Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"Good capability pinpointing specific cyber incidents."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The tool's most valuable feature is server threat hunting."
"The solution's most valuable features are the graphical user interface and the reporting."
"I can investigate attacks more quickly using machine learning tools."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."
"I would recommend Wazuh to others."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Its cost-effectiveness is the most valuable aspect."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh."
"The product is easy to customize."
 

Cons

"The UI could be improved a little bit."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The search feature needs to be improved."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"I want more support for regional compliance standards to serve my ANZ region customers better."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"A lack of certain features creates limitations."
"Wazuh currently fails to provide its users with AI and ML."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
 

Pricing and Cost Advice

"It is quite a budget-friendly product."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"The pricing is nice when compared to other products in the industry."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"The solution's pricing is very competitive."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
"They have a good pricing strategy for market expansion."
"It is an open-source product."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"The product price is neither too high nor too low."
"There is not a license required for Wazuh."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
6%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

Find out what your peers are saying about LogRhythm UEBA vs. Wazuh and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.