RSA NetWitness Logs and Packets (RSA SIEM) Review

It alerts anomalies on the network. But, we have encountered issues with unresolved crashes.

What is our primary use case?

We use it as a network tool to alert any anomalies on the network.

What is most valuable?

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product continues to crash. Even with tech support help, it does not resolve itself.

How are customer service and technical support?

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system crashes. They configured the rules and then it crashed again. It is quite frustrating.

Which solution did I use previously and why did I switch?

The packet has a model that is called the extracting and it doesn't really work that well. Usually, it crashes and the re-issue improves it because it is one of the main functions that we use and it doesn't work properly.

How was the initial setup?

It was very hard to implement. After implementation, we found e had to revise everything. With help of support, we eventually managed to stabilize it. But, it took a full year to do so.

Which other solutions did I evaluate?

The only other solution similar to this is Solera and I do not think our organization will be switching to that. 

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More RSA NetWitness Logs and Packets (RSA SIEM) reviews from users
...who work at a Comms Service Provider
...who compared it with ArcSight
Add a Comment