No more typing reviews! Try our Samantha, our new voice AI agent.

Anvilogic vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Anvilogic
Ranking in Security Information and Event Management (SIEM)
11th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
13
Ranking in other categories
AI-SOC (2nd)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
36th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Anvilogic is 0.6%, up from 0.3% compared to the previous year. The mindshare of NetWitness Platform is 1.0%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Anvilogic0.6%
NetWitness Platform1.0%
Other98.4%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2800338 - PeerSpot reviewer
Senior Manager, Threat Prevention Engineering at a tech vendor with 5,001-10,000 employees
Modern threat detection has improved coverage and reduced costs but still needs better UX and flexibility
There is room for growth in the product platform; our detection engineers using Anvilogic every day encounter some frustrating UX experience issues where buttons are not logically placed, and workflows are not working as expected. There is also room for growth in integrating the platform with third parties, as we have encountered limitations in what can be executed via API and what is documented. We are a heavy automation integration team, so having this well documented is important for us. The enterprise capabilities within the platform also seem somewhat limited, as we run into limitations in managing detections at scale and making changes to those detections at scale. Especially at an enterprise level, if we need to add enrichment logic to every single detection deployed, it can be quite onerous; we had to develop custom scripts to manage that. Thus, enhancing enterprise-type features for managing the platform at scale rather than clicking through the GUI is important as we continue to grow. Additionally, the AI capabilities have been somewhat unstable and unintuitive to use, which is key for increasing adoption. One other thing is that the detection logic builder today is somewhat limited in flexibility regarding implementing detections, grouping detections together, and handling alerts when they fire. This might be partly due to our need to adjust to a different platform, but flexibility is key for any enterprise platform to meet our unique business requirements. Having the capability to build custom detection logic not tied to a specific structure would be helpful; although a lot can be done, it often requires working with our account team which is time-consuming and less intuitive.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"By using this detection engineering platform, we can manage the entire detection engineering lifecycle, making it simple to show executives our progress, where we started, where we currently are, and what remains to be done."
"Anvilogic has positively impacted my organization by helping with both known and unknown threats already present in the current threat landscape, detecting SIEM tools such as Splunk, Microsoft Sentinel, Snowflake, and Databricks, optimizing those tools, and strengthening my organization in the cybersecurity realm."
"They teach you and give you insights every morning or every week, saying, 'Hey, this is not working, so what do you want. You're getting one or two of these alerts per day. Do you want to squash them from error to warning?' They're always giving you tips on how to improve the efficiency of the system itself."
"The deployment was very simple."
"Anvilogic allows me to extract a plethora of information, including mapping TTPs assigned for detection logic, which effectively helps in setting quarterly coverage agendas, thus illustrating its vital role in detection strategy and management presentations."
"Among those features, the one that has made the biggest difference for our team is the AI capability; we have seen a significant shift in our SOC operations."
"Anvilogic has impacted my organization positively because it is native for cloud-type infrastructures and they have a significant proactive approach to cost licensing."
"Anvilogic plus Snowflake has vastly improved our total cost of ownership for the SIM platform; we went from a pretty expensive platform in Splunk that was not vertically scalable due to budget limitations to a platform now that is far more efficient per terabyte of data ingested and processed per day."
"Their customer service is excellent, one of the best."
"The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that, where you can see the payload and deconstruct the packets."
"The development of use cases on the SSA console is quite user friendly, which means that the security analyst or the researcher does not have to learn another language."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"NetWitness can be highly beneficial for incident detection and response."
"Offers a good wireless feature."
"The most valuable features are the threat prediction and network forensics."
"Their technical support responds quickly and are knowledgable."
 

Cons

"There is a need for the maturity of the product; our detection engineers using Anvilogic every day encounter some frustrating UX experience issues where buttons are not logically placed, and workflows are not working as expected."
"That's challenging because we're not in production and there's not necessarily a deep bench of companies with previous experience."
"The hunting insight needs integrable capability with different platforms to gather all of that insight and show it on a single canvas on Anvilogic. That is the only feature that could improve the way we do operations."
"Anvilogic can be improved by adding the ability to do on-ingest detections. This is something that we have been having a conversation on for a short time now, but I am hopeful that they will have that in their future roadmap."
"Anvilogic could be better in areas of the triage dashboard as they're beholden to Splunk's functionality."
"However, after a year, I noticed limitations, especially concerning issue resolution timeframes."
"Currently, there is a limitation of 100 inputs in Anvilogic integrations, which is less than our needs, making it a challenge to fit all our inputs."
"I chose a nine because, while Anvilogic is excellent, there is room for improvement in terms of the false-positive reports that have been presented and the AI pattern that can be improved."
"The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk; they are much easier to set up."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"I am not happy with the RSA support. Sometimes they can be really annoying because it takes so long to get the support that you need."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"Advance monitoring and alerting feature is not stable (Event Stream Analysis)."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"I cannot say that the solution was stable because it tended to crash."
"Technical support could be improved."
 

Pricing and Cost Advice

"We were an early adopter, so the pricing was definitely good. Because they do not completely replace a SIEM, their pricing is slowly edging towards being a little too much for a smaller organization like ours. It is almost on the border."
"Anvilogic's pricing has been highly competitive."
"This is a pricey solution; it's not cheap."
"The product price was reasonable for my region and the market."
"The product is expensive."
"It is cheap."
"We are on an annual license for the use of the solution."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Healthcare Company
8%
Manufacturing Company
8%
Computer Software Company
8%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business2
Large Enterprise12
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is your experience regarding pricing and costs for Anvilogic?
I am from the technical department, so I do not have details about pricing, setup cost, or licensing, as that was handled by my management team.
What needs improvement with Anvilogic?
I chose a nine because, while Anvilogic is excellent, there is room for improvement in terms of the false-positive reports that have been presented and the AI pattern that can be improved.
What is your primary use case for Anvilogic?
Anvilogic serves as my cybersecurity company's platform that provides detection, SIEM support, and SOC investigation, along with the implemented MITRE ATT&CK framework. A specific example of ho...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Find out what your peers are saying about Anvilogic vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.