We performed a comparison between ManageEngine Log360 and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The pricing of the product is excellent."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The most valuable features for us are the application logs monitoring and the dashboard, which provides a single-pane view of all the ongoing activities."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"The reporting is great. Everything you need is in the report for you already."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"You can have all of the logs from servers to network and it gets sent out to the correct owners. This is very helpful."
"The reports that you can run are really nice."
"The deployment is quite simple and pretty straightforward."
"It is nice to be able to monitor and to have notifications."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable features are the packet inspection and the automated incident response."
"It's quite economical compared to other solutions in the market."
"The most valuable feature is the ability to write rules and triggers for network communication, and then being able to investigate based on that."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"Incident management is its most valuable feature."
"NetWitness can be highly beneficial for incident detection and response."
"Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network"
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The solution should allow for a streamlined CI/CD procedure."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits."
"Most times log sheets are not assigned well."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"It is not expensive compared to other solutions."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"We can log in as a local user, and it's fine, but when we login with an Active Directory user, we cannot."
"The integration with SharePoint and Teams should be improved."
"An area for improvement would be better automation and more inbuilt use cases."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"We have encountered issues with unresolved crashes."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The initial setup is complex. There are other solutions that are easier to implement."
"It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."
ManageEngine Log360 is ranked 27th in Log Management with 15 reviews while NetWitness Platform is ranked 19th in Log Management with 36 reviews. ManageEngine Log360 is rated 7.2, while NetWitness Platform is rated 7.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Splunk Enterprise Security, Fortinet FortiSIEM and SolarWinds Security Event Manager , whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Trellix Network Detection and Response. See our ManageEngine Log360 vs. NetWitness Platform report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.