We just raised a $30M Series A: Read our story
2019-08-25T05:17:00Z

What advice do you have for others considering RSA NetWitness Logs and Packets (RSA SIEM)?

1

If you were talking to someone whose organization is considering RSA NetWitness Logs and Packets (RSA SIEM), what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
1212 Answers

author avatar
Top 10Real User

I'm on the latest version of the solution. I tend to work on updated versions. We are systems integrators. We have a partnership with RSA. If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation. I'd rate the solution at an eight out of ten.

2021-09-01T13:51:40Z
author avatar
Top 20Reseller

It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others.

2021-06-02T19:36:43Z
author avatar
Top 5LeaderboardReal User

I would recommend this solution. I rate this solution a nine out of 10.

2021-05-19T19:23:40Z
author avatar
Top 10Real User

RSA is something that I can recommend. I would rate this solution a six out of ten.

2020-10-30T14:43:26Z
author avatar
Top 10Real User

This is a product that I recommend. I would rate this solution an eight out of ten.

2020-07-26T08:19:19Z
author avatar
Top 5Real User

They have just introduced an orchestration tool, although I don't know how it works yet. Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs. I would rate this solution an eight out of ten.

2020-07-16T06:21:05Z
author avatar
Top 10Real User

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it. Overall, I feel that the product is very good and my biggest complaint is about their support. I would rate this solution an eight out of ten.

2020-06-18T05:17:44Z
author avatar
Top 10Real User

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there. I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface. I would rate this solution an eight out of ten.

2020-03-19T13:00:53Z
author avatar
Top 5Real User

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all. Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product. I would rate this solution a six out of ten.

2020-01-19T06:38:00Z
author avatar
Top 5Real User

I have also worked with RSA SecurID and I can say that from the moment I touched it, it has been very easy for me to use. The company is very active on the market and it is improving continuously. EMC/RSA are trying to approach a build such that it can meet every user's needs, but you can't satisfy everyone. I recommend RSA NetWitness alongside other products, although I would suggest this first because of the user-friendly interface and easy-to-manipulate options. The only issue I have is with the documentation. Overall, this is a good solution with suitable features and it very well fits our needs. I would rate this solution a nine out of ten.

2020-01-12T07:22:00Z
author avatar
Top 5Real User

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary. It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA. This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients. I would rate this solution a seven out of ten.

2020-01-09T06:15:00Z
author avatar
Real User

If it's possible, ask for help from primary support to help you implement at the very beginning with the fundamental alert or detection rules. This is my best advice for a customer regardless of the size and scope of the implementation. Use the support to help you with the implementation process. I would rate it an eight out of ten.

2019-08-25T05:17:00Z
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,462 professionals have used our research since 2012.