RSA NetWitness Logs and Packets (RSA SIEM) Overview

RSA NetWitness Logs and Packets (RSA SIEM) is the #3 ranked solution in our list of top Advanced Threat Protection (ATP) tools. It is most often compared to Splunk: RSA NetWitness Logs and Packets (RSA SIEM) vs Splunk

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

RSA NetWitness Logs and Packets (RSA SIEM) is also known as RSA Security Analytics.

RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide

Download the RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide including reviews and more. Updated: July 2021

RSA NetWitness Logs and Packets (RSA SIEM) Customers

Los Angeles World Airports, Reply

RSA NetWitness Logs and Packets (RSA SIEM) Video

Pricing Advice

What users are saying about RSA NetWitness Logs and Packets (RSA SIEM) pricing:
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
RamneshDubey
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Real User
Top 20
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time

What is our primary use case?

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance. We have RSA NetWitness implemented in virtual appliances.

Pros and Cons

  • "The most valuable features are the packet decoder, log decoder, and concentrator."
  • "Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware…
Hubert Luberek
Information Technology Security Architect at a financial services firm with 5,001-10,000 employees
Real User
Top 10
Provides accurate information, quick analysis from the endpoint perspective, and quick identification of any potential malware

What is our primary use case?

We use the on-premise deployment model of this solution. Our primary use case of this solution is for malware detection and for reconstruction during the incident and forensic analysis.

Pros and Cons

  • "It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
  • "They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

What other advice do I have?

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,817 professionals have used our research since 2012.
VG
IT Security Head with 1,001-5,000 employees
Real User
Top 20
Has a simple dashboard and you can develop connectors for any application, but it is difficult to set up

What is our primary use case?

The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

Pros and Cons

  • "The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
  • "The initial setup is very complex and should be simplified."

What other advice do I have?

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.
MA
IT and Cybersecurity Professional at a financial services firm
Real User
Easy to deploy with powerful threat prediction and network forensics capabilities

What is our primary use case?

Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.

Pros and Cons

  • "The most valuable features are the threat prediction and network forensics."
  • "Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

What other advice do I have?

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.
IO
Solution Specialist- Data Protection at a tech services company with 11-50 employees
Reseller
Top 20
Provides a comprehensive trace investigation with the packet capture feature

What is our primary use case?

The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.

Pros and Cons

  • "The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
  • "There are instances where you try to run the reports and then it does not give you the desired outcome."

What other advice do I have?

It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others.
MA
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
Good performance, reporting, and log archiving capability

What is our primary use case?

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years. We are also using it to facilitate monitoring and research.

Pros and Cons

  • "Performance and reporting are very good."
  • "The user interface is a little bit difficult for new users and it needs to be improved."

What other advice do I have?

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.
AdrianMache
RSA Specialist at a computer software company with 1,001-5,000 employees
Real User
Top 20
A user-friendly solution that integrates well with our system

What is our primary use case?

Our customers are enterprise-level businesses.

Pros and Cons

  • "The most valuable features are the integration and ease of use."
  • "The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

What other advice do I have?

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our…
Rahul Patel
Cyber security Lead at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Great wireless feature, provides many automatic rules that are very helpful

What is our primary use case?

The RSA Netwitness packet plays a major role in identifying cyber attacks from different sources. We integrated in a very large environment, deploying it in a container corporation in India. The company has around 86 locations across the country. Another use case of RSA is for running full scans and the third use case is for blocking malware and viruses. Nowadays, people hide behind encaptured networks and use proxies to look through the door. Then they'll try to come in.

Pros and Cons

  • "Offers a good wireless feature."
  • "Technical support could be improved."

What other advice do I have?

I would recommend this solution. I rate this solution a nine out of 10.
See 3 more RSA NetWitness Logs and Packets (RSA SIEM) Reviews
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.