We performed a comparison between Rapid7 InsightIDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"Microsoft 365 Defender is a good solution and easy to use."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"I have found the ability to delete unwanted threats beneficial."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"Simple configuration and automatically syncs to the cloud platform."
"I like that it's a cloud-based solution."
"User behavioral analytics allows us to pinpoint abnormal or suspicious behavior among millions of events every day."
"The product works well. Stability-wise, I rate the solution a ten out of ten."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"Very intuitive and easy to set up."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"Wazuh has very flexible and robust features."
"It is a stable solution."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"Good for monitoring, active response, and for vulnerabilities."
"If they support a solution, it is easy to do an integration."
"We should be able to use the product on devices like Apple, Linux, etc."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The ability to tune the collector for custom logs would greatly help."
"I feel it would greatly benefit from more supported log sources."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Since it's an open-source tool, scalability is the main issue."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Some features, like alerting, are complex with Wazuh."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"We would like to see more improvements on the cloud."
"There could be a hardware monitoring tool for the solution."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Rapid7 InsightIDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Rapid7 InsightIDR vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.