We performed a comparison between SentinelOne Singularity Complete and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The integration, visibility, vulnerability management, and device identification are valuable."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The threat intelligence is excellent."
"The most valuable aspect of SentinelOne Singularity Complete is the protection it provides."
"The remediation and rollback features are pretty impressive."
"SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
"For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine."
"The GUI is really easy to use."
"I find the application inventory feature to be extremely useful."
"The solution is easy to set up."
"The Deep Visibility feature is the most useful part of the EDR platform. It gives us good insights into what is actually happening on the endpoints, e.g., when we have malicious or suspicious activity. We came from a legacy type AV previously, so we didn't have that level of visibility or understanding. For simplifying threat-hunting, it is extremely useful, where traditional techniques in threat hunting are quite laborious. We can put in indicators of compromise and it will sweep the environment for them, then they would give us a breakdown of what assets have been seen and where they have been seen, which is more of a forensics overview."
"The most valuable features are the modules and metrics."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"It is a stable solution."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Wazuh has very flexible and robust features."
"The tool is stable."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"The main thing I like about it is that it has an EDR."
"The licensing is a nightmare and has room for improvement."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"The logs could be better."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The mobile app support for Android and iOS is difficult and needs improvement."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The setup process could be improved."
"Having an additional logic layer could improve the solution, mainly because I run multiple systems with different layers. For example, if I'm running a very important server with this agent, and that server gets infected, I may not necessarily be sure that I want to shut it down right away. Maybe I want to isolate some of the connectivity but not do the entire security remediation automatedly or curtail network access type of activity."
"My biggest complaint is that when you're logged into the console there is the Help section where you can review all the documentation. But when you log in to the support portal, there is documentation there as well. They need to sync those two into one place so that I don't have to search in two different locations for an answer."
"It would be nice if the console stored data daily, so that you could look at a timeline of events on a machine over a period of time, and currently this is not possible."
"The agent update is not the most intuitive process, but I understand why they do it. We have a pretty vertical 64-bit environment for Windows. That is pretty much all we have, but we get alerts for things like the new Linux endpoint or things that do not apply to us. That is probably the only thing that I do not like. There may be some way to turn that off so that I do not get endpoint update alerts from platforms that are not applicable to our system, enterprise, or network."
"There is room for improvement with the management interface. It could be more user friendly."
"Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better."
"The update process can be better. It is very easy to deploy, but over a long period, the updating process can be a little messy. In some EDR solutions, you end up with a very good mechanism to push new versions. It could do with a little work in that area. It is not particularly difficult, but it could do with a little work."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Some features, like alerting, are complex with Wazuh."
"The only challenge we faced with Wazuh was the lack of direct support."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"There could be a hardware monitoring tool for the solution."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"Since it's an open-source tool, scalability is the main issue."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
More SentinelOne Singularity Complete Pricing and Cost Advice →
SentinelOne Singularity Complete is ranked 2nd in Extended Detection and Response (XDR) with 177 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. SentinelOne Singularity Complete is rated 8.8, while Wazuh is rated 7.4. The top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Check Point Harmony Endpoint, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our SentinelOne Singularity Complete vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.