Try our new research platform with insights from 80,000+ expert users

NetWitness Platform vs Netwrix Auditor comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
31st
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (35th)
Netwrix Auditor
Ranking in Security Information and Event Management (SIEM)
24th
Average Rating
9.2
Reviews Sentiment
7.7
Number of Reviews
7
Ranking in other categories
GRC (9th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (14th), Active Directory Management (2nd)
 

Mindshare comparison

As of August 2025, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.6%, down from 0.7% compared to the previous year. The mindshare of Netwrix Auditor is 0.5%, up from 0.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.
Mohamed Tantawy - PeerSpot reviewer
Can track every admin action in large environments and includes AI modules to detect and prevent unauthorized changes
The initial setup of Netwrix Auditor was straightforward. Some functions require agents while others are agentless, simplifying implementation. It consumed minimal server and client resources, and the wizard-based console made it simple to deploy with the help of architectural teams. All required ports were in place, and they covered all critical services and databases effectively. I would rate the easiness of the initial setup as a nine out of ten. The deployment of Netwrix Auditor took around three weeks, mainly due to the preparation of the environment and servers. The deployment process involved actions such as preparing virtual servers and building databases. Once deployed, it took only about a week to complete. Third-party consultants assisted us with deployment. Only one or two engineers were needed for deployment and maintenance, which could be handled remotely with minimal complexity.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The most valuable feature is the correlation. It can report in real-time and monitor the management."
"Offers a good wireless feature."
"The product's initial setup phase was not at all difficult."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"The most valuable feature is the hunting ability to work in a CERT."
"The solution is really scalable for the high-end power, enterprise customer."
"I am impressed with the tool's reporting feature and notifications."
"The most valuable features of Netwrix Auditor are its affordability compared to similar products and its comprehensive monitoring of admin activities."
"I have found user behavior analysis and the ability to run risk assessments important features. Additionally, the interface and online documentation are very good."
"Netwrix provides features that no other solution on the market does."
"What I find the most valuable about Netwrix Auditor is the way it shows risk. The reports are very clear."
"It maintains audit logs for the duration of time that you wish, as long as you have the storage capacity to do so."
"The most valuable feature is the real-time monitoring."
 

Cons

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"The initial setup is very complex and should be simplified."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Technical support could be improved."
"We have encountered issues with unresolved crashes."
"An area for improvement would be better automation and more inbuilt use cases."
"It is not so easy to customize this product."
"There is room for improvement with the introduction of AI functionality."
"There is room for improvements when it comes to the licensing."
"An improvement would be if there was an another way to manage the logs besides email because it's not so practical."
"When there are issues I would like remediation to be in one place."
"The Linux compatibility of this solution could be improved."
"I expect usability features to become more refined over time. I'm interested to see how it evolves and continues to improve."
"The solution lacks self-service on password reset. It also needs to improve its scalability."
"If you buy direct, there is a minimum of 150 licenses that must be procured. The price point and barrier of entry is a little bit higher than it would be if you purchased the solution from an authorized reseller partner, rather than buying it and managing yourself."
 

Pricing and Cost Advice

"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"It is cheap."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"It’s cheaper to run virtual machines in a VMware environment."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"There is a license for this solution and we are on an annual license. The price is reasonable."
"This solution is reasonably priced. I would rate it a nine out of ten."
"The tool's price is fair."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
865,384 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Computer Software Company
13%
Comms Service Provider
6%
Manufacturing Company
6%
Financial Services Firm
12%
Manufacturing Company
9%
Computer Software Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
What do you like most about Netwrix Auditor?
The most valuable features of Netwrix Auditor are its affordability compared to similar products and its comprehensive monitoring of admin activities.
What is your experience regarding pricing and costs for Netwrix Auditor?
The pricing of Netwrix Auditor varies based on the number of users and devices in our environment, but it is generally very cost-effective compared to other solutions. We don't pay for licenses sep...
What needs improvement with Netwrix Auditor?
The solution currently meets my needs, but there is room for improvement with the introduction of AI functionality as suggested by the vendor. Additionally, expanding capabilities like database act...
 

Also Known As

RSA Security Analytics
No data available
 

Overview

 

Sample Customers

Los Angeles World Airports, Reply
AT&T, SanDisk, Siemens, Verizon, Electrolux, Allianz, Societe Generale
Find out what your peers are saying about NetWitness Platform vs. Netwrix Auditor and other solutions. Updated: July 2025.
865,384 professionals have used our research since 2012.