Elastic Security vs. Wazuh Report From PeerSpot 2023-07-02 1nqd

Elastic Security
vs
Wazuh
Buyer's Guide &

Reviews
July 2023
Elastic Security and Wazuh
Get a custom version of this report...personalized for you!

Thanks for downloading this PeerSpot report.
Note that this is a generic report based on reviews and opinions from the entire PeerSpot
community. We offer a customized report personalized for you based on:
• Your industry
• Company size
• Which solutions you're already considering
It includes recommendations for you based on what other people like you are researching and
using.
It takes 2-3 minutes to get the report using our shortlist builder wizard. We recommend it!
Get your personalized report here.
2
Contents
Advice From Real Users 4-9
Top Review by Topic of Elastic Security and Wazuh 10-11
Overview 12
Reviews From Real Users 13-15
Reviews By Users Who Have Researched Both Solutions 16-24
Vendor Directory 25
Vendor Directory 27
Top Log Management Vendors 29-30
Top Security Information and Event Management (SIEM) Vendors 32-33
Top Log Management 5 Solutions by Ranking Factor 34
Top Security Information and Event Management (SIEM) 5 Solutions by Ranking Factor 35
About This Report and PeerSpot 36
© 2023 PeerSpot
To read more reviews please visit https://www.peerspot.com/products/comparisons/elastic-security_vs_wazuh?tid=pdf_comp_32323-36166
3
Advice From Real Users
Elastic Security
PROS
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect
errors in every log message you are searching for, basically." [Full Review]
Rouissi Iheb
"We like Elastic Security because it's a REST API-based solution." "That's the primary reason we use it." [Full Review]
Sudeera
Mudugamu
wa
"Elastic Security is a highly flexible platform that can be implemented anywhere." [Full Review]
Anouar
Moujane
"I like that it's a SIEM platform." "I like that I can sell Elastic Security quickly." "Elastic Security has a large community that can
support users." [Full Review]
Hamada
Elewa
"The most valuable thing is that this solution is widely used for work management and research." "It's easy to jump into the
security use case with the same technology." [Full Review]
Rudolf
Janousek
"It's very customizable, which is quite helpful." [Full Review]
Nikhil Kumar
"I can look at events from more than one source across multiple different locations and find patterns or anomalies." "The
machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding
after something has gone wrong." [Full Review]
Matthew
DeGrandis
© 2023 PeerSpot
4
Elastic Security
CONS
"There is an area of improvement in the Logs list." "The load list may need to be paginated as there are limits." [Full Review]
Rouissi Iheb
"I would like more ways to manage permissions and restrict access to certain users." [Full Review]
Sudeera
Mudugamu
wa
"The setup process is complex." "You need a solid working knowledge of networking, operating systems, and a little
programming." [Full Review]
Anouar
Moujane
"It would be better if Elastic Security had less storage for data." "My customers do not like this." "Other vendors have local
support in different countries, but Elastic Security doesn't." "I would like to have Operational Technology (OT) security in the
next release." [Full Review]
Hamada
Elewa
"In terms of improvement, there could be more automation in responding to and evaluating detections." [Full Review]
Rudolf
Janousek
"We'd like better premium support." [Full Review]
Nikhil Kumar
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment." "There are
some costs associated with logging things that don't have value." "So you need to be cautious to only log things that make
sense and keep them around for as long as you need." "You shouldn't hold onto things just because you think you might need
Matthew them." [Full Review]
DeGrandis
© 2023 PeerSpot
5
Elastic Security
PRICING AND LICENSING ADVICE
"The price is reasonable." "It probably costs the same as ArcSight and LogRhythm SIEM." "FortiSIEM might cost less than Elastic
Security." "There are no hidden or additional costs." [Full Review]
Hamada
Elewa
"The licensing cost of Elastic Security is based on the daily ingestion rate." "I can't recall the exact figure, but for 10GB of log
action daily, it would cost around $20,000." [Full Review]
PH Chiu
"When compared to other products, the price is average or on the low side." [Full Review]
Maria Foss
"Affordable but with additional costs" [Full Review]
Rubén
García
"I find it better than Splunk in terms of cost-effectiveness." "For cost-effectiveness, I would rate it a nine out of 10." [Full Review]
Karthikeyan
Srinivasan
© 2023 PeerSpot
6
Wazuh
PROS
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering
behaviors." [Full Review]
Muhammad
Muaaz Bin
Zaka
"It is a stable solution." [Full Review]
Youssef EL
AZZOUZI
"If they support a solution, it is easy to do an integration." [Full Review]
Robert
Cheruiyot
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs." "Inventory
is probably the most important feature." "It tells us when processes and packages were installed and what they are, which is
helpful." [Full Review]
Pathick
Kerketta
"Wazuh offers an enhanced HDR version that outperforms its competitors." [Full Review]
Akash
Majumder
"It's stable." [Full Review]
Ali Ahangari
"Good for monitoring, active response, and for vulnerabilities." [Full Review]
Rizwan Alam
© 2023 PeerSpot
7
Wazuh
CONS
"The only challenge we faced with Wazuh was the lack of direct support." [Full Review]
Muhammad
Muaaz Bin
Zaka
"Its configuration process is time-consuming." [Full Review]
Youssef EL
AZZOUZI
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux." [Full Review]
Robert
Cheruiyot
"Integration with Vyara could be better." [Full Review]
Pathick
Kerketta
"While it is scalable, it can suffer from reduced latencies." [Full Review]
Akash
Majumder
"The deployment is a bit complex." [Full Review]
Ali Ahangari
"A lack of certain features creates limitations." [Full Review]
Rizwan Alam
© 2023 PeerSpot
8
Wazuh
PRICING AND LICENSING ADVICE
"It is a free-of-cost solution." [Full Review]
Youssef EL
AZZOUZI
"Wazuh is free and open source." [Full Review]
Pathick
Kerketta
"The current pricing is open source." [Full Review]
Shubham
Kumar
"Wazuh has a community edition, and I was using that." "It's free and open source." [Full Review]
Dr. Sushan
Banerjee
"Wazuh is totally free and open source." "There are no licensing costs, only support costs if you need them." [Full Review]
Shaamil
Ashraff
"Wazuh is open-source, therefore it is free." "You can purchase support for $1,000 a year." [Full Review]
Wajih Ul
Hasan
"Wazuh is open-source, but you must consider the total cost of ownership." "It may be free to acquire, but you spend a lot of
time and effort supporting the product and getting it to a point where it's useful." [Full Review]
Gary Starling
© 2023 PeerSpot
9
Top Reviews by Topic

Elastic Security Wazuh
VALUABLE
FEATURES Rudolf Janousek Muhammad Muaaz Bin Zaka
The important part is that it's free of charge usage. The most valuable features include file integrity
For our use case, it's enough, and it's for a good monitoring, Wazuh engines, Wazuh rulesets
cost because the basic level of the solution is free. (including rulesets for Apache and firewall routers),
[Full Review] and vulnerability detection. [Full Review]
Kathleen Fishman Vikrant Puranik
We really like that it integrates into the overall ELK Wazuh's logging features integrate seamlessly
Stack, and we're using that as our theme. We were with AWS cloud-native services. There are also
looking for a product compatible with that. We like Wazuh agent configurations for different use
the detailed investigation features of the platform cases, like vulnerability scanning, host-based
as you're able to get a lot of detail as to what's intrusion detection, and file integrity monitoring.
going on on the host when you do investigations. [Full Review]
We like the quarantine feature. We chose the
product based on the ability to scan for malware
using a malware behavioral model as opposed to
just a traditional hash-based antivirus. Therefore...
[Full Review] Akash Majumder
There are three key strengths of Wazuh that stand

Haitham AL-Sarmi out to me. Firstly, Wazuh offers an enhanced HDR
version that outperforms the Elastic Stack. Wazuh
has achieved this by running a config or a sec in
the background, which has improved the XBR for
Overall, the solution is good. The machine endpoint security significantly. Secondly, Wazuh
learning aspect of the solution has been great. comes with built-in frameworks, such as the NISC
The deployment is not that complicated. ELK is and ISO, that make it easy to comply with various
open-source, and it will give you the framework industry standards. We didn't need to configure
you need to build everything from scratch. [Full any custom frameworks for this, as Wazuh had it
Review] built in. ... [Full Review]
© 2023 PeerSpot
10
Top Reviews by Topic

Elastic Security Wazuh
ROOM FOR
IMPROVEMENT Rudolf Janousek Muhammad Muaaz Bin Zaka
In terms of improvement, there could be more There is room for improvement in Wazuh, but it's
automation in responding to and evaluating possible they are already working on it. The only
detections. Additionally, there could be some sort challenge we faced with Wazuh was the lack of
of intelligent database checking for better effects. direct support. They charge for support, whether
Overall, I think there could be more automation. it's five days a week or seven days a week. We
[Full Review] don't expect it to be free because revenue is
generated through the support they provide. In
future releases, I would like to see a feature.
There is one feature we observed in a premium
tool in the industry called Dynatrace. It provides
Kathleen Fishman automatic relations b... [Full Review]
It's a pretty solid product. It's pretty easy to use as

it's not a full endpoint protection suite. We're Vikrant Puranik
actually dependent on using Windows Defender
for a firewall and traditional antivirus when it's
required. It could use maybe a little more on the
Linux side. Now that the product line is getting Scalability is a constraint in the on-prem version of
picked up by Elastic, they're going to continue to Wazuh in terms of the volume of logs we can
build out and make the Linux feature set more manage. There are some minor glitches, but that's
robust. However, I would say that right now the part of every tool, and they usually get addressed
Linux feature set is a little limited. [Full Review] in subsequent updates. I would like to see more
Kubernetes security and log integrations. That will
be one of the good things. Wazuh supports AWS
or GCP cloud-native service integration, but it
would be great if they added support for
Haitham AL-Sarmi Kubernetes security and AWS or Azure-managed
Kubernetes solutions. [Full Review]
The SIEM modules in Logstash, need more

improvement. In the future, the modules could be
more advanced as right now there are only very Akash Majumder
basic modules. We are facing an issue with the
engineers. In the region, there are not many
available. Only a few people might be available in
our particular region, which is a problem. There One area where Wazuh could be improved is
isn't really a very good user experience. You need scalability. While it is scalable, it can suffer from
a lot of training. There is an interface with limited reduced latencies. In the next release, I would like
options. You need to work with the coding and to see a more seamless combination of a SIEM
you need to work with... [Full Review] system. However, the current SIEM system can be
noisy at times, resulting in false positives instead
of true positives. In comparison, Splunk has been
able to reduce the number of false positives in its
system. [Full Review]
© 2023 PeerSpot
11
Overview
SOLUTION Elastic Security Wazuh
OVERVIEW Unify SIEM, endpoint security, and cloud Wazuh is an enterprise-ready platform used for
securityElastic Security modernizes security security monitoring. It is a free and open-source
operations — enabling analytics across years of platform that is used for threat detection, incident
data, automating key processes, and bringing response and compliance, and integrity
native endpoint security to every host.Elastic monitoring. Wazuh is capable of protecting
Security equips teams to prevent, detect, and workloads across virtualized, on-premises,
respond to threats at cloud speed and scale — containerized, and cloud-based environments.
securing business operations with a unified, open
platform. It consists of an endpoint security agent and a
management server. Additionally, Wazuh is fully
integrated with the Elastic Stack, allowing users
the ability to navigate...
SAMPLE Texas A&M, U.S. Air Force, NuScale Power,

CUSTOMERS
Martin's Point Health Care
TOP Graylog vs. Elastic Security Elastic Security vs. Wazuh

COMPARISONS Compared 15% of the time Compared 24% of the time
Splunk Enterprise Security vs. Elastic Security Splunk Enterprise Security vs. Wazuh
Compared 12% of the time Compared 20% of the time
IBM Security QRadar vs. Elastic Security USM Anywhere vs. Wazuh
Compared 8% of the time Compared 11% of the time
TOP INDUSTRIES, Healthcare Company ... 6% Comms Service Provider ... 7%

BASED ON Comms Service Provider ... 13% Financial Services Firm ... 13%
REVIEWERS*
Computer Software Company ... 25% Security Firm ... 20%
Financial Services Firm ... 44% Computer Software Company ... 27%
TOP INDUSTRIES, Comms Service Provider ... 8% Educational Organization ... 7%
BASED ON Financial Services Firm ... 10% Government ... 7%
COMPANIES
READING REVIEWS* Government ... 10% Comms Service Provider ... 11%
Computer Software Company ... 18% Computer Software Company ... 18%
COMPANY SIZE, 201-1000 Employees ... 16% 201-1000 Employees ... 15%
BASED ON 1001+ Employees ... 26% 1001+ Employees ... 30%
REVIEWERS*
1-200 Employees ... 58% 1-200 Employees ... 55%
COMPANY SIZE, 1-200 Employees ... 23% 1-200 Employees ... 30%
BASED ON 201-1000 Employees ... 16% 201-1000 Employees ... 19%
COMPANIES
READING REVIEWS* 1001+ Employees ... 61% 1001+ Employees ... 50%
* Data is based on the aggregate profiles of PeerSpot Users researching this solution.
© 2023 PeerSpot
12
Wazuh review by a real user
It integrates seamlessly with AWS cloud-native services
Manager Cloud Security Operations at

TraceLink, Inc.
Vikrant Puranik
WHAT IS OUR PRIMARY USE CASE?
Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we
could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized
logging solution.
The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable.
Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us,
and Wazuh is a top open source solution.
WHAT IS MOST VALUABLE?
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for
different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.
WHAT NEEDS IMPROVEMENT?
Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some
minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.
I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS
or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or
Azure-managed Kubernetes solutions.
13
Continued from previous page
FOR HOW LONG HAVE I USED THE SOLUTION?
We've used Wazuh for two years.
WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?
Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect
every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source
solution. You pay for a licensed product or you deal with minor problems in open source.
WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?
Wazuh's scalability has room for improvement.
HOW ARE CUSTOMER SERVICE AND SUPPORT?
We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of
the answers you need in the community groups or forums. I rate Wazuh support eight out of 10.
WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?
I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned
to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a
commercial product or rely on our skills to deploy an open-source solution.
The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box
functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search
capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.
14
HOW WAS THE INITIAL SETUP?
I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly
complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment,
the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.
WHAT ABOUT THE IMPLEMENTATION TEAM?
Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the
documentation is excellent, and they have good community support as well.
WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?
Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no
more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend
anything except for resources.
WHAT OTHER ADVICE DO I HAVE?
I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight
budget, but you need to have an enterprise-level SIEM deployment.
If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your
experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up.
WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?
On-premises
© 2023 PeerSpot
15
Researched Wazuh But Chose Elastic

Review by a real user:
Assistant Manager - IT Security at Photon inc
Nikhil-Kumar
We primarily use the solution for log management. We use its basic functionality.
The dashboards are great.
It's very customizable, which is quite helpful.
It's mostly stable.
The solution can scale.
It is a reasonably priced product that is open-source and can be free to use.
The user interface could be simpler. It can be complicated for some who aren't familiar with it.
We'd like better premium support.
The company has used the solution for a long time. I just joined the organization.
16
Once you upgrade or do anything on the server there may initially be some issues, however, mostly it is stable. I'd rate the
stability six or seven out of ten.
There are no issues with scalability. It can extend well.
We have a separate team that deals with the solution directly.
We plan to migrate to a new solution and do not intend to extend usage.
We have premium support, and it is not good. They are not helpful or responsive at all. We could not get a hold of them.
We also make use of Wazuh.
I've used Rapid7 a long time ago in a previous organization. This solution is much more basic and does not have as many
features.
The initial setup can be complex if you don't have technical knowledge. However, once it is deployed, it works well.
I'm not sure how long it took to deploy. I wasn't there when it was set up and configured.
We have an internal team that handles deployment and maintenance. It doesn't require too many people to deploy. Five or six
people would be enough. However, for 24/7 monitoring, you need to have someone always on it.
17
I was not in the organization when the organization was launched. My understanding is that it can be done in-house.
WHAT WAS OUR ROI?
The tool is fine. However, their premium support is bad.
This is an open-source solution. It's free to those who would like to take advantage of its capabilities.
There are options for yearly or monthly subscriptions. It's based on how many logs you deal with every month. If it increases
beyond your tier, you would pay extra for the solution.
The price can be low, however, their support is lacking - even the premium option.
I'd rate it eight out of ten in terms of affordability.
For a small organization, this solution works well. It may not be suitable for a bigger organization.
I'd rate the solution seven out of ten. There are a lot of reviews available online. People should go and take a look and learn
about the solution themselves.
On-premises
© 2023 PeerSpot
18
Researched Wazuh But Chose Elastic

Chief Operating Officer / SR. Project Manager

at SCS
Maria Foss
We use it as a SIEM for monitoring a client's environment.
One of the most valuable features of this solution is that it is more flexible than AlienVault.
It is difficult to anticipate and understand the space utilization, so more clarity there would be great.
My company has been using this solution for two years.
It is a very stable solution.
19
The solution is very scalable.
The technical support is adequate.
HOW WOULD YOU RATE CUSTOMER SERVICE AND SUPPORT?
Neutral
We currently use AlienVault for some clients and Elastic Security for others. We chose Elastic Security because we felt it was
the most flexible, cost-effective solution to provide the results needed.
In certain respects, the setup of this solution is more straightforward than other solutions, but in other respects, it's more
complex because it needs more fine-tuning than Splunk or AlienVault.
We implemented through an in-house team and it took about two months.
20
The licensing cost depends on the size of the environment it's monitoring. Everything is based on volume, as with all SIEMs.
When compared to other products, the price is average or on the low side.
WHICH OTHER SOLUTIONS DID I EVALUATE?
We evaluated several options, including Monster SIEM, Splunk, and Wazuh.
There's a lot of fine-tuning involved with this solution. When you go to a diner, and the menu has everything on it, and you
can't figure out which part to look at first, it's a double-edged sword. You can do everything with this solution, which means
you have to figure out which part of "everything" makes sense for your company to do.
I would rate this solution as an eight out of ten. It's a good value for money and a reliable solution, but it's heavily reliant on
appropriate configuration.
© 2023 PeerSpot
21
Researched Elastic But Chose Wazuh

Principal Architect at Calsoft
Chaitanya Ghate
Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us
because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. Wazuh
is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution.
The configuration assessment and pile integrity monitoring features are decent.
Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for
malware detection. We are also doing more container implementation also, so we need better container security, log data
analysis, auditing and compliance, malware detection, etc.
Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment
timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.
We implemented Wazuh in 2019.
22
I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The
dashboard would be inaccessible due to some service failure or something.
I rate Wazuh eight out of 10 for scalability.
We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily
available online.
Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months
We deployed Wazuh.
23
Wazuh is a free solution.
WHICH OTHER SOLUTIONS DID I EVALUATE?
We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our
vendors We want to move to either Elastic or CrowdStrike.
I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest
version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to
products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration
could be easier.
On-premises
© 2023 PeerSpot
24
Vendor Directory For Log Management

Amazon Amazon Detective ManageEngine ManageEngine File Audit Plus
AT&T USM Anywhere Mezmo Mezmo
BlackStratus LOGStorm Micro Focus ArcSight Logger
Cavisson Cavisson NetForest Microsoft Microsoft Purview Audit
ChaosSearch ChaosSearch Motadata Motadata Data Analytics Platform
Check Point Check Point Security Management Nagios Nagios Log Server
Coralogix Coralogix NETMONASTERY DNIF HYPERCLOUD
CrowdStrike CrowdStrike Observability NetWitness NetWitness Platform
Datadog Datadog NNT NNT Log Tracker Enterprise
DataSet DataSet Platform One Identity syslog-ng
Dell Technologies Dell InTrust Panther Panther
Devo Devo Power Admin Power Admin PA File Sight
Elastic Elastic X-Pack [EOL] Progress Software WhatsUp Log Management [EOL]
Elastic Elastic Beats Quest Software Change Auditor for Windows File Servers
Elastic Elastic Security Quest Software Quest InTrust
Exabeam Exabeam Fusion SIEM Rapid7 Logentries [EOL]
Fortinet Fortinet FortiAnalyzer Rapid7 Rapid7 InsightOps
Google Google Cloud's operations suite (formerly Sematext Sematext Logs

Stackdriver)
SolarWinds Solarwinds Papertrail
Graylog Graylog
SolarWinds Loggly
IBM IBM SevOne Network Performance
Management (NPM) SolarWinds SolarWinds Kiwi Syslog Server
IBM IBM Security QRadar SolarWinds SolarWinds Log Analyzer
Intersect Alliance Snare Splunk Splunk Enterprise Security
IS Decisions FileAudit Stackify Stackify
ITRS OP5 Log Analytics Sumo Logic Sumo Logic Security
LogRhythm LogRhythm SIEM TIBCO LogLogic
LogRhythm LogRhythm Axon Trellix Trellix Enterprise Security Manager -
Enterprise Log Manager
Logsign Logsign Next-Gen SIEM
Tripwire Tripwire Log Center
Logz.io Logz.io
VMware vRealize Log Insight
ManageEngine ManageEngine Log360
Wazuh Wazuh
ManageEngine ManageEngine EventLog Analyzer
25
26
Vendor Directory For Security Information and Event Management

(SIEM)
Adlumin Adlumin Micro Focus ArcSight Enterprise Security Manager
(ESM)
Amazon AWS Security Hub
Micro Focus NetIQ Sentinel
Anvilogic Anvilogic
Micro Focus ArcSight Interset / Intelligence
AT&T USM Anywhere
Microsoft Microsoft Sentinel
AT&T AlienVault OSSIM
NETMONASTERY DNIF HYPERCLOUD
BlackBerry Blackberry Alert
Netsurion Netsurion
BlackBerry Blackberry AtHoc
NetWitness NetWitness Platform
BlackStratus SIEMStorm
NNT NNT Log Tracker Enterprise
Blumira Blumira
Odyssey Cybersecurity ClearSkies SaaS NG SIEM
Coralogix Coralogix
Oracle Oracle Security Monitoring and Analytics
Devo Devo Cloud Service
Edge Delta Edge Delta Security Panther Panther
Elastic Elastic Security Rapid7 Rapid7 InsightIDR
empow i-SIEM RSA RSA enVision
Exabeam Exabeam Fusion SIEM Seceon Seceon Open Threat Management

Platform
Fortinet Fortinet FortiSIEM
Securonix Solutions Securonix Next-Gen SIEM
Fortra Fortra's Event Manager
SolarWinds SolarWinds Security Event Manager
Graylog Graylog Security
SolarWinds SolarWinds MSP Threat Monitor [EOL]
Gurucul Gurucul Next Gen SIEM
Splunk Splunk Enterprise Security
IBM IBM Security QRadar
SQRRL SQRRL
IBM IBM Watson for Cyber Security
Sumo Logic JASK [EOL]
Ignite Technologies SenSage AP
Sumo Logic Sumo Logic Security
Intersect Alliance Snare
SurfWatch Labs SurfWatch Labs SurfWatch
IS Decisions FileAudit
TEHTRIS TEHTRIS SIEM
LogPoint LogPoint
ThetaRay ThetaRay
LogRhythm LogRhythm SIEM
TIBCO LogLogic
Logsign Logsign Next-Gen SIEM
Trellix Trellix ESM
Logz.io Logz.io
Trellix Trellix Helix
ManageEngine ManageEngine Log360
Trustwave Trustwave SIEM [EOL]
ManageEngine ManageEngine EventLog Analyzer
VenusTech Venusense USM
Masergy Masergy
Wazuh Wazuh
27
Top Log Management Vendors

Over professionals have used PeerSpot research. Here are the top vendors based on product reviews, ratings, and comparisons. All
reviews and ratings are from real users, validated by our triple authentication process.
Chart Key
Views Comparisons Reviews Words/Review Average Rating
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product PeerSpot on PeerSpot reviews
Bar length
The total ranking of a product in a category, represented by the bar length, is based on a weighted aggregate score. The score is calculated
using the following factors:
ul>
li>Comparisons Views: the product with the highest number of comparisons with other products-in-the-category gets a
maximum of 25 points. Every other product gets assigned points based on its total in proportion to the #1 product
in that ranking factor. For example, if a product has 80% of the number of comparison views compared to the
product with the most reviews then the product's points for reviews would be 25 * 80%./li>
li>Views: We calculate the number of Views based on the percentage of category comparisons out of the total comparisons of the
product./li>
ul>
li>For example, if a product has 100 Comparisons with other products in the category and a total of 1,000 Comparisons,
the product will be assigned 10% of the total number of Views. If the product has a total of 2,000 Views,
it will be assigned 200 Views for this ranking factor./li>
li>The product with the highest number of views gets a maximum of 25 points.
Every other product gets assigned points based on its total in proportion to the #1 product in that ranking factor./li>
/ul>
li>Reviews: the product with the highest number of reviews gets a maximum of 15 points. Every other product gets assigned points
based on its total in proportion to the #1 product in that ranking factor. For example, if a product has 80% of the number of
reviews compared to the product with the most reviews then the product's points for reviews would be 15 * 80%./li>
li>Rating: the maximum score is 25 points awarded linearly between 6-10/li>
ul>
li>e.g. 6 or below=0 points; 7.5=7.5 points; 9.0=18 points; 10=25 points./li>
/ul>
li>Words/Review: the maximum score is 10 points awarded linearly between 0-900 words/li>
ul>
li>e.g. 600 words = 4 points; 750 words = 7 points; 900 or more words = 10 points./li>
li>If a product has fewer than ten reviews, the point contribution for Rating and Words/Review is reduced: 1/3 reduction in points
for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews./li>
/ul>
/ul>
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
Rankings for June 2023 and earlier used our previous ranking methodology. Learn more here.
1 Splunk Enterprise Security
31,033 views 25,282 comparisons 44 reviews 590 words/review 8.2 average rating
2 Wazuh
28
3 Datadog
© 2023 PeerSpot
29
4 Elastic Security
5 IBM Security QRadar
6 LogRhythm SIEM
7 Fortinet FortiAnalyzer
8 Check Point Security Management
9 Graylog
10 USM Anywhere
© 2023 PeerSpot
30
Top Security Information and Event Management (SIEM) Vendors

Over professionals have used PeerSpot research. Here are the top vendors based on product reviews, ratings, and comparisons. All
reviews and ratings are from real users, validated by our triple authentication process.
Chart Key
Views Comparisons Reviews Words/Review Average Rating
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product PeerSpot on PeerSpot reviews
Bar length
The total ranking of a product in a category, represented by the bar length, is based on a weighted aggregate score. The score is calculated
using the following factors:
ul>
li>Comparisons Views: the product with the highest number of comparisons with other products-in-the-category gets a
maximum of 25 points. Every other product gets assigned points based on its total in proportion to the #1 product
in that ranking factor. For example, if a product has 80% of the number of comparison views compared to the
product with the most reviews then the product's points for reviews would be 25 * 80%./li>
li>Views: We calculate the number of Views based on the percentage of category comparisons out of the total comparisons of the
product./li>
ul>
li>The product with the highest number of views gets a maximum of 25 points.
Every other product gets assigned points based on its total in proportion to the #1 product in that ranking factor./li>
/ul>
li>Reviews: the product with the highest number of reviews gets a maximum of 15 points. Every other product gets assigned points
based on its total in proportion to the #1 product in that ranking factor. For example, if a product has 80% of the number of
reviews compared to the product with the most reviews then the product's points for reviews would be 15 * 80%./li>
li>Rating: the maximum score is 25 points awarded linearly between 6-10/li>
ul>
li>e.g. 6 or below=0 points; 7.5=7.5 points; 9.0=18 points; 10=25 points./li>
/ul>
li>Words/Review: the maximum score is 10 points awarded linearly between 0-900 words/li>
ul>
li>e.g. 600 words = 4 points; 750 words = 7 points; 900 or more words = 10 points./li>
li>If a product has fewer than ten reviews, the point contribution for Rating and Words/Review is reduced: 1/3 reduction in points
for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews./li>
/ul>
/ul>
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
Rankings for June 2023 and earlier used our previous ranking methodology. Learn more here.
1 Splunk Enterprise Security
2 Microsoft Sentinel
34,829 views 20,255 comparisons 53 reviews 1,445 words/review 8.3 average rating
31
3 IBM Security QRadar
© 2023 PeerSpot
32
4 Elastic Security
5 Wazuh
6 LogRhythm SIEM
7 USM Anywhere
8 Fortinet FortiSIEM
9 Securonix Next-Gen SIEM
6,818 views 3,831 comparisons 11 reviews 1,255 words/review 9.2 average rating
10 ArcSight Enterprise Security Manager (ESM)
© 2023 PeerSpot
33
Top Log Management 5 Solutions by Ranking Factor

Views
VIEWS
1 Splunk Enterprise Security 31,033
2 Wazuh 30,753
3 Elastic Security 21,409
4 IBM Security QRadar 18,926
5 Datadog 12,637
Reviews
REVIEWS
1 Datadog 103
2 IBM Security QRadar 54
3 Splunk Enterprise Security 44
4 Fortinet FortiAnalyzer 42
5 Check Point Security Management 32
Words / Review
WORDS /
REVIEW
1 Devo 2,182
2 IBM SevOne Network Performance 1,560

Management (NPM)
3 Stackify 1,453
4 Graylog 787
5 DNIF HYPERCLOUD 774
© 2023 PeerSpot
34
Top Security Information and Event Management (SIEM) 5 Solutions

by Ranking Factor
Views
VIEWS
1 Microsoft Sentinel 34,829
2 Splunk Enterprise Security 32,443
3 IBM Security QRadar 25,899
4 Wazuh 21,653
5 Elastic Security 17,544
Reviews
REVIEWS
1 IBM Security QRadar 54
2 Microsoft Sentinel 53
3 Splunk Enterprise Security 44
4 Fortinet FortiSIEM 26
5 ArcSight Enterprise Security Manager 24

(ESM)
Words / Review
WORDS /
REVIEW
1 Devo 2,182
2 Netsurion 1,862
3 Microsoft Sentinel 1,445
4 Securonix Next-Gen SIEM 1,255
5 RSA enVision 955
© 2023 PeerSpot
35
About this report

This report is comprised of a list of enterprise level Log Management AND Security Information and Event Management (SIEM) vendors. We
have also included several real user reviews posted on peerspot.com. The reviewers of these products have been validated as real users
based on their LinkedIn profiles to ensure that they provide reliable opinions and not those of product vendors.
About PeerSpot
The Internet has completely changed the way we make buying decisions. We now use ratings and review sites to see what other real users
think before we buy electronics, book a hotel, visit a doctor or choose a restaurant. But in the world of enterprise technology, most of the
information online and in your inbox comes from vendors but what you really want is objective information from other users.
We created PeerSpot to provide technology professionals like you with a community platform to share information about enterprise software,
applications, hardware and services.
We commit to offering user-contributed information that is valuable, objective and relevant. We protect your privacy by providing an
environment where you can post anonymously and freely express your views. As a result, the community becomes a valuable resource,
ensuring you get access to the right information and connect to the right people, whenever you need it.
PeerSpot helps tech professionals by providing:
• A list of enterprise level Log Management AND Security Information and Event Management (SIEM) vendors
• A sample of real user reviews from tech professionals
• Speciﬁc information to help you choose the best vendor for your needs
Use PeerSpot to:
• Read and post reviews of vendors and products

• Request or share information about functionality, quality, and pricing
• Contact real users with relevant product experience
• Get immediate answers to questions
• Validate vendor claims
• Exchange tips for getting the best deals with vendors
PeerSpot
244 5th Avenue, Suite R-230 • New York, NY 10001
www.peerspot.com
reports@peerspot.com
+1 646.328.1944
© 2023 PeerSpot
36

Elastic Security vs. Wazuh Report From PeerSpot 2023-07-02 1nqd

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Elastic Security vs. Wazuh Report From PeerSpot 2023-07-02 1nqd

Uploaded by

Copyright:

Available Formats

Elastic Security

Buyer's Guide &

Get a custom version of this report...personalized for you!

Get your personalized report here.

Advice From Real Users 4-9

Top Review by Topic of Elastic Security and Wazuh 10-11

Reviews From Real Users 13-15

Reviews By Users Who Have Researched Both Solutions 16-24

Top Log Management Vendors 29-30

Top Security Information and Event Management (SIEM) Vendors 32-33

Top Log Management 5 Solutions by Ranking Factor 34

About This Report and PeerSpot 36

Advice From Real Users

"It's very customizable, which is quite helpful." [Full Review]

Advice From Real Users

"We'd like better premium support." [Full Review]

Advice From Real Users

PRICING AND LICENSING ADVICE

"Affordable but with additional costs" [Full Review]

Advice From Real Users

"It is a stable solution." [Full Review]

"If they support a solution, it is easy to do an integration." [Full Review]

"It's stable." [Full Review]

Advice From Real Users

"Its configuration process is time-consuming." [Full Review]

"Integration with Vyara could be better." [Full Review]

"While it is scalable, it can suffer from reduced latencies." [Full Review]

"The deployment is a bit complex." [Full Review]

"A lack of certain features creates limitations." [Full Review]

Advice From Real Users

PRICING AND LICENSING ADVICE

"It is a free-of-cost solution." [Full Review]

"Wazuh is free and open source." [Full Review]

"The current pricing is open source." [Full Review]

Top Reviews by Topic

Kathleen Fishman Vikrant Puranik

There are three key strengths of Wazuh that stand

Top Reviews by Topic

It's a pretty solid product. It's pretty easy to use as

The SIEM modules in Logstash, need more

SAMPLE Texas A&M, U.S. Air Force, NuScale Power,

TOP Graylog vs. Elastic Security Elastic Security vs. Wazuh

TOP INDUSTRIES, Healthcare Company ... 6% Comms Service Provider ... 7%

Wazuh review by a real user

It integrates seamlessly with AWS cloud-native services

Manager Cloud Security Operations at

WHAT IS OUR PRIMARY USE CASE?

WHAT IS MOST VALUABLE?

WHAT NEEDS IMPROVEMENT?

Continued from previous page

FOR HOW LONG HAVE I USED THE SOLUTION?

We've used Wazuh for two years.

WHAT DO I THINK ABOUT THE STABILITY OF THE SOLUTION?

WHAT DO I THINK ABOUT THE SCALABILITY OF THE SOLUTION?

Wazuh's scalability has room for improvement.

HOW ARE CUSTOMER SERVICE AND SUPPORT?

WHICH SOLUTION DID I USE PREVIOUSLY AND WHY DID I SWITCH?

Continued from previous page

HOW WAS THE INITIAL SETUP?

WHAT ABOUT THE IMPLEMENTATION TEAM?

WHAT'S MY EXPERIENCE WITH PRICING, SETUP COST, AND LICENSING?

WHAT OTHER ADVICE DO I HAVE?

WHICH DEPLOYMENT MODEL ARE YOU USING FOR THIS SOLUTION?