NetWitness Platform Pros and Cons

Netwitness siem solution is a great tool for threat hunting Review collected by and hosted on G2.com.

Api integration needs to be enhancement for soc Review collected by and hosted on G2.com.

As a user and part of security team in my company, the platform's ease of use and compact interface is a must on our daily monitoring. This alone is vital in part of investigation and response to any incidents that may arise. Based on my colleague, support team is also helpful and there are resources that is available to the community. Overall a great tool to assist on our job. Review collected by and hosted on G2.com.

It will take some time to get into the familiarity of navigating through the platform. This is not for an entry-level position, but learnings this tool will be a solid help in the future. Review collected by and hosted on G2.com.

Customer Support

Number of Features

Threat correlation Review collected by and hosted on G2.com.

Integration Challenges and Resource demands Review collected by and hosted on G2.com.

Few weeks ago, I had an opportunity using the platform. And for what I have found out that its not so complicated after all. Review collected by and hosted on G2.com.

DIdnt find any as of this few weeks using it. Review collected by and hosted on G2.com.

It is easy to use and provide better analysis options Review collected by and hosted on G2.com.

Support can be improved on devices integrations and troubleshooting Review collected by and hosted on G2.com.

1- The visibility RSA NetWitness packet (NDR) provides is brilliant.

2- Easy installation and deployment.

3- The scalability of deployment is very good.

4- The combination of NDR, EDR and Logs in the same interface.

5- Effective technical support. Review collected by and hosted on G2.com.

1- Documentation that is poor.

2- Integration with log sources is limited in comparison with other brands.

3- Building use cases is not easy, and poor built-in use cases.

4- Weak parsing of logs.

5- The user interface is not friendly enough.

6- Respond module requires significant enhancement. Review collected by and hosted on G2.com.

The response speed at GUI for Security Analysis and threat hunting purpose is the best part. Even to fetch the old data for any of the audit purposes it takes just seconds. Review collected by and hosted on G2.com.

I don't like the Hybrid component i.e Hybrid log decoder (Decoder+ Concentrator) as if in case we face problem in any of the component we have to face trouble with other as well. Better to prefer all the standalone component in RSA Netwitness. Review collected by and hosted on G2.com.

The investigation tab is helping me a lot during my investigation as it shows all the available meta keys in the logs, which makes it easier to notice suspicious artifacts. Review collected by and hosted on G2.com.

RSA Net witness needs enhancing in showing the details of the entire packet, for example (headers and body) Review collected by and hosted on G2.com.

Ability to find and decode base65 and hex.

Inbound SSL decryption.

The ability to run anywhere, physical hardware, cloud etc.

SOAR capabilities can be used to scale security operations. Review collected by and hosted on G2.com.

No cross platform SOAR compatibility.

Difficult to learn and use initially.

Setting up the solution is complex for first timers.

Integrating newer devices is a tough task. Review collected by and hosted on G2.com.

alerts are a powerful tool to notify you of an incident Review collected by and hosted on G2.com.

set up could be complicated , and support it's nota the best Review collected by and hosted on G2.com.