No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness Platform vs Rapid7 InsightIDR comparison

NetWitness and Rapid7 are both solutions in the Security Information and Event Management (SIEM) category. NetWitness is ranked #39 with an average rating of 8.0, while Rapid7 is ranked #23 with an average rating of 7.5. NetWitness holds a 0.9% mindshare in SIEM, compared to Rapid7’s 2.1% mindshare. Additionally, 75% of NetWitness users are willing to recommend the solution, compared to 96% of Rapid7 users who would recommend it.
NetWitness Platform
Read 36 NetWitness Platform reviews
  • 3,695 Views
  • 2,106 Comparison Views
75% willing to recommend
Rapid7 InsightIDR
Read 32 Rapid7 InsightIDR reviews
  • 9,277 Views
  • 4,639 Comparison Views
96% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

NetWitness Platform and Rapid7 InsightIDR compete in the cybersecurity tools category. Rapid7 InsightIDR seems to have the upper hand due to better features and customer service, despite NetWitness Platform being more affordable.

Features: NetWitness Platform offers robust threat detection, analytics, and comprehensive visibility. Rapid7 InsightIDR is favored for its simplicity, effective incident detection, and user-friendliness, leading to quicker threat identification.

Room for Improvement: NetWitness Platform needs enhancements in configuration complexity, integration with other tools, and easier deployment. Rapid7 InsightIDR could improve its alerting system, provide more customization options, and enhance its reporting features.

Ease of Deployment and Customer Service: NetWitness Platform is criticized for its lengthy deployment process and the need for expert handling. Rapid7 InsightIDR stands out with smoother deployment and better user support, making it easier to implement.

Pricing and ROI: NetWitness Platform is known for lower setup costs and decent ROI, but requires additional investment in expertise. Rapid7 InsightIDR, while more expensive, offers higher ROI due to its advanced features and effective threat management, justifying the higher cost.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed NetWitness Platform vs. Rapid7 InsightIDR Report (Updated: April 2026).
Buyer's Guide
NetWitness Platform vs. Rapid7 InsightIDR
April 2026
Download the complete report
Helped 893,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
39th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th)
Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
23rd
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (10th), Endpoint Detection and Response (EDR) (39th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (23rd)
 

Mindshare comparison

As of May 2026, in the Security Information and Event Management (SIEM) category, the mindshare of NetWitness Platform is 0.9%, up from 0.6% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.1%, down from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Rapid7 InsightIDR2.1%
NetWitness Platform0.9%
Other97.0%
Security Information and Event Management (SIEM)
 

Featured Reviews

reviewer2256927 - PeerSpot reviewer
reviewer2256927
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.
Read full review
SohailHyder - PeerSpot reviewer
SohailHyder
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Setting up NetWitness is straightforward; there are multiple connectors, including standard and specialized connectors, with enhanced capability to integrate custom applications, and from there you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Performance and reporting are very good."
"Overall, it is easy to implement."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The most valuable feature is the correlation, as it can report in real-time and monitor the management."
"Prior to implementing the solution, the customers had no visibility of their assets, however, after adopting the solution, they have gained complete visibility over all their assets, including a comprehensive understanding of the network and attack symptoms."
"Incident management is its most valuable feature."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
More NetWitness Platform pros
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The solution provides satisfying native integration features"
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"The incident case management is the most valuable feature, and the ability to quickly sort through all the logs, network and endpoint data, and add it to an incident case as part of the investigation, with automatic timelining and correlation to other notable events and activities on the network, results in a huge improvement in our overall confidence that we have quickly traced down the right source of an issue."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Rapid7's reporting is more robust than Tenable's."
"Rapid7 InsightIDR integrates well with other solutions. It's also easy to configure because Rapid7 InsightIDR has a lot of instructions posted on their website that customers can follow if they need to get the source log."
"The UI is very good."
More Rapid7 InsightIDR pros
 

Cons

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I believe they could improve their support, there are often delays."
"An area for improvement would be better automation and more inbuilt use cases."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"More customizability is required, which is something that they need to improve on."
"The initial setup was complex because it takes a lot of time to complete the implementation."
"The initial setup is very complex and should be simplified."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
More NetWitness Platform cons
"I'd like to be able to get the compliance report within the solution which is currently not possible."
"I would like to see more development in InsightIDR towards building their SIEM solution and converting it to XDR."
"There is a future in AI with Rapid7, however, it is not fully operated. There are certain limitations with Rapid7 that I am working on."
"They should add more configuration and security features to it."
"One of the things that could be better is digital forensics. It is there, but it can be better."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses.​"
"The dashboard is an area that could be simplified. For management, it should be clear and the files should be there."
More Rapid7 InsightIDR cons
 

Pricing and Cost Advice

"We are on an annual license for the use of the solution."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"The product is expensive."
"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."
"The product price was reasonable for my region and the market."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
More NetWitness Platform pricing and cost advice
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"Licensing is by endpoint and amount of retention time (at least ours is). Default retention was one year, but we are able to push the retention further if needed. There's also a provide-your-own-S3 option for longer retention if you don't want to pay for the additional retention years in your Rapid7 agreement."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"It is a reasonably priced solution."
"The pricing is good, and it is not very expensive."
More Rapid7 InsightIDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
893,311 professionals have used our research since 2012.
 

Comparison Review

VS
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Comms Service Provider
9%
Construction Company
8%
Performing Arts
7%
Financial Services Firm
9%
Computer Software Company
9%
Manufacturing Company
9%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
 

Questions from the Community

What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
See all answers
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
See all answers
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with excellent capabilities and integration with various devices.
See all answers
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
See all answers
What is your experience regarding pricing and costs for Rapid7 InsightIDR?
The product pricing is very cheap.
See all answers
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature...
See all answers
 

Comparisons

Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 7% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 7% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 4% of the time
Palo Alto Networks WildFire vs NetWitness Platform Logo
Palo Alto Networks WildFire vs NetWitness Platform
Compared 4% of the time
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Compared 3% of the time
More NetWitness Platform Competitors
Splunk Enterprise Security vs Rapid7 InsightIDR Logo
Splunk Enterprise Security vs Rapid7 InsightIDR
Compared 4% of the time
Microsoft Sentinel vs Rapid7 InsightIDR Logo
Microsoft Sentinel vs Rapid7 InsightIDR
Compared 4% of the time
CrowdStrike Falcon vs Rapid7 InsightIDR Logo
CrowdStrike Falcon vs Rapid7 InsightIDR
Compared 3% of the time
Adlumin Security Operations vs Rapid7 InsightIDR Logo
Adlumin Security Operations vs Rapid7 InsightIDR
Compared 3% of the time
Vectra AI vs Rapid7 InsightIDR Logo
Vectra AI vs Rapid7 InsightIDR
Compared 3% of the time
More Rapid7 InsightIDR Competitors
 

Product Reports

Buyer's Guide
NetWitness Platform
April 2026
NetWitness Platform reportDownload NetWitness Platform product report
Buyer's Guide
Rapid7 InsightIDR
April 2026
Rapid7 InsightIDR reportDownload Rapid7 InsightIDR product report
 

Also Known As

RSA Security Analytics
InsightIDR
 

Overview

NetWitness Platform provides seamless threat intelligence integration and robust log/packet ingestion. It enhances network visibility and incident management through automated threat detection, ideal for enterprises seeking scalability and security intelligence.

NetWitness Platform offers a comprehensive suite of tools designed to tackle security challenges within Security Operations Centers. It integrates data from endpoints, networks, and other sources, ensuring in-depth security analysis. By supporting features like XDR and UEBA, it grants a unified view of security events. Its capabilities extend to threat hunting, malware analysis, and network forensics, assisting organizations in managing incidents, ensuring compliance with regulations like GDPR, and detecting cyber threats. Users appreciate its ease of deployment, flexibility, and threat prediction capabilities, although improvements in integration, documentation, and AI are desired.

What are the key features of NetWitness Platform?
  • User-friendly Interface: Simplifies security monitoring and management.
  • Threat Intelligence Integration: Provides seamless access to threat data.
  • Log/Packet Ingestion and Alerting: Enhances detection and response.
  • Network Visibility: Improves threat detection across networks.
  • Incident Management: Streamlines response to security incidents.
  • Automated Threat Detection: Facilitates quick identification of threats.
  • Custom Connectors: Allows for tailored integrations.
  • Advanced Dashboarding and Reporting: Offers detailed insights.
  • Packet/Incident Correlation: Enhances understanding of threats.
What benefits can users expect when evaluating NetWitness Platform?
  • Threat Prediction: Anticipates potential vulnerabilities.
  • Ease of Use: Streamlines user experience.
  • Deployment Flexibility: Adapts to organizational structure.
  • Scalability: Supports growing security infrastructure needs.
  • Security Intelligence: Enhances awareness and response capabilities.

In finance and health sectors, NetWitness Platform aids significantly by providing comprehensive threat analysis, ensuring compliance, and facilitating rapid incident management. Enterprises in these industries benefit by maintaining robust security postures and meeting regulatory demands.

NetWitness

Rapid7 InsightIDR is a cloud-based security information and event management solution known for its user behavior analytics, offering rapid detection and response capabilities while facilitating seamless integration across systems.

Rapid7 InsightIDR is designed to enhance threat detection and investigation through its efficient user behavior analytics and advanced threat intelligence framework. The platform's cloud-based deployment ensures rapid setup and comprehensive event monitoring across diverse IT environments, including endpoints and Office 365. Its intuitive interface supports seamless data collection, honing in on threat detection through honeypot utilization and intelligent alerting. However, it is noted for lacking some customization features and better integration, especially with Microsoft and ITSMs.

What are the key features of Rapid7 InsightIDR?
  • User Behavior Analytics: Detects threats by analyzing patterns and anomalies.
  • Cloud Deployment: Enables quick setup and scalability.
  • Comprehensive Monitoring: Monitors events across systems and platforms like Office 365.
  • Honeypots and Alerting: Utilizes honeypots to reduce false positives and alert fatigue.
  • Threat Intelligence Framework: Supports effective threat hunting and remediation.
What benefits should users consider in reviews when evaluating Rapid7 InsightIDR?
  • Enhanced Detection: Improves threat detection with user behavior analysis.
  • Easy Integration: Integrates across systems for a streamlined security approach.
  • Rapid Response: Facilitates quick action against identified threats.
  • Operational Efficiency: Offers a cohesive view of security operations.

Rapid7 InsightIDR is prominently used in security operation centers to manage events, detect threats, and respond effectively. Industries apply it for network behavior monitoring, compliance, and vulnerability management. Companies integrate it with security tools to boost threat investigation, ensuring full SIEM functionalities and robust log management capacities. Its application spans behavioral and intrusion analytics, aiding in monitoring and addressing malicious activities.

Rapid7
 

Sample Customers

Los Angeles World Airports, Reply
Liberty Wines, Pioneer Telephone, Visier
Buyer's Guide
NetWitness Platform vs. Rapid7 InsightIDR
April 2026
Free Report: NetWitness Platform vs. Rapid7 InsightIDR
Find out what your peers are saying about NetWitness Platform vs. Rapid7 InsightIDR and other solutions. Updated: April 2026.
DOWNLOAD NOW
893,311 professionals have used our research since 2012.
See our NetWitness Platform vs. Rapid7 InsightIDR report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.