We just raised a $30M Series A: Read our story
2018-12-25T09:42:00Z

What needs improvement with RSA NetWitness Logs and Packets (RSA SIEM)?

45

Please share with the community what you think needs improvement with RSA NetWitness Logs and Packets (RSA SIEM).

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1414 Answers

author avatar
Top 5LeaderboardReal User

I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's very costly.

2021-05-19T19:23:40Z
author avatar
Top 20Real User

More customizability is required, which is something that they need to improve on. When it comes to starting a log event, there are not many options available. It is very limited. The log and event correlation need improvement. The threat detection capability should be enhanced.

2020-10-30T14:43:26Z
author avatar
Top 20Real User

Security needs improvement. We would still like to know how the traffic is entering the organization. We can find out but it will take time before we know, leaving the organization vulnerable for attack. There is no SIEM tool in the world that can provide 100% security.

2020-07-26T08:19:19Z
author avatar
Top 5Real User

It is not so easy to customize this product. This product would be improved with the addition of machine learning functionality.

2020-07-16T06:21:05Z
author avatar
Top 20Real User

The SOAR (security orchestration, automation, and response) component has areas for improvement. Technical support needs to be improved. Integration with third-party products for industries such as the banking sector, or telecommunications, presents challenges that require help from the OEM. Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support.

2020-06-18T05:17:44Z
author avatar
Top 20Real User

The user interface is a little bit difficult for new users and it needs to be improved. It takes a lot of time to register when compared to other solutions.

2020-03-19T13:00:53Z
author avatar
Top 5Real User

The initial setup is very complex and should be simplified. We had some trouble integrating with our Check Point firewall.

2020-01-19T06:38:00Z
author avatar
Top 5Real User

The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly. I may see it differently than other people. I would like to see a little question mark beside each button that you can click and find out what that button is for. It would make it much easier for people who are new to the solution. Like a pop-up appearing when hovering over the question mark, attached to each main action and split into branches.

2020-01-12T07:22:00Z
author avatar
Top 5Real User

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to ArcSight or QRadar, this is a problem.

2020-01-09T06:15:00Z
author avatar
Real User

The web interface needs improvement because right now they have problems combining an older interface with a newer interface. They're in the middle of the process of combining the old and the new one. It sometimes confuses the user and sometimes you are not able to find the necessary information. You need to click the information and that is something that should be improved. The data isn't a problem but you need to get used to it. You need to know where to click in order to get the results. Otherwise, you can encounter some problems. I would be very happy if they would fix all the issues from 11.3 to the 11.4 version to have more advantages from the UEBA because the UEBA we have implemented will be the longest. If they will fully integrate the UEBA with the network data, this could be a very huge advantage and impact on the market. Right now, you have a solution like Darktrace which has the same capabilities as RSA NetWitness so NetWitness should implement the same things. They have UEBA, they have data. They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams.

2019-08-25T05:17:00Z
author avatar
Real User

The solution would be greatly improved by unifying the management to one configuration option. One of the problems the system had is that you always have to choose the managed host. For example, if you want to write a rule, you have to duplicate it across your managed hosts. It should have centralized management. If you want to make a change then it should be configured automatically, so that you don't need to go one by one, changing it. That is really annoying. Another problem is that the EPL (Event Processing Language) is not properly explained, and the expert could not even use it when they came to our site. It was causing the system to crash, so they should really consider using something else. The system looks like it is a mix of a bunch of different systems, and nothing looked like it was quite together. I think that it could be better integrated, and it would be great for new customers or even existing customers.

2019-05-22T07:18:00Z
author avatar
Real User

I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex.

2019-03-11T07:21:00Z
author avatar
Real User

I would like for them to incorporate IPS. Only the monitoring detects abnormal behavior so we'd like to see IPS. I would like to see a dashboard include PAM so that it's a one-stop shop.

2019-02-11T08:11:00Z
author avatar
Real User

The implementation needs assistance.

2018-12-25T09:42:00Z
Learn what your peers think about RSA NetWitness Logs and Packets (RSA SIEM). Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,136 professionals have used our research since 2012.