We performed a comparison between LogRhythm SIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The Log analytics are useful."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
"The content in the community is very helpful and useful for new users."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"Offers a good wireless feature."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Their technical support responds quickly and are knowledgable."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I would like to suggest that they should improve their usage of third party tools for making dashboards and reports. If they would create their own tools for dashboard and report, it would be much better in terms of security purposes."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"I would probably look for more things to go into the web console that is currently on the fat client."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"Scalability-wise, it's not that great."
"It is a product that is very hard to use."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"An area for improvement would be better automation and more inbuilt use cases."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The tool's integration capability isn't so great."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while NetWitness Platform is ranked 20th in Log Management with 36 reviews. LogRhythm SIEM is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and LogRhythm Axon, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Arbor DDoS. See our LogRhythm SIEM vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.