Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Security Information and Event Management (SIEM)
September 2022
Get our free report covering Splunk, IBM, RSA, and other competitors of RSA NetWitness Logs and Packets (RSA SIEM). Updated: September 2022.
632,779 professionals have used our research since 2012.

Read reviews of RSA NetWitness Logs and Packets (RSA SIEM) alternatives and competitors

Senior System Administrator at DP Infotech Pvt Ltd
Real User
Reliable with good dashboards but needs better alerts
Pros and Cons
  • "It's reliable and the performance is good."
  • "We've had issues with scaling and local support."

What is our primary use case?

This solution's use case is abnormal administrative lockouts, most of the time.

What is most valuable?

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

What needs improvement?

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

For how long have I used the solution?

We've been using the solution for two years. 

What do I think about the stability of the solution?

It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

What do I think about the scalability of the solution?

We have seven people, admins, who are working directly with the solution. 

It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

How are customer service and support?

We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

How was the initial setup?

The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

The deployment itself took about 90 days. 

I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

What's my experience with pricing, setup cost, and licensing?

I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

What other advice do I have?

We are an integrator and service provider. 

We are not currently using the latest update.

I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

I'd rate the solution five out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
System Engineer at a computer software company with 1,001-5,000 employees
Real User
Highly stable, built-in workflows, and good support

What is our primary use case?

There are many use cases for Splunk, we commonly use it for log management and analytics.

What is most valuable?

The most valuable feature of Splunk is the management and built-in workflows.

What needs improvement?

The analytics of Splunk could be improved.

For how long have I used the solution?

I have been using Splunk for approximately four years.

What do I think about the stability of the solution?

Splunk is a highly stable solution.

What do I think about the scalability of the solution?

I have found Splunk to be scalable.

We have 15 members of our organization that use this solution.

How are customer service and support?

We used to support a few times and our experience was good. 

I would rate the support from Splunk a four out of five.

Which solution did I use previously and why did I switch?

I have previously used RSA and I prefer Splunk.

How was the initial setup?

The implementation of slunk is not straightforward. It is of a moderate difficulty level.

What about the implementation team?

We used an integrator to do the implementation.

What's my experience with pricing, setup cost, and licensing?

There is an annual license required to use this solution.

Which other solutions did I evaluate?

I have evaluated other solutions, such as IBM QRadar.

What other advice do I have?

This solution has good technology.

I rate Splunk an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Security Information and Event Management (SIEM)
September 2022
Get our free report covering Splunk, IBM, RSA, and other competitors of RSA NetWitness Logs and Packets (RSA SIEM). Updated: September 2022.
632,779 professionals have used our research since 2012.