commentBlock = $("#comment_post_43729").find('.comment-blocks'); commentBlock.find('.loading').hide(); commentBlock.find('.see-all-comments').hide(); commentBlock.html("
<\/a>
\"it_user698622<\/a>
it_user698622<\/a>Advisory Consultant at SCIS SECURITY<\/span><\/div>
<\/span>MSP<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

I agree, with Alireza\'s comment. It\'s always best practice regardless of the SIEM. Traditionally, we\'ve used the Netwitness platform mainly for full packet capture and basic alerting. To make better use as a full SIEM, it\'s important for others to note that customers need to buy additional modules and hardware including ESA. The additional content out of the box requires subscriptions to their RSA live and threat intel feeds as well in many cases. It\'s not the usage that is too difficult; it\'s the administration that makes it a bear. I advise, like many other solutions to get vendor formal training if you intend to self-administrate or create your own content<\/p><\/div>