Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA [EOL] vs Wazuh comparison

Exabeam and Wazuh are both solutions in the Extended Detection and Response (XDR) category. Exabeam is ranked #34 with an average rating of 6.8, while Wazuh is ranked #5 with an average rating of 7.6. Exabeam holds a 1.0% mindshare in XDR, compared to Wazuh’s 11.6% mindshare. Additionally, 55% of Exabeam users are willing to recommend the solution, compared to 80% of Wazuh users who would recommend it.
LogRhythm UEBA [EOL]
Read 11 LogRhythm UEBA [EOL] reviews
  • 1,307 Views
  • 902 Comparison Views
55% willing to recommend
Wazuh
Read 48 Wazuh reviews
  • 46,908 Views
  • 13,603 Comparison Views
80% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jul 24, 2025

Wazuh and LogRhythm UEBA are competitors in the security software sector. Wazuh appears to have the upper hand due to its open-source flexibility and robust integration capabilities.

Features: Wazuh is recognized for its SIEM features, integration with ELK for forensic analysis, and cloud-native capability, enhancing its deployment on platforms like AWS. It supports extensive compliance frameworks and is free of cost, offering a competitive alternative to premium solutions. LogRhythm UEBA, on the other hand, focuses on using machine learning for analyzing user behavior to detect security threats effectively. Its machine learning capabilities are its standout feature, providing deep insights into end-user activities.

Room for Improvement: Wazuh needs advancements in accommodating large-scale enterprises, enhancing threat intelligence integrations, and increasing use case libraries for better cloud interaction. LogRhythm UEBA faces criticism for high costs, requiring an enriched library of use cases, and demands better machine learning accuracy and dashboard customization compared to competitors.

Ease of Deployment and Customer Service: Wazuh benefits from diverse deployment options, including on-premises and cloud, backed by community support and optional paid services. However, its support responsiveness can improve. LogRhythm UEBA is limited to on-premises deployments, often necessitating professional services for integration, which increases complexity and cost.

Pricing and ROI: Wazuh, being open-source, offers a cost-effective solution for small businesses with investments mostly needed for manpower. While its operation efforts may imply higher TCO, it ultimately provides strong ROI by savings on security tools. LogRhythm UEBA's pricing is more expensive, featuring a yearly subscription but providing flexible modules. However, cloud versions and professional service fees can escalate overall expenses.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed LogRhythm UEBA [EOL] vs. Wazuh Report (Updated: June 2025).
Buyer's Guide
LogRhythm UEBA [EOL] vs. Wazuh
June 2025
Download the complete report
Helped 863,641 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA [EOL]
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA [EOL] is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Read full review
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution's most valuable features are the graphical user interface and the reporting."
"I can investigate attacks more quickly using machine learning tools."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"Good capability pinpointing specific cyber incidents."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"It has a lot of features. It has file integration monitoring."
More LogRhythm UEBA [EOL] pros
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"The solution is easy to maintain."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The tool is stable."
"The most valuable feature of Wazuh is its EDR capabilities."
More Wazuh pros
 

Cons

"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The search feature needs to be improved."
"The cloud version is lacking and not up to par."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
More LogRhythm UEBA [EOL] cons
"Integration with Vyara could be better."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"An issue I noticed is with tag values in certain rules not functioning properly."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
More Wazuh cons
 

Pricing and Cost Advice

"The pricing is nice when compared to other products in the industry."
"It is quite a budget-friendly product."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"Wazuh is not an expensive solution."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"The product price is neither too high nor too low."
"The solution's pricing is very competitive."
"Wazuh is an open-source tool."
"The product is cheaper compared to other tools."
"The solution's cost is above the average."
More Wazuh pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
863,641 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
10%
Retailer
8%
Manufacturing Company
8%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
See all answers
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
See all answers
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
See all answers
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
See all answers
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
See all answers
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
See all answers
 

Comparisons

Darktrace vs LogRhythm UEBA [EOL] Logo
Darktrace vs LogRhythm UEBA [EOL]
Compared 20% of the time
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA [EOL] Logo
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA [EOL]
Compared 11% of the time
Microsoft Purview Insider Risk Management vs LogRhythm UEBA [EOL] Logo
Microsoft Purview Insider Risk Management vs LogRhythm UEBA [EOL]
Compared 7% of the time
IBM Security QRadar vs LogRhythm UEBA [EOL] Logo
IBM Security QRadar vs LogRhythm UEBA [EOL]
Compared 7% of the time
Trend Vision One vs LogRhythm UEBA [EOL] Logo
Trend Vision One vs LogRhythm UEBA [EOL]
Compared 6% of the time
More LogRhythm UEBA [EOL] Competitors
Security Onion vs Wazuh Logo
Security Onion vs Wazuh
Compared 13% of the time
Elastic Stack vs Wazuh Logo
Elastic Stack vs Wazuh
Compared 13% of the time
Graylog vs Wazuh Logo
Graylog vs Wazuh
Compared 7% of the time
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Compared 7% of the time
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Compared 4% of the time
More Wazuh Competitors
 

Product Reports

Buyer's Guide
User Entity Behavior Analytics (UEBA)
July 2025
LogRhythm UEBA [EOL] reportDownload LogRhythm UEBA [EOL] product report
Buyer's Guide
Wazuh
June 2025
Wazuh reportDownload Wazuh product report
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

LogRhythm UEBA [EOL] offers advanced threat detection with an intuitive interface, utilizing correlation, behavior analysis, and machine learning to monitor server threats and privileged accounts effectively.

LogRhythm UEBA [EOL] provides comprehensive user behavior analytics and threat hunting capabilities, making use of customizable dashboards, reporting tools, file and registry monitoring. CloudAI adds depth by identifying unknown activities, enhancing network visibility and cyber risk reduction through constant monitoring. Users in Sri Lanka find it valuable for network stability, while other users leverage it for improved user monitoring and quick attack investigation. Despite its strong features, enhancements in integration, pricing in Asia, and documentation could improve its adoption.

What are the key features of LogRhythm UEBA [EOL]?
  • Intuitive Graphical Interface: Provides a user-friendly experience tailored to cybersecurity needs.
  • Customizable Dashboards: Offers personalized monitoring views and reporting capabilities.
  • Effective Reporting Tools: Enhances incident analysis and decision-making with detailed insights.
  • Machine Learning: Identifies patterns in user behavior, detecting anomalies efficiently.
  • CloudAI: Detects unknown activities, improving threat identification accuracy.
What benefits can users expect from LogRhythm UEBA [EOL]?
  • Enhanced Threat Detection: Increases network safety through comprehensive monitoring.
  • Improved Network Visibility: Facilitates better management of cybersecurity resources.
  • Quick Attack Investigation: Reduces time to detect and respond to threats.
  • Cyber Risk Reduction: Employs machine learning to address potential security gaps proactively.

In the financial sector, LogRhythm UEBA [EOL] is implemented to monitor privileged accounts and identify suspicious transactions swiftly. Healthcare organizations use it to safeguard sensitive patient data through behavior analysis. Manufacturing firms apply it to protect intellectual property and ensure compliance with industry regulations. Across these industries, the adaptability and analytics of LogRhythm UEBA [EOL] offer a strategic approach to cybersecurity management.

Exabeam

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

Wazuh
Buyer's Guide
LogRhythm UEBA [EOL] vs. Wazuh
June 2025
Free Report: LogRhythm UEBA [EOL] vs. Wazuh
Find out what your peers are saying about LogRhythm UEBA [EOL] vs. Wazuh and other solutions. Updated: June 2025.
DOWNLOAD NOW
863,641 professionals have used our research since 2012.
See our LogRhythm UEBA [EOL] vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.