Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I can investigate attacks more quickly using machine learning tools."
"Good capability pinpointing specific cyber incidents."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"It has a lot of features. It has file integration monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The most valuable features are file activity monitoring and registry activity monitoring."
"Good for monitoring, active response, and for vulnerabilities."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"It has efficient SCA capabilities."
"The main thing I like about it is that it has an EDR."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh has very flexible and robust features."
"Its cost-effectiveness is the most valuable aspect."
 

Cons

"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The cloud version is lacking and not up to par."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The search feature needs to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"So far, the recent updates have addressed most challenges we previously faced."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
 

Pricing and Cost Advice

"The pricing is nice when compared to other products in the industry."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"It is quite a budget-friendly product."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"The product is cheaper compared to other tools."
"Wazuh is an open-source tool."
"It is an open-source product."
"The solution's pricing is very competitive."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"They have a good pricing strategy for market expansion."
"We use the free version of Wazuh."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
6%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

Find out what your peers are saying about LogRhythm UEBA vs. Wazuh and other solutions. Updated: June 2025.
861,170 professionals have used our research since 2012.