We performed a comparison between NetWitness Platform and RSA enVision based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The Log analytics are useful."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"We have no complaints about the features or functionality."
"NetWitness can be highly beneficial for incident detection and response."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The product's initial setup phase was not at all difficult."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable feature is the security that it provides."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The most valuable feature of this solution is the reporting."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The solution should allow for a streamlined CI/CD procedure."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"More customizability is required, which is something that they need to improve on."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The product's licensing models are complex to understand. This particular area needs improvement."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The solution should have more integration capabilities with different platforms."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
"In general, the solution currently isn't user-friendly."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews. NetWitness Platform is rated 7.4, while RSA enVision is rated 6.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". NetWitness Platform is most compared with Splunk Enterprise Security, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas RSA enVision is most compared with Splunk Enterprise Security and IBM Security QRadar.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.