We performed a comparison between NetWitness Platform and Security Onion based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Their technical support responds quickly and are knowledgable."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"Offers a good wireless feature."
"The most valuable feature is the security that it provides."
"The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
"In my opinion, the solution's most valuable feature is its capacity to monitor network traffic, logs from devices within the network, and network captures. This capability extends beyond logs to include full network capturing."
"The newer 11.5 version that my team is using has found it to have good mapping."
"We use Security Onion for internal vulnerability assessment."
"The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."
"Security Onion is the most mature solution in the market."
"Its technical support could be better."
"The log system is a bit complex and has room for improvement."
"More customizability is required, which is something that they need to improve on."
"The product's licensing models are complex to understand. This particular area needs improvement."
"The solution should have more integration capabilities with different platforms."
"The system architecture is complex and sometimes it’s hard to troubleshoot potential problems."
"The multi-tenant capabilities are lagging compared to IBM QRadar."
"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."
"The product is not easy to learn."
"Security Onion's user interface could be improved."
"The initial setup of the solution is a little bit difficult."
NetWitness Platform is ranked 19th in Log Management with 36 reviews while Security Onion is ranked 33rd in Log Management with 3 reviews. NetWitness Platform is rated 7.4, while Security Onion is rated 7.6. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Security Onion writes "A mature and affordable solution that is easy to install and easy to update". NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Microsoft Sentinel, whereas Security Onion is most compared with Wazuh, Elastic Stack, TheHive, Splunk Enterprise Security and Graylog. See our NetWitness Platform vs. Security Onion report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.