We performed a comparison between NetWitness Platform and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The most valuable features are the integration and ease of use."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Performance and reporting are very good."
"We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"It supports high availability, which is very helpful."
"The most valuable feature is the ease of use for the end user."
"It's extremely easy to deploy."
"SolarWinds Security Event Manager has been generally working well."
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The product can be improved by reducing the cost to use AI machine learning."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The on-prem log sources still require a lot of development."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The solution should have more integration capabilities with different platforms."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"It is not so easy to customize this product."
"Its technical support could be better."
"More customizability is required, which is something that they need to improve on."
"The company had to use a third party for the implementation of the solution."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"The only issue is the pricetag. SolarWinds is a costly solution."
"There are no multiple dashboards which would allow you to see information side-by-side."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
More SolarWinds Security Event Manager Pricing and Cost Advice →
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. NetWitness Platform is rated 7.4, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender XDR and Wazuh. See our NetWitness Platform vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
