RSA NetWitness Logs and Packets (RSA SIEM) Review

Provides a comprehensive trace investigation with the packet capture feature


What is our primary use case?

The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.

What is most valuable?

The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs. So, the capture packet also gives you specific insight into what's going on in the network, and it makes your trace investigation much more comprehensive.

The user interface is fine.

What needs improvement?

The reporting aspect could be improved. There are instances where you try to run the reports and then it does not give you the desired outcome. At times, it appears as if the reporting feature might be buggy.

You want to actually follow the trends and see how technology is advancing. I think they've done that with regard to security orchestration, automation, and response. However, I think that they could do better with the automation and response.

For how long have I used the solution?

We have been selling RSA NetWitness Logs and Packets (RSA SIEM) for 18 months now.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

This solution is scalable.

How are customer service and technical support?

Technical support has been quite a challenge. There are instances where you reach out to support, and the initial response is fast. When they get to experience what the problem is, we would expect them to be able to fix it on time, but then, we'd notice that there could be quite a lot of back and forth with customers in trying to get an issue resolved.

This is a situation where you have other solutions plugging into this one, so there are times when the issue being experienced has to do with another solution. So there are problems with accepting responsibility.

In general, I would rate them at 70% on technical support.

How was the initial setup?

I've not been involved in initial setup, but I've seen upgrades. I think it's quite straightforward.

What's my experience with pricing, setup cost, and licensing?

From a pricing perspective, I wouldn't say it's too expensive because recently, they came up with a good plan that would also work for small enterprises.

At the early stage, it was quite appliance-based, but now you have virtual machines that take away the appliance cost for customers. So, price wise, it is fair compared to the cost of other SIEM solutions.

What other advice do I have?

It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others. 

Which version of this solution are you currently using?

11.4
**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
More RSA NetWitness Logs and Packets (RSA SIEM) reviews from users
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,817 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest