We performed a comparison between NetWitness Platform and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The machine learning and artificial intelligence on offer are great."
"Sentinel pricing is good"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Log aggregation and data connectors are the most valuable features."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"The most valuable features are the integration and ease of use."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"NetWitness can be highly beneficial for incident detection and response."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are the threat prediction and network forensics."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"Dashboards, including the main screen, provide much-needed information at a glance, without hours of coding and sifting through logs to find it. In case of an actual security incident, I have faith that insightIDR has retained all logs in a secure manner that prevents log tampering as well."
"The solution is very stable and works very well for what I need it to do."
"InsightIDR helps us investigate an environment to discover information about incidents."
"I rate Rapid7 nine out of 10 for affordability"
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"It improved my organization by building a security alerting program."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The on-prem log sources still require a lot of development."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The initial setup is complex. There are other solutions that are easier to implement."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The implementation needs assistance."
"The initial setup is very complex and should be simplified."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"Inability to get access to compliance reports within the solution."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"They should add more configuration and security features to it."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Needs a better ability to customize the check within the console."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. NetWitness Platform is rated 7.4, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity. See our NetWitness Platform vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.