We performed a comparison between Corelight and NetWitness XDR based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA)."It's easy to create additional dashboards specific to supporting specific tasks."
"The most valuable feature is the embedded IDS from Suricata."
"It's an easy way for us to get visibility in a client's environment."
"Corelight is easy to use."
"It is easy to deploy and easy to handle."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"This solution allows us to locate the malware in real-time."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The log correlation is good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The interface of this solution is very flexible and easy to use."
"The stability of the RSA NetWitness Endpoint is very good."
"In the next release, building a graphical user interface would be helpful."
"Corelight hasn’t added features in a long time."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"Machine learning could be a good improvement, but it's very costly."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The initial setup requires a high level of skill."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"RSA NetWitness Network could improve on integration with non-native application integration."
Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Corelight is rated 9.0, while NetWitness XDR is rated 8.0. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Corelight is most compared with ExtraHop Reveal(x), Darktrace, Vectra AI, Cisco Secure Network Analytics and ExtraHop Reveal(x) 360, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Trend Micro Apex One.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.