RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Anonymous User
Real User
Direct Sales Director at a tech services company with 501-1,000 employees
May 11 2017

What is most valuable?

Full packet capture: A must in an SOC Possibility to investigate incidents based on logs and raw packets, such as… more»

How has it helped my organization?

We can monitor all traffic to/from our company. It is possible to track end user behaviour. With RSA NetWitness Endpoint… more»

What needs improvement?

Integration with external tools should be built-in, such as an external sandbox for files. We can import data using… more»

What's my experience with pricing, setup cost, and licensing?

Prepare use cases, i.e., what to do and how. Collect information about EPS for logs and total bandwidth for packets. This… more»

If you previously used a different solution, which one did you use and why did you switch?

For full packet capture, we had Blue Coat Security Analytics. We switched because in NetWitness, we have everything needed… more»

What other advice do I have?

* Don’t rush. Prepare use cases for packets and logs as it is a very important part of deployment and future use. * Use… more»
muntaser bdair
Real User
Founder & CEO at a tech services company with 11-50 employees
May 24 2017

What is most valuable?

RSA NetWitness is a SIEM and real-time network traffic solution. It collects logs/packets and applies a set of alerting, reporting and analysis… more»

How has it helped my organization?

As mentioned elsewhere, this product provides full visibility for the activities in the networks and systems. For example, it provides detection of… more»

What needs improvement?

* Out-of-the-box alerts and investigation rules * Health monitoring of the event sources and devices * Threat intelligence for data accuracy

What's my experience with pricing, setup cost, and licensing?

The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs).

What other advice do I have?

The only thing I advise others is to spend enough time for fine-tuning and the initial rule development. You should also develop a plan for the… more»
Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: January 2019.
316,473 professionals have used our research since 2012.
Elias Lefate Tebele
Consultant
ACD - Level 3 Analyst at a tech services company with 10,001+ employees
Aug 28 2017

What is most valuable?

* Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs. * Broker service: Aggregate… more»

How has it helped my organization?

Reliable in terms of no data loss. Plays a huge role in device health checks (Event Source Monitor). Provides FSEs… more»

What needs improvement?

Advance monitoring and alerting feature is not stable (Event Stream Analysis). Does not allow certain use cases running… more»

What's my experience with pricing, setup cost, and licensing?

RSA licensing ranges per core devices and services. An additional Designated Support Engineer can be acquired at quite a… more»

If you previously used a different solution, which one did you use and why did you switch?

None in production other than RSA. However, I will be using IBM QRadar towards the end of this year.

What other advice do I have?

Either operating this solution in-house or reselling. First, outline all your data sources. Give more priority to the… more»
Maor Hojberg
Real User
Team Leader & Head of MSSP with 51-200 employees
Nov 07 2018

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

We use it as a network tool to alert any anomalies on the network.

What is most valuable?

It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The product continues to crash. Even with tech support help, it does not resolve itself.

How is customer service and technical support?

Yes, we have had extensive use of tech support and they have not been as helpful as we would have liked. We had the crashing issue, and we had special sessions with tech support. The UAE representative and the IR response team were both on our site, and they could not understand why the system…
Allan Vargas
Real User
IT security specialist at a comms service provider with 201-500 employees
Jan 20 2019

What do you think of RSA NetWitness Logs and Packets (RSA SIEM)?

What is our primary use case?

Our primary use case is for detecting or monitoring the process that we use in devices, servers, or databases.

How has it helped my organization?

The manner in which we can manage logs and information is very important for our organization. 

What is most valuable?

The most valuable feature is the correlation. It can report in real-time and monitor the management. 

What needs improvement?

The implementation needs assistance.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability of this solution is good. 

What do I think about the scalability of the solution?

This solution meets our scalability needs. 

How is customer service and technical support?

The technical…

Articles

User Assessments By Topic About RSA NetWitness Logs and Packets (RSA SIEM)

Find out what your peers are saying about RSA, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: January 2019.
316,473 professionals have used our research since 2012.

RSA NetWitness Logs and Packets (RSA SIEM) Questions

RSA NetWitness Logs and Packets (RSA SIEM) Projects By Members

What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

Also known as
RSA Security Analytics
RSA NetWitness Logs and Packets (RSA SIEM) customers

Los Angeles World Airports, Reply

BUYER'S GUIDE
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about RSA, Splunk, IBM, and more!

Sign Up with Email