We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"NetWitness can be highly beneficial for incident detection and response."
"The most valuable feature is the security that it provides."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Offers a good wireless feature."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The solution has plenty of features that are good."
"Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize."
"We primarily use it to correlate logs throughout the enterprise for both searching and use in investigations."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"The product is adept at log mining."
"I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs."
"We have encountered issues with unresolved crashes."
"The initial setup is complex. There are other solutions that are easier to implement."
"The solution should have more integration capabilities with different platforms."
"Its technical support could be better."
"More customizability is required, which is something that they need to improve on."
"The log system is a bit complex and has room for improvement."
"Health monitoring of the event sources and devices."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The UI could be better. This is applicable to Splunk in general. I know that a lot of people who get their hands on Splunk are hesitant to use it just because they find it overwhelming. There are a lot of options."
"From the commercial point of view, they have to bring down their costs."
"The only improvement I am expecting is the cost of the licensing. Clients are going to other solutions just because of the cost."
"Our two main complaints are about the difficulty of the initial setup and the licensing model."
"Could be more user friendly."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 244 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Microsoft Sentinel and Trellix Network Detection and Response, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.