We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"I have found the ability to delete unwanted threats beneficial."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"The product has huge integration varieties available."
"Elastic Security is very easy to adapt."
"Stability-wise, I rate the solution a ten out of ten."
"The visualization is very good."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The stability of the solution is good."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"The tool is stable."
"Wazuh is simple to use for PCI compliance."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The data recovery and backup could be improved."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"We should be able to use the product on devices like Apple, Linux, etc."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"This solution is very hard to implement."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"We would like to see more improvements on the cloud."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Its configuration process is time-consuming."
Elastic Security is ranked 5th in Log Management with 58 reviews while Wazuh is ranked 3rd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint, IBM Security QRadar and CrowdStrike Falcon, whereas Wazuh is most compared with Splunk Enterprise Security, Security Onion, AlienVault OSSIM, Graylog and IBM Security QRadar. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.