We performed a comparison between Logpoint and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The automation feature is valuable."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The most valuable features are the ones that we use the most, which are the search and report facilities."
"Log collection, dashboards and reporting are good."
"The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform."
"The most beneficial was being able to prove, with proper reports, that from a compliance perspective, the company is in control. The service part of LogPoint did modifications or did some additional work to have the proper reports defined."
"The integration is very user-friendly. There are not many CLI commands. Everything is directly accessible from the web interface."
"The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report."
"They basically charge you in a better way."
"It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"Performance and reporting are very good."
"Offers a good wireless feature."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"NetWitness can be highly beneficial for incident detection and response."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Logpoint is not flexible. Its documentation is not user-friendly."
"The interface needs things like wizards that will assist with creating complex correlation rules."
"In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
"I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
"It is a good product, but its interface or GUI could be better."
"LogPoint must find a way to integrate the servers without agents."
"Nowadays the trend is going towards the ransomware and the endpoint detection and response. So if they added something for that, that will be very, very good."
"Sometimes, the product is not stable."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
"The initial setup is very complex and should be simplified."
"The solution should have more integration capabilities with different platforms."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"The initial setup is complex. There are other solutions that are easier to implement."
"Security needs improvement."
"The product's licensing models are complex to understand. This particular area needs improvement."
Logpoint is ranked 29th in Log Management with 20 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. Logpoint is rated 7.4, while NetWitness Platform is rated 7.4. The top reviewer of Logpoint writes "Good technical support but it is complex to use and resource-heavy". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Logpoint is most compared with IBM Security QRadar, Elastic Security, Rapid7 InsightIDR, Wazuh and LogRhythm SIEM, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our Logpoint vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.