We use the solution for incident management. We are working on making the incident workflow smarter. So, the solution helps us there.

Generally, we use the solution for network forensics. It allows us to do visual data detection and prevention. 

It's a log management solution where we have logs from different sources, like network devices, firewalls, load balancers, IT, application servers, and database servers. We also use it for compliance and governance. Our cyber security team uses it to monitor malicious activity across our IT infrastructure.

The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in. 

It is an SIEM solution used regularly as a part of the SOC to collect data from all the security environments in my company.

We have been using the RSA SIEM with the NetWitness Platform for a long time.

RSA NetWitness Logs and Packets are used exclusively for monitoring scenarios, insider threat analysis, and log retention.

We provide NetWitness along with Archer, and multiple sites. We are managing their security operations using this other station and Archer. A collector can work in two different ways. It can collect the logs, and it can aggregate the traffic tools from different net flow logs. When I saying "logs," I mean a log collector and when I say "packet," that means the packet or log connector. 

The primary use case for the NetWitness Platform is within large companies, particularly in their internal security operation centers (SOCs). They utilize the platform for block collections from the entire company, including subsidiaries, enabling comprehensive security monitoring and analysis. It supports functions such as collections and correlation. Additionally, some licenses may include XDR capabilities. NetWitness stood out for many customers as it was one of the first solutions to collect blocks from endpoints, networks, and logs simultaneously, providing a unified view of security events.

I use the solution in my company for packets mainly and log analytics.

This solution is deployed on-premise.

I'm primarily using the solution on my client's site. 

This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus. 

With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP. 

Our solution is utilized by customers to monitor security alerts by ingesting logs from all their assets. 

They create correlation rules to identify any potential breaches or hacking attempts and receive notifications through the dashboard.

Customers can use additional features to investigate the incident and take the necessary actions.

We have two customers using this solution and one of them is a banking business. We are collecting some of the security log sources. In the main use case, we are correlating rules and we are using the endpoint detection capabilities. We are utilizing RSA NetWitness Logs and Packets, to have more insights on an endpoint level.

Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.

Primarily, I use this solution to integrate with applications and systems like firewalls and routers. For example, if somebody is trying to log on from two different locations simultaneously, we can catch that.

We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

We use the on-premise deployment model of this solution. Our primary use case of this solution is for malware detection and for reconstruction during the incident and forensic analysis.

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance.

We have RSA NetWitness implemented in virtual appliances.

 Our customers are enterprise-level businesses.

We are using this solution for security.

The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

We are no longer using this solution, however, it was used mostly for network monitoring. 

The primary use case of this solution is for security.

We use the UEBA tool.

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.

We are also using it to facilitate monitoring and research.

The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.

We don't have a primary use case. There are many use cases that we have defined based on business needs.

Our primary use case is for the administration of the internal network.

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

We use it as a network tool to alert any anomalies on the network.