We performed a comparison between NetWitness Platform and Snare based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The UI of Sentinel is very good and easy to use, even for beginners."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It's pretty powerful and its performance is pretty good."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"It's quite economical compared to other solutions in the market."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Performance and reporting are very good."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
"Snare has good agents, especially for Windows."
"The most valuable feature of Snare is flexibility or the ability to filter all things you don't want and don't have security value."
"The best thing about Snare is its format and consistency."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"Its technical support could be better."
"More customizability is required, which is something that they need to improve on."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Health monitoring of the event sources and devices."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"It is not so easy to customize this product."
"Snare should modernize its GUI a little bit."
"The solution is now developing a SIEM-like feature on Snare Central Server, but it's not complete yet."
"Users will initially find it difficult to identify the event types and installation in Snare."
NetWitness Platform is ranked 30th in Log Management with 35 reviews while Snare is ranked 41st in Log Management with 3 reviews. NetWitness Platform is rated 7.4, while Snare is rated 8.0. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Snare writes "A highly scalable solution that is easy to manage and super easy to set up". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response, whereas Snare is most compared with syslog-ng, Splunk Enterprise Security, SolarWinds Kiwi Syslog Server, LogRhythm SIEM and Elastic Security. See our NetWitness Platform vs. Snare report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.