We just raised a $30M Series A: Read our story

RSA NetWitness Logs and Packets (RSA SIEM) OverviewUNIXBusinessApplication

RSA NetWitness Logs and Packets (RSA SIEM) is #3 ranked solution in top Advanced Threat Protection (ATP) tools and #4 ranked solution in top Security Information and Event Management (SIEM) tools. IT Central Station users give RSA NetWitness Logs and Packets (RSA SIEM) an average rating of 8 out of 10. RSA NetWitness Logs and Packets (RSA SIEM) is most commonly compared to IBM QRadar:RSA NetWitness Logs and Packets (RSA SIEM) vs IBM QRadar. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
What is RSA NetWitness Logs and Packets (RSA SIEM)?

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

RSA NetWitness Logs and Packets (RSA SIEM) is also known as RSA Security Analytics.

RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide

Download the RSA NetWitness Logs and Packets (RSA SIEM) Buyer's Guide including reviews and more. Updated: November 2021

RSA NetWitness Logs and Packets (RSA SIEM) Customers

Los Angeles World Airports, Reply

RSA NetWitness Logs and Packets (RSA SIEM) Video

Pricing Advice

What users are saying about RSA NetWitness Logs and Packets (RSA SIEM) pricing:
  • "Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
  • "There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
  • "We are on an annual license for the use of the solution."

RSA NetWitness Logs and Packets (RSA SIEM) Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Mahesh Suryawanshi
Program Manager at EGYANAM TECH
Real User
Top 20
Economical with good technical support and is easily scalable

Pros and Cons

  • "It's quite economical compared to other solutions in the market."
  • "The initial setup is complex. There are other solutions that are easier to implement."

What is our primary use case?

I'm primarily using the solution on my client's site. 

This is a log event management tool. We are integrating this solution for the clients where it is required. Mostly we work with OEMs such as IBM, RSA, Splunk, and Micro Focus. 

With the help of these tools, you can identify any attacks or phishing activity in your network. Most of the time you are able to identify these types of attacks or activity on your firewall. When the firewall will notify the SIEM tools, it will identify which needs to be acted on immediately - unlike when you are using automation tools. With the help of automated tools, you can block those suspicious IPS or you can hand it over back to your security analyst or analyst team to take action ASAP. 

What is most valuable?

We have not evaluated this tool. It is evaluated by the client's company directly. That said, I have found it has good threat intel insights, comparatively speaking. 

From the client-side, there are economical kinds of features.  It's quite economical compared to other solutions in the market. 

The solution is scalable. 

The technical support is very good.

What needs improvement?

We are designing reports and automated rules and processes. We are defining them in relation to this product. With the help of automated rules and processes, this product will help the team when they go to production to do operations smoothly, as, most of the time, what happens when you put manual interference into such systems, it may be delayed. This can lead to vulnerabilities. Sometimes, if a hacker enters the system, he might only have a limited time where there is a window of access, however, in that time, he'll take what he can, and even if the vulnerability only lasted for a few minutes, in that time, items can get stolen. 

Therefore, there needs to be more proactively to avoid any downtime. We're adding automating tools to help RSA Netwitness so that if anything happens, RSA can immediately shut anything down. We're in the process of configuring them and adding them in.

The initial setup is complex. There are solutions that are easier to implement.

For how long have I used the solution?

I've been using the solution for two and a half years.

What do I think about the stability of the solution?

The solution is reliable. I won't say great, due to the fact that, naturally, if you compare it to other products it is not that great. That said, for the operations, it is good as long as you do not violate your license. The moment you violate your license, this will cause a quite delayed reaction, at least, that is what I've seen compared to Splunk and QRadar.

What do I think about the scalability of the solution?

While the solution isn't necessarily for small organizations, it is good for medium and large organizations.

The solution scales easily.

How are customer service and technical support?

Technical support is very good. They try to resolve issues with the proper SLAs which are defined by them and they understand the client's requirements as well as the client's infrastructure in a better manner. I'm happy with the support.

How was the initial setup?

The solution is pretty complex to set up. Comparatively, I have worked on IBM QRadar and Splunk. They are much easier to set up. It also depends on the client's infrastructure. It just needs some time and understanding to be deployed. 

Once it is deployed it requires maintenance. Whenever you work on such products, if you do not take the support or support services, it might take some time to work through some things. For some things, the documentation is not the best. Support is always recommended. If you do not buy support, it can be a disaster. 

What's my experience with pricing, setup cost, and licensing?

It's my understanding that the pricing of the product is pretty good. Compared to other options on the market, it's reasonable. 

I would say it's economical, as the licensing part is always a different ball game in the SIEM tools business, as everyone is running their business in a different manner. If you go to IBM, they will charge you in a different way, for example. RSA will charge you in a different way as well, and Splunk has its own unique licensing policies. I would say it's economical. I won't say it's cheap. It is in between.

Currently, there is only one license. There aren't different licensing models. Hardware is included in the price.

What other advice do I have?

I'm on the latest version of the solution. I tend to work on updated versions.

We are systems integrators. We have a partnership with RSA.

If a company decides to try out this product, they need to do the homework properly due to the fact that sometimes on the hardware side or on the software side, you may face some issues. It is better to study thoroughly the troubleshooting part and prepare properly. Only then you can go for implementation.

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
RamneshDubey
Senior Cyber Security Specialist at a computer software company with 10,001+ employees
Real User
Top 5
Good support, powerful decoders and concentrator, but the dashboard is not reflecting events in real-time

Pros and Cons

  • "The most valuable features are the packet decoder, log decoder, and concentrator."
  • "Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."

What is our primary use case?

We are a service providing company and this is one of the products that we implement for our clients. The RSA NetWitness Logs and Packets solution is used for Event Stream Analysis (ESA), and we implement use cases based on our customers' needs. For example, suppose the security device is a Palo Alto device then at the policy level, we implement the use cases. These might be things like phishing attacks or a botnet. Most companies follow the GDPR regulations for compliance.

We have RSA NetWitness implemented in virtual appliances.

What is most valuable?

The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that collects both and also uses the concentrator.

What needs improvement?

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time.

Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem.

For how long have I used the solution?

We have been using RSA NetWitness for about a year and a half.

What do I think about the stability of the solution?

The stability of RSA NetWitness is good. It is used on a daily basis.

What do I think about the scalability of the solution?

The ability to scale varies from client to client, and what the client's requirements are. Sometimes the client will want to move to a lighter platform and you have to consider the many inputs related to the cloud. 

We are supporting 10 to 15 clients for this solution. 

How are customer service and technical support?

With regard to technical support, we have found that their diagnosis makes sense but in some cases, they are very late to reply. Our clients always want to resolve the issue through us, and sometimes the support takes a long time. Because RSA NetWitness is a new product, there are many things that they are trying to find out.

Overall, I would say that the support is good.

Which solution did I use previously and why did I switch?

We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro 
Focus ArcSight.

The QRadar setup gave us no issues, and it also works with logs and packets.

LogRhythm fulfills the GDPR compliance.

How was the initial setup?

The initial setup is good, and it is not complex.

The length of time it takes to deploy depends on the type and size of the organization. It takes two to three days to implement this solution, including all of the installation and configuration. Once the company provides the requirements then we implement as per the organizational policy. 

What about the implementation team?

We implement this solution using our in-house team, although if an issue should occur during installation then we can raise a ticket with support. We have had issues with difficult deployments because of the database during installation, which has lead to using the support portal. 

The number of people required for deployment and maintenance depends on how many logs are being integrated. Suppose there are 100 or 200 logs, then 10 people will be sufficient if they focus on deployment and troubleshooting. It also depends on the timeline. If the timeline is longer then five people are enough to complete the implementation.

What's my experience with pricing, setup cost, and licensing?

Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day. 

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM. My preference is using the VM, where they can easily increase the size of storage if necessary.

It is important to remember that ESA takes all of the main memory. The minimum requirement is 96 GB of RAM, and this is very easy to implement on a virtual machine. My advice is to implement ESA using the maximum eligibility criteria. Consider what the hardware requires are in terms of RAM and storage, and use the maximum available for ESA.

This solution has a very good dashboard with a separate tab for incidents and alerts. There is a ticketing tool as well. If the problems with the dashboard are corrected then we will not need to have any other tools. The dashboard is a very important feature for clients.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.
VG
IT Security Head with 1,001-5,000 employees
Real User
Top 5
Has a simple dashboard and you can develop connectors for any application, but it is difficult to set up

Pros and Cons

  • "The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it."
  • "The initial setup is very complex and should be simplified."

What is our primary use case?

The RSA NetWitness Logs and Packets solution was set up as part of the SOC. It is set up on two sides. One is for the Data Center (DC) side, and the other is for the Disaster Recovery (DR) side.

What is most valuable?

The most valuable feature is that we can create our own connectors for any application, and NetWitness provides the training and tools to do it. With some other solutions, creating custom connectors is very costly.

The dashboard is very simple to use.

What needs improvement?

The initial setup is very complex and should be simplified.

We had some trouble integrating with our Check Point firewall.

For how long have I used the solution?

I used RSA NetWitness for a couple of months in my previous company.

What do I think about the stability of the solution?

It was too early to say whether this solution was stable because you need at least a year to determine that. In the initial stages, we were still getting a lot of alerts because there was no time to fine-tune it. Maybe after six or eight months, we would have been able to say whether the product was stable. Just before reaching that point, I left the organization.

What I can say is that for the time I was there, we did not experience any bugs, crashes, or glitches.

What do I think about the scalability of the solution?

This solution is scalable. We had between 20 and 25 users, although, on a daily basis, I would say that 13 to 16 people used it.

How are customer service and technical support?

We did not interact with technical support because we were working with the vendor, and the vendor was working with them.

Which solution did I use previously and why did I switch?

We tried to implement Paladion but we were not about to complete our PoC because of problems.

How was the initial setup?

The initial setup is very complex. It requires having knowledge of what components do and which go where. An example is knowing which component will fetch data and where it goes. This is very difficult for somebody new and a person should have a minimum of one to two years of work experience.

Our deployment of the two solutions and having them work simultaneously took between four and five months.

What about the implementation team?

We have an in-house team, but the vendor gave us support as well. The initial setup was very tough, which is why it took four or five months to implement everything and make sure that it was configured as per our requirements.

There were six people involved in the deployment. Three from the vendor's team and three from my team. They were working day and night to make sure that things worked well.

The number of people required for maintenance depends on the hours of operation. If the business hours are 24/7 for the entire year then two people are required for maintenance.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

My advice for anybody who is implementing this solution is to make sure that the team handling the deployment is skilled. Without support, they will not be able to do it at all.

Also, if somebody wants to make their own connectors then they will need to have a development team. Without knowledge of scripting, it is not possible to make connectors. So, I would say that at an early point there needs to be somebody specialized in the use of this product.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MA
IT and Cybersecurity Professional at a financial services firm
Real User
Top 20
Easy to deploy with powerful threat prediction and network forensics capabilities

Pros and Cons

  • "The most valuable features are the threat prediction and network forensics."
  • "Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

What is our primary use case?

Our primary use case is real-time threat prediction so that we can minimize the person-hours of IT security analysts.

What is most valuable?

The most valuable features are the threat prediction and network forensics. For example, if there is any malware on the network, I am able to see who received it and who clicked on it. I like this functionality the most.

The deployment of the appliance is easy, where even a non-technical person can configure it.

What needs improvement?

The SOAR (security orchestration, automation, and response) component has areas for improvement.

Technical support needs to be improved.

Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM.

Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support.

For how long have I used the solution?

We have been using RSA NetWitness for about 10 years.

What do I think about the stability of the solution?

There are no issues in terms of stability.

What do I think about the scalability of the solution?

This solution is pretty scalable, as I am using the VM infrastructure. It can scale to whatever you need.

How are customer service and technical support?

I am not happy with the RSA support. Sometimes they can be really annoying because it takes so long to get the support that you need.

Which solution did I use previously and why did I switch?

I have used RSA enVision and ArcSight in the past. We migrated from RSA enVision because they had declared the product end-of-life and upgraded to the NetWitness platform.

The Logs component is similar to what other competitors, such as IBM, ArcSight, and LogRhythm have. What distinguishes this solution is the Packets component. It is critical and something that people should make use of.

How was the initial setup?

It is easy to deploy the appliance. Anyone can mount and configure it. There is a simple, pre-built OS that they just need to mount in the VM infrastructure, and that is clearly mentioned in the documentation. It will take two or three days to deploy, at most.

The challenge comes with trying to integrate with third-party application servers. 

What about the implementation team?

We deployed this solution with our in-house team.

The number of people required for maintenance depends on your use case. If you are only using it to maintain the infrastructure then two staff is sufficient. However, if you want to implement a full-fledged SOC then you will need at least four or five people.

What other advice do I have?

My advice for anybody who is implementing this solution is to look at both their endpoints and circuit paths. The two components, Logs and Packets, should definitely both be considered. Even if there is an on-premises SIEM log, they can integrate it.

Overall, I feel that the product is very good and my biggest complaint is about their support.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IO
Solution Specialist- Data Protection at a tech services company with 11-50 employees
Reseller
Top 20
Provides a comprehensive trace investigation with the packet capture feature

Pros and Cons

  • "The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."
  • "There are instances where you try to run the reports and then it does not give you the desired outcome."

What is our primary use case?

The customer that we work with uses it to gather logs from all the devices in their enterprise so that they have that single point of visibility into trace information in the environment.

What is most valuable?

The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs. So, the capture packet also gives you specific insight into what's going on in the network, and it makes your trace investigation much more comprehensive.

The user interface is fine.

What needs improvement?

The reporting aspect could be improved. There are instances where you try to run the reports and then it does not give you the desired outcome. At times, it appears as if the reporting feature might be buggy.

You want to actually follow the trends and see how technology is advancing. I think they've done that with regard to security orchestration, automation, and response. However, I think that they could do better with the automation and response.

For how long have I used the solution?

We have been selling RSA NetWitness Logs and Packets (RSA SIEM) for 18 months now.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

This solution is scalable.

How are customer service and technical support?

Technical support has been quite a challenge. There are instances where you reach out to support, and the initial response is fast. When they get to experience what the problem is, we would expect them to be able to fix it on time, but then, we'd notice that there could be quite a lot of back and forth with customers in trying to get an issue resolved.

This is a situation where you have other solutions plugging into this one, so there are times when the issue being experienced has to do with another solution. So there are problems with accepting responsibility.

In general, I would rate them at 70% on technical support.

How was the initial setup?

I've not been involved in initial setup, but I've seen upgrades. I think it's quite straightforward.

What's my experience with pricing, setup cost, and licensing?

From a pricing perspective, I wouldn't say it's too expensive because recently, they came up with a good plan that would also work for small enterprises.

At the early stage, it was quite appliance-based, but now you have virtual machines that take away the appliance cost for customers. So, price wise, it is fair compared to the cost of other SIEM solutions.

What other advice do I have?

It's a comprehensive SIEM solution. The packet capture feature is one thing that will be very beneficial for all accounts because it gives you that general visibility into what's going on even on your network. It's a great product, and I would rate it at eight on a scale from one to ten. It's way ahead of the others. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
MZ
IT manager at a agriculture with 10,001+ employees
Real User
Top 5
Really scalable for enterprise customers

Pros and Cons

  • "The solution is really scalable for the high-end power, enterprise customer."
  • "The solution should have more integration capabilities with different platforms."

What is our primary use case?

Generally, we use the solution for network forensics. It allows us to do visual data detection and prevention. 

What needs improvement?

The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. 

Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.

For how long have I used the solution?

I have been using RSA NetWitness Logs and Packets (RSA SIEM) for two years.

What do I think about the scalability of the solution?

The solution is really scalable for the high-end power, enterprise customer, but not for the small one.

How are customer service and support?

Mostly, the support is provided remotely and has proven to be good. It was good at the time when we made use of it. I have no idea whether they improved their support over the course of the last year. Previously, our country did not have certified resources, although the first-level of support was available through their local partners, as well as paying-level support, which was handled remotely through India or Singapore. 

How was the initial setup?

Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities. 

If one goes the intelligent route, installation should take at least four to five hours. 

What about the implementation team?

There were at least two people involved in the deployment and maintenance. From an operational perspective, there is a need for at least three people, since type one, two and three analysts are involved. Two people are sufficient for the installation, though. 

What's my experience with pricing, setup cost, and licensing?

There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual. 

Which other solutions did I evaluate?

Integration is exceedingly minimal, since its project development is much easier than that of LogRythm or IBM. This means that the solution is significantly more flexible for the customer and requires less training.

What other advice do I have?

I would definitely recommend this solution to others, but not to small-sized customers. The solution is one of the best for enterprise customers exceeding 10,000 or 2,000 EPS. 

I rate RSA NetWitness Logs and Packets (RSA SIEM) as a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MA
Information Securuty Analyst at a tech services company with 11-50 employees
Real User
Top 20
Good performance, reporting, and log archiving capability

Pros and Cons

  • "Performance and reporting are very good."
  • "The user interface is a little bit difficult for new users and it needs to be improved."

What is our primary use case?

I am currently working in a security operations center and RSA NetWitness Log and Packets is part of our security solution. We use it for log management and anomaly identification. It is used for compliance as well because it has a log archiving capability that will span at least a couple of years.

We are also using it to facilitate monitoring and research.

What is most valuable?

Performance and reporting are very good. 

What needs improvement?

The user interface is a little bit difficult for new users and it needs to be improved.

It takes a lot of time to register when compared to other solutions.

For how long have I used the solution?

I have been using this solution for about one year, although it has been in the company for a couple of years.

What do I think about the stability of the solution?

We did have some issues before our upgrade from version 10.6., although they were not major. Since the upgrade, I have noticed that some of these things have gotten better.

I would say that this is a stable solution, although there are some minor issues that need to be settled. Currently, they are being investigated.

What do I think about the scalability of the solution?

We have never had issues with scalability. We can reduce the usage as per our requirement and we increased our capacity in 2019. We are planning to further increase, either this year or next year. Scalability overall is quite easy.

How are customer service and technical support?

When we started finding problems, we got in touch with technical support and opened tickets. They worked with us to resolve them. I would rate them good, although not great. At times, I felt that they were being really short with me.

How was the initial setup?

I was not part of the initial setup but my understanding is that there were no issues and everything was good. I was part of the upgrade from version 10.6 to 11.3 and it was smooth, with no major issues.

What about the implementation team?

The deployment was done by my manager a couple of years ago.

What other advice do I have?

My advice to anybody who is considering this solution is that it is a relatively good program, but you want to take some time to get used to it. Once it is deployed and you are used to it, you can do whatever you want. Orchestration is another element that is there.

I would recommend this solution for large organizations that need to be compliant with these types of things. My main complaint is about the user interface.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Seakr Dg
Security Operations Manager at a computer software company with 1,001-5,000 employees
Real User
Reliable, straightforward installation, but lacking multi-tenant capabilities

Pros and Cons

  • "The newer 11.5 version that my team is using has found it to have good mapping."
  • "The multi-tenant capabilities are lagging compared to IBM QRadar."

What is our primary use case?

We have two customers using this solution and one of them is a banking business. We are collecting some of the security log sources. In the main use case, we are correlating rules and we are using the endpoint detection capabilities. We are utilizing RSA NetWitness Logs and Packets, to have more insights on an endpoint level.

What is most valuable?

The newer 11.5 version that my team is using has found it to have good mapping.

What needs improvement?

The multi-tenant capabilities are lagging compared to IBM QRadar.

We want the OEM to support us when we add a partner. They have to come forward and be ready to give a POC to the customer. For example, if we are identifying any customer, and the customer wants to see the POC but at that time we do not have that resource to showcase the POC or the environment. At this time the OEM should come forward and showcase the POC to the customer. Once the customer is satisfied, we will be gaining the business, as a win-win situation.

For how long have I used the solution?

I have been using RSA NetWitness Logs and Packets (RSA SIEM) for approximately two years.

What do I think about the stability of the solution?

The solution is reliable.

What do I think about the scalability of the solution?

I have not tried to expand the solution.

How are customer service and support?

The technical support is responsive. Professional service when it is required is expensive. I wasn't able to compare with other professional services, because we have only one tool we are using at the moment. I am not able to tell you how much other OEM professional services cost. We have heard from the support that it is expensive.

Which solution did I use previously and why did I switch?

I have previously used IBM QRadar.

How was the initial setup?

The installation is somewhat straightforward. For example, if they want a UBA or SOAR type of platform, then I don't have experience in integrating or installing the SOAR or UPA. If that kind of opportunity comes or a customer requests it, then we have to see. As it is now, RSA NetWitness Logs and Packets (RSA SIEM) installation is straightforward.

What's my experience with pricing, setup cost, and licensing?

We are on an annual license for the use of the solution.

What other advice do I have?

I would recommend version 11.5, it looks good. However, we are looking for an alternative solution.

I rate RSA NetWitness Logs and Packets (RSA SIEM) version 11.4 a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free RSA NetWitness Logs and Packets (RSA SIEM) Report and get advice and tips from experienced pros sharing their opinions.