NNT Log Tracker Enterprise vs NetWitness Platform comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between NetWitness Platform and NNT Log Tracker Enterprise based on real PeerSpot user reviews.

Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management.
To learn more, read our detailed Log Management Report (Updated: February 2024).
755,666 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources.""We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.""The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user.""One of the most valuable features of Microsoft Sentinel is that it's cloud-based.""If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications.""Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements.""It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."

More Microsoft Sentinel Pros →

"It's quite economical compared to other solutions in the market.""In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing.""Their technical support responds quickly and are knowledgable.""It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before.""What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder.""The product has a user-friendly interface and a valuable feature for threat intelligence integration.""Possibility to investigate incidents based on logs and raw packets, such as extracting files sent over the network""The most valuable features are its ingestion of logs and raising of alerts based on those logs."

More NetWitness Platform Pros →

"The FIM features in the Change Tracker and the Log Tracker are the most valuable.""The most valuable feature is the predefined reports for PCI compliance.""This is a very easy-to-use interface with a quick ramp-up time.""File integrity monitoring is a very important function."

More NNT Log Tracker Enterprise Pros →

"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.""The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress.""When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear.""The solution could be more user-friendly; some query languages are required to operate it.""They could use some kind of workbook. There is some limitation doing the editing and creating the workbook.""The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."

More Microsoft Sentinel Cons →

"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems.""More customizability is required, which is something that they need to improve on.""Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10.""The solution should have more integration capabilities with different platforms.""The initial setup is very complex and should be simplified.""The user interface is a little bit difficult for new users and it needs to be improved.""Health monitoring of the event sources and devices.""It should have a monitoring feature. It would help us analyze the current state of attacks faster from a single platform."

More NetWitness Platform Cons →

"The correlation suite needs to be improved.""I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it.""Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet.""It is able to identify the vulnerability, however, they need an option to auto-mitigate."

More NNT Log Tracker Enterprise Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "It’s cheaper to run virtual machines in a VMware environment."
  • "The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
  • "It is cheap."
  • "The licenses are good but the cost is very expensive."
  • "This is a pricey solution; it's not cheap."
  • "We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "Our license is for one year."
  • More NetWitness Platform Pricing and Cost Advice →

  • "Consider both their on-premises solution and their hosted solution. Both are reasonably priced."
  • "We have selected a perpetual license along with support."
  • "NNT's pricing is moderate - I would rate their pricing two-and-a-half out of ten."
  • More NNT Log Tracker Enterprise Pricing and Cost Advice →

    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    755,666 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:The product has a user-friendly interface and a valuable feature for threat intelligence integration.
    Top Answer:The product is expensive. I rate its pricing a seven out of ten.
    Top Answer:It is quite tedious to make changes in the playbooks. There could be an option to integrate or adapt AI and machine… more »
    Top Answer:The most valuable feature is the predefined reports for PCI compliance.
    Top Answer:The correlation suite needs to be improved. I also think they need to improve the product's handling of large amounts of… more »
    Top Answer:I mainly use this solution to meet PCI compliance.
    Also Known As
    Azure Sentinel
    RSA Security Analytics
    Learn More
    Video Not Available
    Video Not Available

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

    NNT Log Tracker Enterprise is a comprehensive and easy-to-use Security Information and Event Management (SIEM) solution for any compliance mandate providing:

    • Enterprise-class SIEM capabilities.
    • Compliance Automation.
    • User and System Activity Audit trails.
    • Network Anomaly forensics.
    • Proactive Threat Detection.
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Los Angeles World Airports, Reply
    Wonga, WHSmith
    Top Industries
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    Computer Software Company16%
    Financial Services Firm10%
    Manufacturing Company7%
    Comms Service Provider25%
    Financial Services Firm25%
    Computer Software Company25%
    Manufacturing Company10%
    Computer Software Company15%
    Financial Services Firm14%
    Insurance Company7%
    Computer Software Company18%
    Financial Services Firm16%
    Educational Organization7%
    Company Size
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    Small Business24%
    Midsize Enterprise16%
    Large Enterprise60%
    Small Business26%
    Midsize Enterprise15%
    Large Enterprise59%
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise68%
    Small Business34%
    Midsize Enterprise10%
    Large Enterprise56%
    Buyer's Guide
    Log Management
    February 2024
    Find out what your peers are saying about Splunk, Datadog, Wazuh and others in Log Management. Updated: February 2024.
    755,666 professionals have used our research since 2012.

    NetWitness Platform is ranked 29th in Log Management with 11 reviews while NNT Log Tracker Enterprise is ranked 43rd in Log Management with 1 review. NetWitness Platform is rated 7.4, while NNT Log Tracker Enterprise is rated 8.2. The top reviewer of NetWitness Platform writes "A solid SIEM solution that should improve technical support and online resources to be easier to use". On the other hand, the top reviewer of NNT Log Tracker Enterprise writes "Great for PCI compliance but issues with stability and large amounts of data". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Trellix Network Detection and Response and Cisco Secure Network Analytics, whereas NNT Log Tracker Enterprise is most compared with Cybereason Endpoint Detection & Response.

    See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.