Try our new research platform with insights from 80,000+ expert users

LogRhythm SIEM vs NetWitness Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm SIEM
Ranking in Log Management
13th
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
175
Ranking in other categories
No ranking in other categories
NetWitness Platform
Ranking in Log Management
33rd
Ranking in Security Information and Event Management (SIEM)
30th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of October 2025, in the Log Management category, the mindshare of LogRhythm SIEM is 2.3%, down from 2.6% compared to the previous year. The mindshare of NetWitness Platform is 0.4%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Market Share Distribution
ProductMarket Share (%)
LogRhythm SIEM2.3%
NetWitness Platform0.4%
Other97.3%
Log Management
 

Featured Reviews

SumitKumar20 - PeerSpot reviewer
Tool consistently aids in effective threat detection and monitoring but could benefit from improved log source management and resource optimization
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of gigabytes, terabytes, or petabytes from particular devices or environments. This information is crucial for planning future storage needs and scalability. The system monitor (collector) agent has issues with resource consumption. Even when not actively collecting data, the agent continues to consume significant CPU and memory resources, which can be particularly problematic for small business environments with limited resources. LogRhythm SIEM could improve by adding more default device support. While they have good default settings for devices such as Palo Alto firewalls, custom log sources often require extensive work. Increasing the number of supported devices with built-in policies and functionality would reduce the need for custom work. Competitive SIEM tools often provide more comprehensive coverage for various devices and vendors.
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The GUI is very intuitive and the solution has good integration."
"It's reliable and the performance is good."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"NextGen SIEM's most valuable feature is its user-friendliness."
"The content in the community is very helpful and useful for new users."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
 

Cons

"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"I would like to see more integration with more products that are out there within the same security field."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"The product's stability needs improvement."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"We have encountered issues with unresolved crashes."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"Its technical support could be better."
"The initial setup is complex. There are other solutions that are easier to implement."
 

Pricing and Cost Advice

"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
"When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing."
"I give the price a six out of ten."
"NextGen SIEM's pricing is moderate."
"Everything is expensive with LogRhythm, and you don't get anything for free."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"LogRhythm's pricing and licensing is extremely competitive and it's one of the top three reasons we continue to invest in the platform."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"Compared to the competition, the is price is not that high."
"We are on an annual license for the use of the solution."
"The product is expensive."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"The licenses are good but the cost is very expensive."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
869,513 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
12%
Government
10%
Manufacturing Company
8%
Financial Services Firm
7%
Financial Services Firm
13%
Computer Software Company
11%
Comms Service Provider
7%
Performing Arts
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise38
Large Enterprise83
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
 

Also Known As

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
RSA Security Analytics
 

Overview

 

Sample Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Los Angeles World Airports, Reply
Find out what your peers are saying about LogRhythm SIEM vs. NetWitness Platform and other solutions. Updated: September 2025.
869,513 professionals have used our research since 2012.