No more typing reviews! Try our Samantha, our new voice AI agent.

Falcon LogScale vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Falcon LogScale
Ranking in Log Management
13th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
12
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Log Management
38th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Security Information and Event Management (SIEM) (36th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of Falcon LogScale is 0.9%, up from 0.6% compared to the previous year. The mindshare of NetWitness Platform is 1.1%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Falcon LogScale0.9%
NetWitness Platform1.1%
Other98.0%
Log Management
 

Featured Reviews

Oluwajuwon Olorunlona - PeerSpot reviewer
Cyber Security Engineer at eprocessconsulting
Advanced threat hunting has improved visibility and has simplified custom query automation
CrowdStrike is ahead of the game. If I may say anything about Falcon LogScale to improve the services, I would talk about the way you develop parsers. The documentation should be more straightforward. It is not easy to quickly find the documentation, especially if you are using CrowdStrike. Most customers use Falcon LogScale because of CrowdStrike. The documentation of Falcon LogScale is not on the CrowdStrike portal just like the rest of Falcon documentation. I usually find that the main Falcon LogScale documentation is found on the Falcon LogScale website itself. I think there should be a link or direct documentation within the CrowdStrike pages. It is not necessarily a fault. If you find where the documentation resides, you can trace it to what they are doing. However, for the ease of use for Falcon administrators, the same documentation on the Falcon LogScale portal should be on the CrowdStrike dashboard.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I have only heard the best about CrowdStrike's support."
"It offers the capability to view live log ingestion directly from the console which means you can seamlessly manage live log data ingestion alongside accessing and analyzing older data from the past."
"The workflows which are inbuilt, having inbuilt templates to utilize and automate the use cases, is the most useful part."
"Falcon LogScale has been rock solid in terms of stability."
"Falcon LogScale's insights give you a lot of information that an expert already thought would be valuable for you."
"One of the key features is the fast search functionality, enabling us to get results within a few seconds."
"Falcon LogScale stores logs without heavy indexing and searches directly, making it very fast."
"Falcon LogScale seems to be a better option with better visibility when it comes to the dashboard and the kill chain process, including the attack surface."
"It gives customers visibility about their most important servers and devices."
"The most valuable feature is the ability to write rules and triggers for network communication and then being able to investigate based on that, where you can see the payload and deconstruct the packets."
"Integration is exceedingly minimal, since its project development is much easier than that of LogRythm or IBM."
"Packet Solution: Allows analyst proactive hunting and alerting on daily sophisticated APTs."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Overall, it is easy to implement."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
 

Cons

"One more point about areas for improvement is the visualization depth. Splunk, which I used, has very good visualization compared to Falcon LogScale."
"KQL is a bit challenging for us."
"The price is, without question, very costly for any organization that has more than 1,000 or 2,000 users."
"One area of Falcon LogScale that I think could be improved is that it is a bit complex."
"There are some overlapping features found in multiple tools."
"CrowdStrike support is not good."
"There are significant improvements needed. When running Falcon LogScale for extended periods, it sometimes cannot send data to CrowdStrike's XDR system."
"That is a difficult question regarding Falcon LogScale. That is really a question for the professionals, and I am not a professional, so I do not know."
"The initial setup is complex. There are other solutions that are easier to implement."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The tool's integration capability isn't so great."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The product continues to crash. Even with tech support help, it does not resolve itself."
"Security needs improvement. We would still like to know how the traffic is entering the organization."
"It is overly complicated. It has taken years to implement and the return on investment just isn't there."
 

Pricing and Cost Advice

Information not available
"It’s cheaper to run virtual machines in a VMware environment."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"This is a pricey solution; it's not cheap."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Manufacturing Company
10%
Comms Service Provider
8%
Media Company
8%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise9
Large Enterprise3
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What needs improvement with Falcon LogScale?
The main area for improvement in Falcon LogScale is the learning curve for the query language. Since I am heavily accustomed to SPL from my work in Splunk, adjusting to the syntax in Falcon LogScal...
What is your primary use case for Falcon LogScale?
I primarily use Falcon LogScale for heavy-duty threat hunting where I need sub-second results, particularly when working deep in tickets that we use for SIEM purposes. I do not want to wait for a S...
What advice do you have for others considering Falcon LogScale?
Falcon LogScale does require some maintenance. Compared to other tools, its maintenance is low. However, I have noticed that managing a SIEM environment in our infrastructure means conducting healt...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
 

Also Known As

No data available
RSA Security Analytics
 

Overview

 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Find out what your peers are saying about Falcon LogScale vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.