NetWitness Platform Reviews

Name: NetWitness Platform
Brand: NetWitness
Rating: 3.7 (36 reviews)

Vendor: NetWitness

3.7 out of 5

36 reviews
75% willing to recommend

Leave a review

What is NetWitness Platform?

NetWitness Platform provides seamless threat intelligence integration and robust log/packet ingestion. It enhances network visibility and incident management through automated threat detection, ideal for enterprises seeking scalability and security intelligence.

Get the NetWitness Platform Buyer's Guide and find out what your peers are saying about NetWitness Platform, Wazuh, Datadog and more!

NetWitness Platform is the #38 ranked solution in Log Management Software and #39 ranked solution in top Security Information and Event Management (SIEM) solutions. PeerSpot users give NetWitness Platform an average rating of 7.4 out of 10. NetWitness Platform is most commonly compared to Wazuh: NetWitness Platform vs Wazuh. NetWitness Platform is popular among the small business segment, accounting for 43% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 11% of all views.

Helped 892,487 peers since 2012

Featured NetWitness Platform reviews

reviewer2256927

Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees

A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Read full review

reviewer1130436

Information Technology Security and Infrastructure Expert at a government with 201-500 employees

My company has had many benefits from the use of the product in the last eight years. The tool has streamlined our company's incident response process since it serves as a log repository, which allows us to correlate events and access different technology stacks. In our company, we were able to actually find some potential attacks, so it has been very helpful. The tool's integration capability isn't so great. In my company, we managed to integrate it with our Microsoft Azure Subscription, after which we managed to integrate it with other tools. You will face a lot of difficulties if you want to integrate it with your database monitoring tool, PAM solutions, or IAM products. The product has done well overall for my company's teams to deal with their workflow efficiency. I would not recommend the product to others. I rate the tool a seven out of ten.

Read full review

Suri Shahar

Security Analyst at HeiTech Padu Berhad

For small to medium-sized organizations, NetWitness Platform will be a suitable option. Most enterprises or larger organizations will likely choose a different platform because NetWitness Platform is no longer listed in Gartner. Additionally, the pricing is too high and is not competitive with Splunk and other products. It is relevant, but they need to set up or hire someone to help them compete with similar products like Slack, QRadar, or Palo Alto. Overall, I rate it a seven out of ten.

Read full review

NetWitness Platform mindshare

Product category:

As of May 2026, the mindshare of NetWitness Platform in the Log Management category stands at 1.0%, up from 0.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management Mindshare Distribution
Product	Mindshare (%)
NetWitness Platform	1.0%
Splunk Enterprise Security	6.8%
Wazuh	5.4%
Other	86.8%

Log Management

PeerResearch reports based on NetWitness Platform reviews

Type	Title	Date
Category	Log Management	May 2, 2026	Download
Product	Reviews, tips, and advice from real users	May 2, 2026	Download
Comparison	NetWitness Platform vs Splunk Enterprise Security	May 2, 2026	Download
Comparison	NetWitness Platform vs Wazuh	May 2, 2026	Download
Comparison	NetWitness Platform vs Cribl	May 2, 2026	Download

Valuable Features

NetWitness Platform offers features like real-time correlation, log ingestion, and full packet capture, enabling detailed network traffic analysis. Users appreciate its incident management, automated threat detection, and user-friendly interface. Its advanced capabilities allow creation of custom rules, integration with other tools, and detailed reporting. The platform's security intelligence and threat prediction enhance network forensics. Flexible deployment and efficient analytics are valued, as well as the ability to monitor network devices and data efficiently.

"Setting up NetWitness is straightforward; there are multiple connectors, including standard and specialized connectors, with enhanced capability to integrate custom applications, and from there you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Over time, NetWitness Logs and Packets has matured from a boxed solution with multiple parts to the current, more streamlined version for which we only need the software license to put it up on our own cloud and deliver it to multiple clients."
"It gives customers visibility about their most important servers and devices."

Room for Improvement

NetWitness Platform would benefit from improved integration with third-party tools, streamlined user interface, and better support for external tools like sandboxes. Enhanced threat detection and centralized management are desired. The setup is complex and the API needs refinement. Users experience challenges with log aggregation and reporting. Improved documentation and ease of use are needed. Additionally, features like machine learning, artificial intelligence, and automated incident responses are recommended. Better customization and reliable support are also sought.

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"An area for improvement would be better automation and more inbuilt use cases."
"One thing to be improved in NetWitness is the capability to correlate event logs in a general sense."

ROI

NetWitness Platform has proven to be financially beneficial for users. Many have reported positive returns on investment, indicating that the platform has helped them achieve their desired outcomes.

Pricing

NetWitness Platform pricing varies widely based on deployment and usage, often rated as expensive but competitive for enterprise buyers. License structures include perpetual and annual models, factoring in EPS and data volume. Many find virtual machines cost-effective over hardware. Some recommend the full solution for better value. Designated support incurs additional costs. Recent pricing plans are seen as fair, appealing to diverse organizational sizes. Virtual machine adoption has reduced appliance-related expenses.

"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The product price was reasonable for my region and the market."
"The product is expensive."

Popular Use Cases

NetWitness Platform is primarily used for network monitoring, threat detection, and security management. Enterprises employ it for log analysis, anomaly identification, and compliance. It supports monitoring across networks, endpoints, and databases. Organization use cases span malware detection, threat prediction, and SOC integrations. They leverage its capabilities for real-time alerts, forensic analysis, and incident management. Its deployment aids in security operations by providing insights from varied data sources, crucial for governance and incident responses.

Service and Support

Customer service for Enterprise Customers is highly rated, while technical support receives mixed feedback, ranging from fast responses but slow escalation to lacking expertise. Some rate it 8/10 for proficiency, while others find them frustrating due to delayed replies. Technical support is considered good, responsive, and professional, though there are challenges with responsibility and international support limitations. Ratings vary, with some users satisfied despite high costs, whereas others find improvement needed in expertise and response times.

Deployment

Initial setup experiences with NetWitness Platform are mixed. Some find it straightforward and quick to deploy, especially with expertise. Others report complexity, requiring professional support to manage integrations and configurations. Duration varies, ranging from two days to several months, influenced by organizational size and complexity. Ongoing maintenance can be demanding, needing skilled personnel and effective resource allocation. Opinions range from easy to intricate, depending on familiarity, environment, and the level of customizations needed.

Scalability

Users generally find NetWitness Platform to be highly scalable, accommodating small to large organizations. It efficiently handles increased capacity and user load. Network deployment is crucial, as metadata flows are significant. While licensing may influence limits, users can expand resources via cloud solutions. Enterprises appreciate its scalability, although specific implementations and hardware considerations might affect performance. Some users rate it below average for scalability due to on-premise hardware demands.

Stability

Users generally find NetWitness Platform stable with reliable performance when systems are properly configured with adequate CPU, RAM, and HDD. However, some note instability during updates and upgrades, particularly with versions prior to 11.3. Earlier versions had stability issues, but recent updates improved performance. A well-sized setup helps, though some users experienced crashes despite technical support. Stability ratings vary, often around seven to nine out of ten.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NetWitness Platform Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	6
Large Enterprise	18

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	100
Midsize Enterprise	37
Large Enterprise	93

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

11%

Construction Company

Performing Arts

Comms Service Provider

Outsourcing Company

Manufacturing Company

Marketing Services Firm

Computer Software Company

Healthcare Company

Insurance Company

University

Retailer

Wholesaler/Distributor

Energy/Utilities Company

Legal Firm

Media Company

Real Estate/Law Firm

Educational Organization

Government

Non Profit

Pharma/Biotech Company

Hospitality Company

Religious Institution

Museum Or Institution

Aerospace/Defense Firm

Transportation Company

Compare NetWitness Platform with alternative products

Learn more about NetWitness Platform

NetWitness Platform offers a comprehensive suite of tools designed to tackle security challenges within Security Operations Centers. It integrates data from endpoints, networks, and other sources, ensuring in-depth security analysis. By supporting features like XDR and UEBA, it grants a unified view of security events. Its capabilities extend to threat hunting, malware analysis, and network forensics, assisting organizations in managing incidents, ensuring compliance with regulations like GDPR, and detecting cyber threats. Users appreciate its ease of deployment, flexibility, and threat prediction capabilities, although improvements in integration, documentation, and AI are desired.

What are the key features of NetWitness Platform?

User-friendly Interface: Simplifies security monitoring and management.
Threat Intelligence Integration: Provides seamless access to threat data.
Log/Packet Ingestion and Alerting: Enhances detection and response.
Network Visibility: Improves threat detection across networks.
Incident Management: Streamlines response to security incidents.
Automated Threat Detection: Facilitates quick identification of threats.
Custom Connectors: Allows for tailored integrations.
Advanced Dashboarding and Reporting: Offers detailed insights.
Packet/Incident Correlation: Enhances understanding of threats.

What benefits can users expect when evaluating NetWitness Platform?

Threat Prediction: Anticipates potential vulnerabilities.
Ease of Use: Streamlines user experience.
Deployment Flexibility: Adapts to organizational structure.
Scalability: Supports growing security infrastructure needs.
Security Intelligence: Enhances awareness and response capabilities.

In finance and health sectors, NetWitness Platform aids significantly by providing comprehensive threat analysis, ensuring compliance, and facilitating rapid incident management. Enterprises in these industries benefit by maintaining robust security postures and meeting regulatory demands.

NetWitness Platform was previously known as RSA Security Analytics.

NetWitness Platform customers

Los Angeles World Airports, Reply

Product Categories

Log Management

Security Information and Event Management (SIEM)

Popular Comparisons

Wazuh vs NetWitness Platform

Datadog vs NetWitness Platform

Splunk Enterprise Security vs NetWitness Platform

Dynatrace vs NetWitness Platform

IBM Security QRadar vs NetWitness Platform

Microsoft Sentinel vs NetWitness Platform

Cribl vs NetWitness Platform

Elastic Security vs NetWitness Platform

LogRhythm SIEM vs NetWitness Platform

Rapid7 InsightIDR vs NetWitness Platform

Security Onion vs NetWitness Platform

Fortinet FortiSIEM vs NetWitness Platform

Amazon OpenSearch Service vs NetWitness Platform

Gigamon Deep Observability Pipeline vs NetWitness Platform

Exabeam vs NetWitness Platform

See all alternatives

NetWitness Platform Reviews Summary
Author info	Rating	Review Summary
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees	3.5	I use the NetWitness Platform as a key SIEM solution for my company, particularly because it excels in rule creation. However, its lack of local support and AI features hinders ease of implementation and operational flexibility in Israel.
Information Technology Security and Infrastructure Expert at a government with 201-500 employees	3.5	I primarily use NetWitness Platform for packet and log analytics, but I find it lacks valuable features and has stagnated over the past years. It needs improved log correlation, better cloud integration, and enhanced usability. I'm considering alternatives like Splunk and Sentinel.
Security Analyst at HeiTech Padu Berhad	3.5	I find NetWitness Platform's user-friendly interface and threat intelligence integration valuable, but making changes to playbooks is tedious. Enhancing AI, machine learning capabilities, and adding a monitoring feature would improve threat analysis and response efficiency.
CISO at One Bank Limited	3.0	I use the NetWitness Platform for incident management and find it valuable for enhancing incident workflows. However, the user interface needs improvement to enhance usability. Currently, no other solutions or cloud providers have been considered or previously used.
Senior Assistant Vice President at a financial services firm with 1,001-5,000 employees	2.5	I find RSA NetWitness easy to implement, consolidating security logs for correlation. However, it struggles with Windows integration error logging, lacks asset tagging and SOAR, and needs better workflow automation for compliance, which impacts my rating.
Manager at a comms service provider with 10,001+ employees	4.0	I value RSA NetWitness for its alerts and correlation tools in monitoring. However, its threat detection speed, scalability, and occasional stability issues require improvement, making it feel somewhat outdated compared to newer solutions.
Presales Manager at a tech services company with 51-200 employees	4.0	I rate this on-premise solution 8/10 for its strong incident response capabilities, log/packet correlation, and data visibility. I desire an integrated dynamic malware analysis sandbox, as its current correlation engine is less robust.
Solution Architect at NASK	5.0	I find the NetWitness Platform valuable for its unified approach to security monitoring, especially in large company SOCs, offering simultaneous data collection and analysis. However, its licensing is complex, and careful evaluation is needed to compare it with alternatives.

Title	Rating	Mindshare	Recommending
Wazuh	3.7	5.4%	81%	50 interviews Add to research
Datadog	4.3	4.0%	97%	208 interviews Add to research

NetWitness Platform Reviews

What is NetWitness Platform?

Featured NetWitness Platform reviews

NetWitness Platform mindshare

PeerResearch reports based on NetWitness Platform reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare NetWitness Platform with alternative products

Learn more about NetWitness Platform

NetWitness Platform customers

Related questions

Product Categories

Popular Comparisons