We performed a comparison between Coralogix and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI-based analytics are excellent."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The connectivity and analytics are great."
"It's pretty powerful and its performance is pretty good."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The initial setup is straightforward."
"The best feature of this solution allows us to correlate logs, metrics and traces."
"The solution offers very good convenience filtering."
"The solution is easy to use and to start with."
"A non-tech person can easily get used to it."
"Numerous data monitoring tools are available, but Coralogix somehow fine-tunes our policies and effectively supports our teams."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"Performance and reporting are very good."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable feature is the security that it provides."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The AI capabilities must be improved."
"One key area that can be improved is by building a strong integration with our XDR platform."
"It would be helpful if Coralogix could integrate the main modules that any organization requires into a single subscription."
"Maybe they could make it more user-friendly."
"We want it to work at what it is expected to work at and not really based on the updated configuration which one developer has decided to change."
"The documentation of the tool could be improved"
"The user interface could be more intuitive and explanatory."
"From my experience, Coralogix has horrible Terraform providers."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"An area for improvement would be better automation and more inbuilt use cases."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"Security needs improvement."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
Coralogix is ranked 23rd in Log Management with 7 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. Coralogix is rated 8.4, while NetWitness Platform is rated 7.4. The top reviewer of Coralogix writes "Good capabilities, has a helpful interface and is straightforward to set up". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Coralogix is most compared with Datadog, Grafana, Sentry, New Relic and Elastic Search, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Coralogix vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.