We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Its most significant advantage lies in its affordability."
"The product is very easy to use."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The comprehensiveness of Microsoft's threat detection is good."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Enables monitoring of application performance and the ability to predict behaviors."
"The feature that we have found the most valuable is scalability."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"The most valuable feature is the ability to collect authentication information from service providers."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"It's stable."
"It is a stable solution."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"Wazuh has very flexible and robust features."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The licensing is a nightmare and has room for improvement."
"The support could be more knowledgable to improve their offering."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Their visuals and graphs need to be better."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"We'd like to see some more artificial intelligence capabilities."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Wazuh is missing many things that a typical SIEM should have."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
Elastic Security is ranked 5th in Log Management with 58 reviews while Wazuh is ranked 3rd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, Microsoft Defender for Endpoint, IBM Security QRadar and CrowdStrike Falcon, whereas Wazuh is most compared with Splunk Enterprise Security, Security Onion, AlienVault OSSIM, Graylog and IBM Security QRadar. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.