We performed a comparison between FileAudit and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Free ingestion for Azure logs (with E5 licence)"
"It has basic out-of-the-box integrations with multiple log sources."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The automation feature is valuable."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Our customer acquires the complete report which is kept for future auditing purposes."
"Alerting upon file changes is the most valuable aspect of the product."
"It is a good and stable solution...It is a scalable solution."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"NetWitness can be highly beneficial for incident detection and response."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The most valuable features are the threat prediction and network forensics."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The updates management and central management console could be improved."
"The DLP function, including installation of the agent on the workstation and controlling the DLP restrictions, are areas where the product lacks."
"Whenever someone cuts and paste, it shows as "file is deleted"."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"More customizability is required, which is something that they need to improve on."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"The tool's integration capability isn't so great."
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"The product's licensing models are complex to understand. This particular area needs improvement."
FileAudit is ranked 42nd in Log Management with 3 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. FileAudit is rated 9.0, while NetWitness Platform is rated 7.4. The top reviewer of FileAudit writes "A scalable SIEM solution for monitoring a user's activity in the file server". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". FileAudit is most compared with ManageEngine File Audit Plus, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our FileAudit vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.