Compare RSA NetWitness Logs and Packets (RSA SIEM) vs. Splunk

RSA NetWitness Logs and Packets (RSA SIEM) is ranked 13th in Security Information and Event Management (SIEM) with 9 reviews while Splunk is ranked 1st in Security Information and Event Management (SIEM) with 57 reviews. RSA NetWitness Logs and Packets (RSA SIEM) is rated 6.8, while Splunk is rated 8.8. The top reviewer of RSA NetWitness Logs and Packets (RSA SIEM) writes "Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time ". On the other hand, the top reviewer of Splunk writes "Its AMIs make it easy to spin up a Splunk cluster or add a new node to it". RSA NetWitness Logs and Packets (RSA SIEM) is most compared with Splunk, IBM QRadar and ArcSight, whereas Splunk is most compared with IBM QRadar, Dynatrace and Graylog. See our RSA NetWitness Logs and Packets (RSA SIEM) vs. Splunk report.
Cancel
You must select at least 2 products to compare!
Most Helpful Review
Find out what your peers are saying about RSA NetWitness Logs and Packets (RSA SIEM) vs. Splunk and other solutions. Updated: January 2020.
397,983 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The most valuable features are the integration and ease of use.The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it.The most valuable features are the packet decoder, log decoder, and concentrator.It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible.The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that.The most valuable features are its ingestion of logs and raising of alerts based on those logs.Their technical support responds quickly and are knowledgable.The most valuable feature is the correlation. It can report in real-time and monitor the management.

Read more »

With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEMOur clients are easily able to modify and evolve their implementations.The initial setup is really straightforward. It's one of the easiest installations.It helps us uncover bottlenecks in the network.it can explain to management about what kind of traffic is visiting the network. It can also explain other traffic coming in and out, along with protecting against malware.The most valuable feature of Splunk is the log monitoring.It can log more logs than other solutions. It's a good way to troubleshoot problems.We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.

Read more »

Cons
The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly.The initial setup is very complex and should be simplified.Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance.They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together.I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.The initial setup was complex because it takes a lot of time to complete the implementation.The implementation needs assistance.

Read more »

It needs a better way to export dynamic views without requiring a ton of code and user/pw.It needs integration with a configuration management solution.It needs integration with a configuration management solution.They should make data onboarding easier.The product was difficult to back up the first time.Splunk needs local technical support.If possible, we would like to have not only a log monitoring system but a network monitoring feature in this solution as well.Cybersecurity and infrastructure monitoring have room for improvement.

Read more »

Pricing and Cost Advice
Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment.This is a pricey solution; it's not cheap.The licenses are good but the cost is very expensive.It is cheap.

Read more »

Splunk is really expensive.Splunk should be able to integrate with other product using the free version.The pricing and licensing of the product are quite high.Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.It's a little bit expensive for a small to medium enterprise.I think the price could be improved.I am not personally involved with the pricing of the solution.Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products.

Read more »

report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
397,983 professionals have used our research since 2012.
Ranking
Views
6,772
Comparisons
4,461
Reviews
9
Average Words per Review
474
Avg. Rating
6.8
Views
99,914
Comparisons
81,088
Reviews
55
Average Words per Review
322
Avg. Rating
8.8
Top Comparisons
Compared 9% of the time.
Compared 9% of the time.
Compared 8% of the time.
Also Known As
RSA Security Analytics
Learn
RSA
Splunk
Overview

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.

Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.

Offer
Learn more about RSA NetWitness Logs and Packets (RSA SIEM)
Learn more about Splunk
Sample Customers
Los Angeles World Airports, ReplySplunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Top Industries
VISITORS READING REVIEWS
Software R&D Company30%
Comms Service Provider17%
Financial Services Firm10%
Government6%
REVIEWERS
Financial Services Firm19%
Energy/Utilities Company17%
Retailer11%
Insurance Company7%
VISITORS READING REVIEWS
Software R&D Company30%
Comms Service Provider13%
Financial Services Firm9%
Media Company6%
Company Size
REVIEWERS
Small Business18%
Midsize Enterprise18%
Large Enterprise64%
REVIEWERS
Small Business26%
Midsize Enterprise15%
Large Enterprise59%
VISITORS READING REVIEWS
Small Business12%
Midsize Enterprise21%
Large Enterprise67%
Find out what your peers are saying about RSA NetWitness Logs and Packets (RSA SIEM) vs. Splunk and other solutions. Updated: January 2020.
397,983 professionals have used our research since 2012.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.