Sold by: NetWitness
Deployed on AWS
NetWitness Platform is a comprehensive threat detection, investigation, and response platform featuring threat intelligence, advanced analytics, and deep investigation capabilities. Use cases include incident response, forensics, and compliance. Features 400+ pre-built integrations.
4
Overview
NetWitness Platform delivers uncompromised threat detection, investigation, and response, across network, logs, and endpoint, whether deployed on-premises, in the cloud, or hybrid.
The NetWitness Platform allows security analysts to prioritize, respond, reconstruct, survey, investigate and confirm information about threats in their environment and take the appropriate response, optimizing their security posture and protecting against the impacts of attacks.
Core platform modules include network detection and response (NDR), security information and event management (SIEM) and endpoint detection and response (EDR). Additional modules are available for UEBA, SOAR, and asset analytics to reduce the attack surface. NetWitness features market-leading SASE integrations (both packets and logs), and over 400 integrations with general-purpose and industry-specific security tools, with the ability to instantly parse new sources. NetWitness Platform is utilized continuously in the field by NetWitness Incident Response/Cyber Defense Services, where new detections and methods cycle back into product development.
Please contact NetWitness before purchasing at aws@netwitness.com . Our account team will provide an AWS Marketplace Private Offer with the correct product mix, quantities, and applicable discounts.
Highlights
- Comprehensive threat detection, investigation, and response across network, logs, and endpoint, whether deployed on-premises, cloud, or hybrid
- Security automation including AI, ML, and UEBA, with business intelligence including asset discovery and prioritization, with professional Incident Response and Cyber Defense Services to supplement your SOC staff on demand
- Out-of-the box value with over 400 pre-built integrations for general-purpose and industry-specifice security tools, plus the ability to instantly parse new sources, custom SASE integrations (packets AND logs) to secure remote workforces.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 8.10
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NDR | NetWitness Network – Per TB/day | $27,000.00 |
SIEM | NetWitness Logs – Per GB/day | $27,000.00 |
EDR | NetWitness Endpoint – Per Endpoint Subscription (100) | $7,900.00 |
Vendor refund policy
We do not currently support refunds, but you can cancel at any time.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Netwitness Platform 12.5
Additional details
Usage instructions
To connect to the operating system, use SSH and the username ec2-user. All application controls are available via the command line by typing "commands /help".
Resources
Support
Vendor support
Please allow 24 hours
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
The NetWitness Incident Response and Cyber Defense Services help organization implement a holistic security program for targeted attack defense—across the three interrelated areas of expertise (including organizational model), processes and technology—with a particular emphasis on their threat detection and response programs.
Customer reviews
Information Services
All-in-One Security Console for Centralized Threat Hunting
Reviewed on Feb 19, 2026
Review provided by G2
What do you like best about the product?
It combines NDR, SIEM, UEBA, and SOAR capabilities into a single console. This convergence helps eliminate tool sprawl and provides a centralized view for threat hunting across network, endpoint, and cloud data .
What do you dislike about the product?
Initial deployment is complex, often requiring significant expertise . Upgrades are particularly tricky, with some users reporting instability during version migrations .
What problems is the product solving and how is that benefiting you?
The problem is that the Security teams often juggle 10-15 different tools (NDR, SIEM, UEBA, etc.), leading to context switching, high costs, and analyst fatigue.
The Solution & Benefit that this platform provides is it converges Network Detection, Log Management (SIEM), User Behavior Analytics, and Orchestration into a single platform with a unified interface.
The Solution & Benefit that this platform provides is it converges Network Detection, Log Management (SIEM), User Behavior Analytics, and Orchestration into a single platform with a unified interface.
pushpendra Y.
A Powerhouse in Endpoint, Network, and SIEM Integration.
Reviewed on Aug 11, 2025
Review provided by G2
What do you like best about the product?
Users love the platform’s ability to capture full network packets and replay sessions, which is invaluable for deep forensic investigation.
What do you dislike about the product?
Complex initial setup and deployment, often requiring significant technical expertise.
What problems is the product solving and how is that benefiting you?
Threats are increasingly complex, evasive, and distributed, traditional log-centric tools often miss subtle indicators.
Luis Agapito
Deployment flexibility and robust integration enhance reporting and analytics capabilities in financial industry
Reviewed on Mar 21, 2025
Review provided by PeerSpot
What is our primary use case?
I use NetWitness Platform in the financial industry as a good product with excellent capabilities and integration with various devices.
What is most valuable?
NetWitness Platform offers flexibility for deployment and robust integration capabilities. It excels in research events, analytics data, and reporting. It is particularly beneficial for reporting purposes, offering efficient solutions.
What needs improvement?
There is currently no need for improvement in the SIEM , though there could be potential enhancements by integrating with AI.
How are customer service and support?
The support is good, and I would rate it nine out of ten.
Which solution did I use previously and why did I switch?
How was the initial setup?
The initial setup was not complex. On a scale of zero to ten, where ten is the easiest, I would rate it seven or eight.
What was our ROI?
The solution is efficient, though I do not provide specific ROI details.
What's my experience with pricing, setup cost, and licensing?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
Which other solutions did I evaluate?
What other advice do I have?
I would rate the SIEM eight out of ten.
Andrew S.
Threat hunting playform
Reviewed on Nov 16, 2024
Review provided by G2
What do you like best about the product?
Netwitness siem solution is a great tool for threat hunting
What do you dislike about the product?
Api integration needs to be enhancement for soc
What problems is the product solving and how is that benefiting you?
API integration
reviewer1130436
Helps to deal with potential attacks and is available at a reasonable price
Reviewed on Mar 14, 2024
Review provided by PeerSpot
What is our primary use case?
I use the solution in my company for packets mainly and log analytics.
What is most valuable?
I don't really see any valuable features in the product. I feel that it is time to move away from NetWitness Platform. All SIEM tools have to deal with advanced use cases, and many of them are getting upgrades, but this is not the case with NetWitness Platform. NetWitness Platform has remained the same for almost four to five years. The support and RMAs offered by the product in our region have also become very bad.
What needs improvement?
From an improvement perspective, the NetWitness Platform needs to release new features and improve in areas like log correlation. The tool needs to have easier integrations with the cloud. Building a parser should be made easier in the tool.
The tool needs to have easier integrations. The tool needs to have the extra log-related suggestions. The platform and UI should be easier to use.
For how long have I used the solution?
I have been using NetWitness Platform for eight years. My company is a customer of the tool.
How are customer service and support?
I rate the technical support a six out of ten.
How was the initial setup?
The product's initial setup phase was not at all difficult. The tool's upgrades and moving from old hardware to new hardware are difficult and time-consuming. If you have any hardware failures, as per the RMA offered by the tool, it takes a very long time to get some after-service. The product has not been working well in my region recently.
What's my experience with pricing, setup cost, and licensing?
The product price was reasonable for my region and the market.
Which other solutions did I evaluate?
My company has a hybrid environment. I have looked at other products like Splunk and Sentinel. I am still looking around for other solutions in the market. In my company, we are having discussions to move to some other solution.
What other advice do I have?
My company has had many benefits from the use of the product in the last eight years.
The tool has streamlined our company's incident response process since it serves as a log repository, which allows us to correlate events and access different technology stacks. In our company, we were able to actually find some potential attacks, so it has been very helpful.
The tool's integration capability isn't so great. In my company, we managed to integrate it with our Microsoft Azure Subscription, after which we managed to integrate it with other tools. You will face a lot of difficulties if you want to integrate it with your database monitoring tool, PAM solutions, or IAM products.
The product has done well overall for my company's teams to deal with their workflow efficiency.
I would not recommend the product to others.
I rate the tool a seven out of ten.