We performed a comparison between NetWitness Platform and RSA enVision based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The solution offers a lot of data on events. It helps us create specific detection strategies."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The product can integrate with any device."
"Log aggregation and data connectors are the most valuable features."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the security that it provides."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"The product's initial setup phase was not at all difficult."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The most valuable features are the integration and ease of use."
"The solution is really scalable for the high-end power, enterprise customer."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The reporting could be more structured."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The troubleshooting has room for improvement."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The user interface is a little bit difficult for new users and it needs to be improved."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The initial setup is very complex and should be simplified."
"The log system is a bit complex and has room for improvement."
"The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together."
"Its technical support could be better."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
NetWitness Platform is ranked 16th in Security Information and Event Management (SIEM) with 36 reviews while RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews. NetWitness Platform is rated 7.4, while RSA enVision is rated 6.8. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". NetWitness Platform is most compared with Splunk Enterprise Security, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas RSA enVision is most compared with Splunk Enterprise Security and IBM Security QRadar.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.