We performed a comparison between Elastic Security and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It has basic out-of-the-box integrations with multiple log sources."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It is scalable."
"We've found the initial setup to be quite straightforward."
"The most valuable feature is the machine learning capability."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The scalability is good. It can be scaled easily in the production environment."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The product has huge integration varieties available."
"Offers a good wireless feature."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Incident management is its most valuable feature."
"The most valuable feature is the hunting ability to work in a CERT."
"Performance and reporting are very good."
"The solution is really scalable for the high-end power, enterprise customer."
"Sentinel's reporting is complex and can be more user-friendly."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"I think the number one area of improvement for Sentinel would be the cost."
"We'd like also a better ticketing system, which is older."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"I would like more ways to manage permissions and restrict access to certain users."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"Their visuals and graphs need to be better."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The solution should have more integration capabilities with different platforms."
"The initial setup is complex. There are other solutions that are easier to implement."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"We have encountered issues with unresolved crashes."
"The user interface is a little bit difficult for new users and it needs to be improved."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Health monitoring of the event sources and devices."
Elastic Security is ranked 5th in Log Management with 28 reviews while NetWitness Platform is ranked 30th in Log Management with 11 reviews. Elastic Security is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Elastic Security writes "Offers great capabilities to detect and respond to threats". On the other hand, the top reviewer of NetWitness Platform writes "A solid SIEM solution that should improve technical support and online resources to be easier to use". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and CrowdStrike Falcon, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Rapid7 InsightIDR. See our Elastic Security vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.