No more typing reviews! Try our Samantha, our new voice AI agent.

CrowdStrike Observability vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CrowdStrike Observability
Ranking in Log Management
22nd
Average Rating
8.0
Reviews Sentiment
4.9
Number of Reviews
8
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Log Management
38th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Security Information and Event Management (SIEM) (36th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of CrowdStrike Observability is 0.9%, up from 0.5% compared to the previous year. The mindshare of NetWitness Platform is 1.1%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
CrowdStrike Observability0.9%
NetWitness Platform1.1%
Other98.0%
Log Management
 

Featured Reviews

HectorRios - PeerSpot reviewer
IT COMMUNICATIONS AND NETWORKS at Américas BPS
Has provided reliable alerts and helped identify infrastructure issues through detailed reporting
The best features of CrowdStrike Observability include the way they show issues to the client or agent, and their data collection method is interesting because they use an agent-less approach in some cases, collecting data from infrastructure such as firewalls. Additionally, they have the agent, but the presentation in the management console is excellent as we have observability end-to-end with the servers and all the services configured in the use cases. The intelligent alerting feature is excellent and configured on our console, being highly effective as it detects real alerts and just warnings or real issues. Identifying performance bottlenecks is important because they collect numerous MD5 or hash keys including movements or playbooks. The way they organize that in the console is excellent, allowing you to have reports detecting issues, which not only includes detection but also provides solutions to those issues.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"CrowdStrike Observability is a signature-less solution where you don't need to update your endpoints or the CrowdStrike Observability agents regularly, and it is completely based on AI and ML search engines."
"The price is worth it."
"The intelligent alerting feature is excellent and configured on our console, being highly effective as it detects real alerts and just warnings or real issues."
"In the logs and the trajectory, it shows detailed information about where the source of infection comes from, how it travels, and how to reach there."
"The intelligence database provided by CrowdStrike is very impressive."
"The dashboard and user interface of CrowdStrike Observability are quite good, and the support is responsive."
"The best features of CrowdStrike Observability include the way they show issues to the client or agent, and their data collection method is interesting because they use an agent-less approach in some cases, collecting data from infrastructure such as firewalls."
"I find the most effective feature of CrowdStrike Observability to be its cloud vision and attack surface vision, which enhance network traffic analysis."
"The detection of ransomware in the internal network has benefited my organization."
"The newer 11.5 version that my team is using has found it to have good mapping."
"Offers a good wireless feature."
"The most valuable feature is the security that it provides."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"NetWitness can be highly beneficial for incident detection and response."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
 

Cons

"Technical support received a rating of 4 out of 10."
"The pricing is very high and small companies cannot afford it. They should reduce the price because the backend infrastructure is the same."
"Integration with Huawei should be more straightforward."
"For reporting or log management, having a longer duration for backup without needing to purchase a paid subscription would be beneficial. Currently, there is a default ninety-day backup period."
"The customer service is not satisfactory for me. The support is only available in English, and my users in LATAM regions such as Peru and Colombia require local language support, which is not currently provided."
"From the different deployments I have worked with, the shortcomings of CrowdStrike Observability are often because of what clients are able to share with CrowdStrike."
"We had some difficulties at the beginning, but at this moment they are improving, so probably in some months I will give them a ten."
"The areas of CrowdStrike Observability that have room for improvement include the approach towards customer issues, where resolution takes time."
"RSA NetWitness Logs and Packets is far behind the competition."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"I am not happy with the RSA support. Sometimes they can be really annoying because it takes so long to get the support that you need."
"It is not so easy to customize this product."
"Security needs improvement."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
 

Pricing and Cost Advice

Information not available
"It is cheap."
"Our license is for one year."
"This is a pricey solution; it's not cheap."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The product is expensive."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Construction Company
11%
Manufacturing Company
7%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Midsize Enterprise3
Large Enterprise3
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What needs improvement with CrowdStrike Observability?
The product at this moment is really good; CrowdStrike Observability is still working to improve it and they are including new features. At this time, I cannot provide an opinion about what else to...
What is your primary use case for CrowdStrike Observability?
We are currently finishing the configuration of the solution, making the playbooks and configurations with the use cases. From CrowdStrike Observability, we use all the solution including XDR and a...
What advice do you have for others considering CrowdStrike Observability?
We did not use Falcon Sandbox or Falcon Exposure Management. We are using a local partner and they have a marketplace, but we are working with a local partner from Google. We are just customers, no...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Find out what your peers are saying about CrowdStrike Observability vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.