2018-12-25T09:42:00Z

What needs improvement with RSA NetWitness Logs and Packets (RSA SIEM)?


Please share with the community what you think needs improvement with RSA NetWitness Logs and Packets (RSA SIEM).

What are its weaknesses? What would you like to see changed in a future version?

Guest
99 Answers

author avatar
Top 10Real User

The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions.

2020-03-19T13:00:53Z
author avatar
Top 5LeaderboardReal User

The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall.

2020-01-19T06:38:00Z
author avatar
Top 5Real User

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches.

2020-01-12T07:22:00Z
author avatar
Real User

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem.

2020-01-09T06:15:00Z
author avatar
Top 5Real User

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.

2019-08-25T05:17:00Z
author avatar
Real User

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers.

2019-05-22T07:18:00Z
author avatar
Real User

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

2019-03-11T07:21:00Z
author avatar
Top 5Real User

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop.

2019-02-11T08:11:00Z
author avatar
Top 5Real User

The implementation needs assistance.

2018-12-25T09:42:00Z
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
443,152 professionals have used our research since 2012.