RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:Reset all filters
industry
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
rating
Filter Unavailable
Real User
Direct Sales Director at a tech services company with 501-1,000 employees
May 11 2017

What is most valuable?

Full packet capture: A must in an SOC Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network Built-in Incident Management module for small security/SOC teams Advanced correlation... more»

How has it helped my organization?

We can monitor all traffic to/from our company. It is possible to track end user behaviour. With RSA NetWitness Endpoint, we are able to monitor not only the network, but also what’s happening on endpoints, i.e., behaviour analytics for... more»

What needs improvement?

Integration with external tools should be built-in, such as an external sandbox for files. We can import data using external feeds, using STIX or CVS files. The REST API is poor The system architecture is complex and sometimes it’s hard to... more»
Real User
Founder & CEO at a tech services company with 11-50 employees
May 24 2017

What is most valuable?

RSA NetWitness is a SIEM and real-time network traffic solution. It collects logs/packets and applies a set of alerting, reporting and analysis rules on them. Thus, it provides the enterprise with a full visibility of the networks and... more»

How has it helped my organization?

As mentioned elsewhere, this product provides full visibility for the activities in the networks and systems. For example, it provides detection of the attacks in early stages (brute-force attacks), by which the attackers try to gain access... more»

What needs improvement?

* Out-of-the-box alerts and investigation rules * Health monitoring of the event sources and devices * Threat intelligence for data accuracy
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM).
287,566 professionals have used our research since 2012.
Consultant
ACD - Level 3 Analyst at a tech services company with 10,001+ employees
Aug 28 2017

What is most valuable?

* Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs. * Broker service: Aggregate multiple concentrator devices deployed in various sites which accelerates analyst’s duties. * Archiver – Does log... more»

How has it helped my organization?

Reliable in terms of no data loss. Plays a huge role in device health checks (Event Source Monitor). Provides FSEs relevant information prior to end user problem solutions (if data sources are integrated and parsed properly).

What needs improvement?

Advance monitoring and alerting feature is not stable (Event Stream Analysis). Does not allow certain use cases running parallel. The reporting module: If only their dashboards resembled anything you would see on any BI reporting tools.

Articles

User Assessments By Topic About RSA NetWitness Logs and Packets (RSA SIEM)

Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM).
287,566 professionals have used our research since 2012.

RSA NetWitness Logs and Packets (RSA SIEM) Questions

RSA NetWitness Logs and Packets (RSA SIEM) Projects By Members

RSA NetWitness Logs and Packets (RSA SIEM) Consultants

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

BUYER'S GUIDE
Not sure which Security Information and Event Management (SIEM) solution is right for you?

Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about RSA, Splunk, IBM, and more!

Sign Up with Email