SIEM - Security Information and Event Management

RSA NetWitness® Platform

The RSA NetWitness Platform is an evolved SIEM and threat detection and response solution that allows security teams to rapidly detect and respond to any threat, anywhere.

  • Serves as a single, unified platform for all your security data
  • Features an advanced analyst workbench for triaging alerts and incidents
  • Orchestrates security operations programs end to end

RSA NetWitness Platform evolved SIEM - the centerpiece of an intelligent SOC

What is an Evolved SIEM?

Security information and event management (SIEM) tools were originally intended for compliance and log management. Over time, as SIEM tools became the aggregation point for security alerts, organizations began using them to detect and investigate attacks—but with limited success. Log-centric SIEMs make it difficult to detect and investigate today’s complex threats in a timely manner because they don’t provide full visibility across an enterprise.

In contrast, the RSA NetWitness Platform evolved SIEM accelerates threat detection and response by providing unparalleled visibility to see threats anywhere—on endpoints, across the network, in the cloud and virtual environments. In addition, it combines essential business context with automation and machine learning capabilities to help pinpoint and respond definitively to the threats that matter most.

Limits of Log-Centric SIEM Tools

Featured Resources


11 Reasons to Love RSA NetWitness 11.x

RSA NetWitness 11.x provides several significant enhancements and new functionality to address customers' needs. Take a look at eleven reasons to love RSA NetWitness 11.x.

Learn More


7 Building Blocks of Better Threat Visibility

Download this guide to find out which sources and types of data are essential to identifying advanced threats, and how improved visibility can ease your biggest threat detection challenges.

Learn More



Real-Time Data Enrichment

Enriches data in real time, at capture time, with threat intelligence and business context, making security data much more useful for analysts during investigations.


Extensive Metadata

Uses specialized algorithms to automatically extract threat-relevant metadata from disparate sources into more than 200 metadata fields.


Multifaceted Analytics

Identifies threats from various analytics vectors including rules, threat intelligence, malware analysis, and user and entity behavior analytics (UEBA) to provide sophisticated threat detection.


Session Replay

Capable of replaying entire suspect sessions (Web, FTP, email, etc.) as well as providing a view of exactly what data was exfiltrated in an attack.


Complete Incident Management

The new RSA NetWitness Orchestrator delivers complete incident management, innovative interactive investigations, a machine learning-powered Chatbot, and full playbook automation.

icon-flexible-customizable -deployment-blue-80px

Flexible Deployment Options

Deploys as a single appliance or dozens, partially or fully virtualized, on premises or in the cloud.



Security-Business Alignment

Incorporates contextual information about your business to help prioritize alerts and drive a response aligned with your organization’s strategic goals.


Unmatched Visibility

Collects data across more capture points (logs, packet, netflow and endpoint), computing platforms (physical, virtual and cloud) and threat intelligence sources than other SIEM solutions.


Advanced Threat Detection

Applies a unique combination of behavioral analysis, data science techniques and threat intelligence to detect known and unknown attacks in a fraction of the time of other platforms.


Definitive Response

Connects incidents over time to expose the full scope of an attack and provides analysts with orchestration and automation capabilities to eradicate threats before business impact.

The RSA NetWitness Platform evolved SIEM is a comprehensive threat detection and response solution that leverages the following data sources to help your security team stay on top of today’s sophisticated cyber threats.

Log Management

RSA NetWitness Logs

Learn More

Endpoint Security

RSA NetWitness Endpoint

Learn More

User and Entity Behavior Analytics

RSA NetWitness UEBA Essentials

Learn More


Solution Briefs

  • RSA NetWitness Platform Learn how the RSA NetWitness Platform can help you address cloud security and today’s sophisticated cyber threats, all while enhancing your analysts’ efficiency and effectiveness.
  • RSA NetWitness Evolved SIEM Why traditional SIEM technolgy isn't enough for modern security environments, and how an evolved SIEM can accelerate threat detection and response.


  • RSA NetWitness Platform On-Demand Demo Video Learn how the RSA NetWitness Platform can help you detect and defend against a phishing attack by leveraging logs, packets, endpoint data and threat intelligence in this demo video.

Data Sheets

  • RSA NetWitness Logs & Network Data Sheet Get the details on the features and benefits that differentiate RSA NetWitness Logs from other log management and monitoring solutions.
  • RSA NetWitness Endpoint Explore what distinguishes RSA NetWitness Endpoint from traditional endpoint security and endpoint detection and response tools.
  • RSA NetWitness Orchestrator Find out how RSA NetWitness Orchestrator can make your security operations center more efficient and effective.
  • Enhanced Analyst Visibility Find out how the RSA NetWitness Platform enhances security analysts’ visibility across logs, network and endpoints to improve threat detection and response.




White Papers

Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.