Fortinet FortiAnalyzer vs Wazuh comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,221 views|5,466 comparisons
Fortinet Logo
11,208 views|6,920 comparisons
Wazuh Logo
18,802 views|10,988 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Sep 19, 2022

We compared Fortinet FortiAnalyzer vs Wazuh based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions find them easy to deploy.
  • Features: Users of both products feel that they are fairly stable and fairly scalable.

    Fortinet FortiAnalyzer’s network monitoring capabilities are robust. However, users feel its ability to integrate with other products is limited.

    Users of Wazuh find its integration capabilities to be very valuable. However, they feel some of its security features could be more robust than they are currently.
  • Pricing: Users of Fortinet FortiAnalyzer find it to be expensive. Reviewers of Wazuh write that unless they pay for technical support, it is free for them to use.
  • Service and Support: Users of Fortinet FortiAnalyzer are divided over how effective their technical support is. Some also feel that its supporting documentation could be improved. Reviewers of Wazuh find its paid support and community forum support to be effective.

Comparison of Results: Based on the parameters we compared, Wazuh seems to be the superior solution. Our reviewers feel that because Fortinet FortiAnalyzer’s integration capabilities are limited, its price is expensive, and there is a question about how effective its technical support is, Wazuh is a better investment.

To learn more, read our detailed Fortinet FortiAnalyzer vs. Wazuh Report (Updated: October 2022).
654,658 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is.""The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."

More Devo Pros →

"We have the most data visibility.""FortiAnalyzer's reporting features like graphs, threat intelligence, and vulnerabilities analysis are helpful. Fortinet knows how to do reporting. You can customize your reports to show exactly what you want to analyze. It's user-friendly and doesn't require a lot of effort.""One of the most valuable features is the ability to analyze data in real-time using AR features to pull data from the industrial DB. You can know what is going on and see in milliseconds where the network is underperforming.""The features that our customers have found most valuable are their different type of reports including the drill down report, as well as the flexibility to connect to any number of appliances which can be connected to it centrally.""FortiAnalyzer's best feature is centralized log analysis. It's based on SQL database, so I can fully customize my report, chart-wise and log-wise, and can create as many reports as I want without any limit.""From my perspective, we need to see the traffic in a good way so we can know what has happened in our network. The analyzing tools and the monitoring tools and the logs are the important part in the network.""The report templates are valuable. It works very well, and integrations also work well.""The solution provides good standardized reports and is easy to troubleshoot."

More Fortinet FortiAnalyzer Pros →

"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.""Wazuh has very flexible and robust features.""Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.""The MITRE ATT&CK correlation is most valuable.""The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.""The deployment is easy and they provide very good documentation.""The most valuable feature of Wazuh is the ELK for doing an investigation.""I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."

More Wazuh Pros →

Cons
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that.""The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts.""Technical support could be better.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""I would like to have the ability to create more complex dashboards.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data.""There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."

More Devo Cons →

"The cloud version can be expensive. If the customers could get the resources to store the logs on-premises, it would be much better.""It will be better if behavior or indicators of compromise were on the same licensing schema. Currently, it is an advanced feature that you have to purchase as an add-on. This is the reason we're trying to do the ELK so that we can integrate them and create those rules by using open-source software. It will also be better if it has some more integration with IT service management tools so that we can do endpoint protection and response based on those indicators of compromise or those behavior analysis rules that create events that can automatically flow. We can inject that data into a service incident ticket on our IT service management tool, and that way we can assign the ticket to the proper teams and respond right away. Currently, we only have integration with ServiceNow.""Pricing-wise, it not affordable for the normal customer. Most of the people want to see different types of reporting, but FortiAnalyzer's fee is a little bit difficult.""FortiAnalyzer's price could be lower.""Fortinet FortiAnalyzer could improve the user interface, and the experience of users receiving the reports and tracking could be better.""The pricing could be better. They could work to make it more competitive on the market.""Their pricing model is not the best and needs work.""The solution should include the ability to customize reports so that customers receive greater value and high level reporting."

More Fortinet FortiAnalyzer Cons →

"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.""There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded.""We would like to see more improvements on the cloud.""Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc.""Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions.""Wazuh needs more security and features, particularly visualization features and a health monitor.""Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions.""I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."

More Wazuh Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "In the local market sometimes people are being charged more than other solutions. Although the market is competitive, legitimate suppliers do not receive a large enough discount to pass onto the customers."
  • "I believe that these devices were procured with a five-year maintenance and support license up front. I work at a university, so the vendor provides a considerable higher ed discount."
  • "We found the price of Fortinet FortiAnalyzer to be reasonable."
  • "It is acceptable for on-premises, but it is expensive for the cloud."
  • "FortiAnalyzer was in the product itself, but two years ago they split it from Fortinet. We paid the license two years ago."
  • "The enterprise version of this solution is costly. We have considered FortiAuthenticator for network control, but the pricing was focused on the larger companies and didn't suit our needs as a smaller business."
  • "It is expensive for small business customers. It is only available for customers with a high number of firewalls to manage or to report. If a customer has only five boxes of FortiGate, the price of FortiAnalyzer can be more than the five boxes. So, we can't easily put this solution for small business customers."
  • "I rate FortiAnalyzer six out of 10 for affordability. FortiAnalyzer pricing isn't steady. It changes each quarter or year. That's one of the main problems in West Abaco because most businesses here are small or medium-sized enterprises. It makes budgeting complicated. You always want to pay the same price on the subscription."
  • More Fortinet FortiAnalyzer Pricing and Cost Advice →

  • "Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
  • "There is not a license required for Wazuh."
  • "Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
  • "Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
  • "Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
  • "Wazuh has a community edition, and I was using that. It's free and open source."
  • More Wazuh Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    654,658 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:I have found incident management and also identifying new threats, analyzing the network traffic, and finding out the… more »
    Top Answer:When you compare with other firewall vendors, FortiAnalyzer is quite competitive in pricing. They are very aggressive as… more »
    Top Answer:One thing we struggled with FortiAnalyzer was integration with SIEM. We also had issues with the new threats and APTs… more »
    Top Answer:Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score… more »
    Top Answer:The scalability of this solution could be improved.
    Top Answer:We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We… more »
    Comparisons
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Fortinet FortiAnalyzer is a powerful platform used for log management, analytics, and reporting. The solution is designed to provide organizations with automation, single-pane orchestration, and response for simplified security operations, as well as proactive identification and remediation of risks and complete visibility of the entire attack surface.

    Fortinet FortiAnalyzer Features

    Fortinet FortiAnalyzer has many valuable key features. Some of the most useful ones include:

    • Advanced threat detection capabilities
    • Centralized security analytics
    • End-to-end security posture awareness
    • Integration with FortiGate NGFWs, FortiClient, FortiSandbox, FortiWeb, and FortiMail
    • Incident detection and response
    • Playbook automation
    • Event management
    • Security services
    • Analytics and reporting

    Fortinet FortiAnalyzer Benefits

    There are many l benefits to implementing Fortinet FortiAnalyzer. Some of the biggest advantages the solution offers include:

    • Flexible deployment options
    • Enterprise-grade high availability
    • Security automation to reduce complexity, leveraging REST API, scripts, connectors, and automation stitches
    • Multi-tenancy solution with quota management, leveraging (ADOMs) to separate customer data and manage domains for operational effectiveness and compliance

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Fortinet FortiAnalyzer solution.

    PeerSpot user Imad A., Group IT Manager at a manufacturing company, says, “You can monitor all appliances from a centralized location. You have a front dashboard for all our operations and all the logs. If you need to search for anything you can just dig deep into the logs. The solution offers excellent customizable reports. In our case, we needed a monthly report of all internet consumption, and we were able to easily create this.” He goes on to add, “There are pre-defined templates. The logs cover any question or need that we populate within these templates. However, you can also build your own template. There is great analytics that can be used in different departments. For example, our marketing department can go more into media patterns and not just into browsing patterns. Everything is easily visible and can be tracked and studied.”

    Luis G., Systems Architect at Zentius, mentions, “Log collection is the most valuable [feature]. The UI looks great. It has a very good look and feel. We don't have the need to use solid state drives. We use mechanic drives, and we don't see any performance issues, so basically, it is doing fine.”

    Rupsan S., Technical Presales Engineer at Dristi Tech Pvt.ltd., comments, "The feature that I have found the most valuable is to be able to see everything in our network in a single task. A single menu and the graphical bar charts that it provides to give insights are very useful. It also gives very good metrics on bandwidth utilization, CPU, and device performance. It is very simple and easy to use as well."

    Dilip S., Regional Head at Mass Infonet (P) Ltd., explains, “With FortiAnalyzer, you can see what the user is doing and what sites he goes to. You can also see how much quota there is and how much (size-wise) you want to hit, as well as what the incoming or outbound traffic is, and if it is through the ISP or not. Basically, you can see absolutely all activity using FortiAnalyzer. The solution is very complete. The product is very simple to use. It's regularly updated with many versions constantly adding more content and information. The solution has sandboxing, IPS, and DPS as well. The solution allows for a lot of customization.”

    Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

    It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

    • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
    • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
    • Elastic Stack is where alerts are indexed and stored.

    Wazuh Capabilities

    Some of Wazuh’s most notable capabilities include:

    • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

    • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

    • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

    • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

    • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
    • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

    • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

    • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

    • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

    Wazuh Benefits

    Some of the most valued benefits of Wazuh include:

    • No vendor lock-in
    • No license costs
    • Uses lightweight, multi-platform agents
    • Free community support

    Wazuh Offers

    • Annual support and maintenance
    • Assistance with deployment and configuration
    • Training and instructional hands-on courses

    Reviews From Real Users

    "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

    The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about Fortinet FortiAnalyzer
    Learn more about Wazuh
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    General Directorate of Information Technology
    Information Not Available
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Comms Service Provider10%
    Retailer10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider12%
    Financial Services Firm9%
    Government9%
    REVIEWERS
    Comms Service Provider29%
    Financial Services Firm11%
    University7%
    Government7%
    VISITORS READING REVIEWS
    Comms Service Provider22%
    Computer Software Company21%
    Government8%
    Manufacturing Company5%
    REVIEWERS
    Comms Service Provider33%
    Security Firm25%
    Computer Software Company17%
    Financial Services Firm8%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Comms Service Provider18%
    Government7%
    Educational Organization6%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business47%
    Midsize Enterprise24%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise20%
    Large Enterprise53%
    REVIEWERS
    Small Business60%
    Midsize Enterprise27%
    Large Enterprise13%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise20%
    Large Enterprise51%
    Buyer's Guide
    Fortinet FortiAnalyzer vs. Wazuh
    October 2022
    Find out what your peers are saying about Fortinet FortiAnalyzer vs. Wazuh and other solutions. Updated: October 2022.
    654,658 professionals have used our research since 2012.

    Fortinet FortiAnalyzer is ranked 9th in Log Management with 33 reviews while Wazuh is ranked 14th in Log Management with 15 reviews. Fortinet FortiAnalyzer is rated 8.0, while Wazuh is rated 6.8. The top reviewer of Fortinet FortiAnalyzer writes "It creates a central point of management and control, giving you real-time insight into what is going on. ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Fortinet FortiAnalyzer is most compared with Splunk, Graylog, Elastic Security, Datadog and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Splunk, AT&T AlienVault USM, Graylog and LogRhythm SIEM. See our Fortinet FortiAnalyzer vs. Wazuh report.

    See our list of best Log Management vendors.

    We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.