RSA Netwitness® Logs & Packets

If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint and NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at RSA NetWitness Logs & Packets.

Traditional Network Monitoring Tools are Insufficient  Only 15% of organizations are confident in the accuracy of their network monitoring tools

Featured Resources

Data Sheet

RSA NetWitness® Logs and Packets

Security teams need to evolve to stay in front of attackers and the latest threats, but in recent years this has become much more difficult. Attackers continue to advance and use sophisticated techniques to infiltrate organizations. Attackers spend significant resources performing reconnaissance to learn about organizations and develop techniques specifically designed to bypass security tools being used.

Get the Data Sheet


RSA NetWitness® Logs and Packets: Latest Capabilities

This brief demo video provides an overview of RSA NetWitness Logs and Packets’ latest capabilities.

Watch the Screencast



Real-Time and Historical Analysis

Collects and examines multiple pieces of data in real time and over extended periods of time, detects deviations from normal behavior, and creates a probability-weighted risk score for alerts based on these results.


Flexible, Scalable Architecture

Consists of three components which can be deployed virtually, on premise, in the cloud (AWS and AZURE) or using a hybrid approach: The capture infrastructure, which consists of a highly configurable Decoder that captures and stores raw log and packet data; a Concentrator that stores and indexes metadata for fast queries and retrieving raw data; and a broker that facilitates queries across a multisite deployment of Concentrators and Decoders. The Event Stream Analysis (ESA) module is a powerful analytics and alerting engine that enables correlation across multiple event types. Archivers manage long-term data storage.


No Stone Unturned

Inspects every network, packet session and log event for threat indicators at time of collection and enriches this data with threat intelligence and business context.


Identifies Advanced Threats

Looks for a myriad of behavioral indicators to identify attacks that evade signature- and rules-based monitoring tools.


Multiple Use Cases

Integrated platform which provides advanced cyber threat detection, incident forensics, breach response, compliance reporting and basic security monitoring.


Organizations can deploy RSA NetWitness Logs & Packets across diverse network typologies and geographies, and scale it according to their data capture and performance requirements.

Recreates full sessions (web browsing, FTP, email, etc.) so that analysts can literally see what happened during an attack (including what was stolen during an exfiltration) and identify root causes.

​Automated behavior analytics provides insight into attacker tactics, techniques and procedures as they execute their attacks. Detect Command and Control (C2) lateral movement for logs and packets.

Accelerate investigations with breath of visibility across logs and packets and depth of threat analytics.

Improve investigation and threat prioritization with security, risk and business context.

"RSA NetWitness allows us to take proactive steps in protecting our customers’ data before anything happens. It has helped us reduce our response times dramatically. We’re now able to provide our product managers, our product teams and management teams with much better answers in a much shorter period of time."
Kevin Young
Manager of Security Operations Group



Data Sheet

Advanced Threat Detection and Response with RSA NetWitness® Logs and Packets

Security tools create so much data that it's tough to uncover the signal of a real attack. Behavior analytics tools help make sense of the vast amount of data that these systems generate.

Learn More

Solution Brief

RSA NetWitness Suite Solution Brief

Find out how RSA NetWitness Suite provides pervasive visibility across a modern IT infrastructure, enabling better and faster detection, investigation and response to security incidents.

Learn More

Data Sheet

  • RSA NetWitness® Logs and Packets Security teams need to evolve to stay in front of attackers and the latest threats, but in recent years this has become much more difficult. Attackers continue to advance and use sophisticated techniques to infiltrate organizations. Attackers spend significant resources performing reconnaissance to learn about organizations and develop techniques specifically designed to bypass the security tools being used.
  • RSA Incident Response Services Early detection and rapid response are amongst the most critical capabilities for targeted attack remediation. Media reports indicate that well resourced adversaries consistently bypass sophisticated organizational defenses. The issue is less about being able to keep the bad guys out. It’s more about detecting them as soon as they are in. Once detected, rapid response is needed to mitigate broader compromise and prevent them from achieving their objectives. RSA’s Advanced Cyber Defense (ACD) services for Incident Response enable organizations to prepare for security incidents without having to accept the inevitability of loss.
  • RSA NetWitness® Logs and Packets: Overview of Capabilities for the Public Sector Overview of analytics and visibility capabilities that RSA NetWitness Logs and Packets provides public sector customers.
  • Business-Driven Security - RSA NetWitness Threat Detection & Response Business-Driven Security is an important evolution in the way organizations think about protecting their IT infrastructure. But how can you bridge the security gap driven by rapid changes inside and outside an organization? Learn how the RSA NetWitness® Suite and the RSA® Business-Driven Security™ approach make your security teams and cyber risk management infrastructure more effective.



Use Case

  • Remote Access: Webshells A WebShell is a piece of code or a script running on a server that enables remote administration. While often used for legitimate administration purposes, it is also a favorite tactic used by malicious actors in order to gain remote control of internet-facing web servers. Once interaction with a WebShell is established, an attacker is free to act on any number of objectives such as service disruption, increasing foothold, and data exfiltration.


  • Logs Are Just One Piece of the Puzzle Relying on logs alone is no longer enough to protect organizations from advanced threats. In order to detect and investigate advanced threats you need a platform that can correlate security data across logs, packets and endpoints with real-time behavior analytic capabilities to speed detection and response.


White Papers

  • RSA NetWitness Suite Extends Security Technology to the Cloud Explore the challenges associated with extending into the cloud the visibility required to successfully protect an organization’s data. Find out how RSA NetWitness Suite is built to address these challenges.
  • Inside the Response to a Unique Carbanak Intrusion Learn how the threat actor group Carbanak (also known as FIN7) gained access to one organization’s systems in early 2017 and how the RSA incident response team contained and remediated the attack in a matter of days.
  • Closing the Skills Gap with Analytics and Machine Learning Explore multiple approaches for tripling the impact of your existing security team.
  • RSA NetWitness - It’s About Time Accelerating Threat Detection and Response All the technology that security leaders have put in place over the years has had the cumulative effect of making it harder for their teams to detect and respond to the highest priority threats. The “new threat, new box” approach has created more alerts than any security team can realistically handle and has made it infinitely harder for analysts to see the big picture. It’s possible to improve—and even accelerate—your organization’s threat detection and response capabilities, in spite of the mess and without having to hire an army of threat hunters. To find out how, check out our three-page brief, It’s About Time: Accelerating Threat Detection and Response.

Want a Demo?

Sign up for a free demo today and watch our products in action.

Ready to Buy?

It's easy. Speak with an RSA expert anytime to request a quote.