We performed a comparison between LogRhythm SIEM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"The automation feature is valuable."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"Sentinel pricing is good"
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
"We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
"Technical support is very helpful and responsive."
"The artificial intelligence engine."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"The deployment is easy and they provide very good documentation."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"If they support a solution, it is easy to do an integration."
"Wazuh has very flexible and robust features."
"It has efficient SCA capabilities."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The only thing is sometimes you can have a false positive."
"The log storage capacity should be increased."
"The solution is likely not the best option for a smaller organization."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"It's not easy for someone new to the solution."
"We've had issues with scaling and local support."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"The computing resources are consuming and do not make sense."
"Some features, like alerting, are complex with Wazuh."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. LogRhythm SIEM is rated 8.4, while Wazuh is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm Axon, Fortinet FortiSIEM and Fortinet FortiAnalyzer, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and CrowdStrike Falcon. See our LogRhythm SIEM vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.