We performed a comparison between NetWitness Platform and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The Log analytics are useful."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The solution is really scalable for the high-end power, enterprise customer."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"Performance and reporting are very good."
"The newer 11.5 version that my team is using has found it to have good mapping."
"NetWitness can be highly beneficial for incident detection and response."
"We can ingest and correlate data from virtually any type of system."
"The solution's newly developed dashboard is pretty amazing."
"From the class that I took this week, being able to create notable events from whatever you find in the data set is pretty useful."
"The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports."
"Exporting is a good feature. It helps me out when I have to do reports. I do a lot of exporting and crunching of the numbers. Dashboards are okay for showing to the leadership, but for doing statistics and updating tickets, the export feature is very beneficial for me."
"The ability to ingest any data and display it in a way that anyone can understand."
"Splunk Enterprise Security offers valuable features like seamless integration and a SQL-standard Structured Query Language for easy searching."
"What I really like is that even if you have already collected the data, you can extract fields and can build searches."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sentinel's reporting is complex and can be more user-friendly."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We'd like also a better ticketing system, which is older."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"The implementation needs assistance."
"The tool's integration capability isn't so great."
"I believe that integrating the solution with other products such as Oracle would be beneficial."
"We have encountered issues with unresolved crashes."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"An area for improvement would be better automation and more inbuilt use cases."
"We usually have to follow up with technical support on our open cases."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"We would like more integrations with other cloud products, not just AWS, e.g., Azure."
"I have concerns about the architecture as well since I can see it is not very well defined."
"I feel as though a major focus of upcoming releases should be set on Machine Learning, Predictive Analytics, and I would enjoy to see more security focused add-ons and apps developed by the vendor."
"The GUI can be improved. Splunk has always suffered from having a kind of goofy UI, it needs some updating."
"The glass table feature does not perform as expected."
"I'd say I am happy with the technical support, not elated. They provide great support, but sometimes they don't have the answers that I need."
NetWitness Platform is ranked 15th in Security Information and Event Management (SIEM) with 36 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. NetWitness Platform is rated 7.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". NetWitness Platform is most compared with RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics, Trellix Network Detection and Response and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our NetWitness Platform vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.