ArcSight Logger and Wazuh are competitors in the field of log management and security information and event management (SIEM) solutions. ArcSight Logger seems to have the upper hand in scalability and integration, while Wazuh stands out due to its open-source nature and cost-effectiveness.
Features: ArcSight Logger excels with features like robust scalability handling large log data, extensive search capabilities, and real-time data correlation. It also supports integration with various security solutions. Wazuh is appreciated for its open-source model, easy integration with cloud applications, and features like file integrity monitoring, compliance checks, and community-driven support.
Room for Improvement: ArcSight Logger users report challenges with its outdated architecture and complex usability, suggesting a need for improved speed and integration capabilities. Wazuh would benefit from enhancements in native threat intelligence integration and better support for Unix systems. Users also desire improved scalability and simpler configuration processes.
Ease of Deployment and Customer Service: ArcSight Logger offers primarily on-premises deployment, resulting in complex and time-consuming processes, and receives mixed reviews on technical support. Wazuh supports multiple deployment models, including cloud and hybrid setups, and benefits from community engagement and documentation, although direct support could be improved.
Pricing and ROI: ArcSight Logger is associated with higher costs due to licensing complexities but offers a good ROI for organizations that prioritize log management. Wazuh, with its open-source model, reduces expenses and appeals to budget-conscious users; however, potential hidden costs related to support and infrastructure need to be considered for total cost of ownership.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
We provide pre-implementation, implementation, and post-implementation support.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
Splunk does much more than SIEM, including log analysis, user behavior analysis, threat intelligence, and customer behavior analysis.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
ArcSight Logger installs on very minimal resources with very few requirements
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Market Share (%) |
|---|---|
| Wazuh | 12.6% |
| ArcSight Logger | 0.7% |
| Other | 86.7% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 10 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.
Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.
What are the essential features of Wazuh?Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
