

Wazuh and Falcon LogScale are competing security information and event management solutions. Falcon LogScale has an advantage with its advanced analytics and feature-rich platform.
Features: Wazuh provides robust threat detection, compliance management, and log analysis. It offers an open-source model allowing customization and scalability. Falcon LogScale stands out for high data ingestion rates, real-time analytics, and seamless integration capabilities, simplifying complex security operations.
Room for Improvement: Wazuh could enhance its user interface and expand real-time analytics capabilities. More built-in integrations would improve flexibility. Enhancing scalability features could benefit growing businesses. Falcon LogScale may improve with a more intuitive setup process and reduced initial deployment complexity. More affordable pricing options could cater to smaller enterprises. Additional multilingual support would enhance its global appeal.
Ease of Deployment and Customer Service: Wazuh is praised for a straightforward installation and a responsive support team, making it accessible across IT environments. Although Falcon LogScale requires an extensive initial setup, it provides an efficient experience in the long term, supported by comprehensive documentation and knowledgeable support.
Pricing and ROI: Wazuh's open-source nature significantly reduces setup costs, offering strong ROI with minimal licensing fees, appealing to small to medium businesses with a predictable pricing structure. Falcon LogScale, while more expensive initially, delivers significant ROI through advanced analytics and operational efficiencies, making it appealing for larger enterprises requiring extensive data capabilities.
You save man hours, and man hours convert to business time and money time as well.
Falcon LogScale helps ease this process and sends logs to XDR for further verification.
I have definitely seen ROI with Falcon LogScale so far.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
I would rate the customer support a 10 on a scale of one to 10.
I raised a customer support request, and in response, they released a new version with a fix for that problem.
The information contained in Falcon LogScale's documentation is very clear.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
If there is a critical incident with an associated IP, associated user, endpoints, or whatever factor it is supposed to associate, it associates it by default and makes our life easier, making the SOC life easier.
You could integrate as many endpoints as you want within a fraction of seconds, and it accommodates the number of resources that you integrate with it while maintaining the same response time.
When we add new log sources or suddenly increase our ingestion volume, the performance does not dip.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
It uses an index-free architecture, it does not suffer from index corruption or the complications that other legacy tools face.
Falcon LogScale is very strong in real-time log search.
We did not have any problems with Falcon LogScale in terms of stability and reliability.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
For the ease of use for Falcon administrators, the same documentation on the Falcon LogScale portal should be on the CrowdStrike dashboard.
KQL is simpler when compared to SQL. However, SQL is faster and quite efficient, but the language is a bit tough.
What they have done now is added what is called Charlotte AI, which is their new AI capabilities that can help with this.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
I believe when it comes to log ingestion, it is comparatively low compared to any other services like Microsoft, Trend Micro, or Splunk.
For us, it is a very cost-effective solution.
My experience with pricing, setup cost, and licensing is that it is straightforward, and the cost is quite low.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
You can describe what you want to do in English, and it converts it to a query language for you to use.
Traditional SIEM tools index logs, which is slow and expensive. Falcon LogScale stores logs without heavy indexing and searches directly, making it very fast.
Falcon LogScale has positively impacted my organization by providing visibility of the logs, making it easier for us to troubleshoot any issues.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Mindshare (%) |
|---|---|
| Wazuh | 4.6% |
| Falcon LogScale | 0.9% |
| Other | 94.5% |

| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 9 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 27 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
Falcon LogScale is a modern log management tool that offers robust features for organizations seeking efficient log analysis. It provides high-speed log ingestion and query capabilities, enabling detailed insights into system performance and security events.
Falcon LogScale provides an efficient way for IT teams to handle massive volumes of log data. Its architecture supports rapid ingestion and real-time querying, making it ideal for security and operational analytics. With customizable search capabilities, it allows deep analysis to detect anomalies and troubleshoot issues effectively. Users appreciate its scalability and performance-driven approach, making it suitable for large infrastructures.
What are the most important features of Falcon LogScale?
What benefits or ROI should be anticipated?
Falcon LogScale is particularly beneficial in industries requiring detailed compliance reporting and real-time threat detection, such as finance and healthcare. It's implemented to support security operations and incident response teams by providing timely insights and operational efficiencies.
Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.
Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.
What are the key features of Wazuh?In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.