface is a little bit difficult for new users and it needs to be improved."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The initial setup is complex. There are other solutions that are easier to implement."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"Health monitoring of the event sources and devices."
"Its technical support could be better."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
"There can be a bit of complexity around some fields during the initial setup."
"The analytics of Splunk could be improved."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"The cluster environment should be improved. We have a cluster. In the Splunk cluster environment, in the case of heavy searches and heavy load, the Splunk cluster goes down, and we have to put it in the maintenance mode to get it back. We are not able to find the actual culprit for this issue. I know that cluster has RF and SF, but it has been down so many times. There should be something in Splunk to help users to find the reason and the solution for such issues."
"Many of my clients want to get better at Splunk, but they're afraid of using the tool because they feel it's too complex for them."
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.