LogRhythm UEBA [EOL] vs Wazuh comparison

Read 49 Wazuh reviews

41,754 Views
11,691 Comparison Views

80% willing to recommend

LogRhythm UEBA [EOL]

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Aug 25, 2025

Wazuh and LogRhythm UEBA compete in the security software market. Wazuh seems to have an advantage in cost-effectiveness due to its open-source nature, making it more accessible for small to medium businesses. LogRhythm UEBA, though more expensive, provides more comprehensive security capabilities.

Features: Wazuh provides robust integration capabilities, real-time file monitoring, and comprehensive compliance tools. Its open-source nature allows for scalability and customization options. LogRhythm UEBA focuses on user behavior analysis and advanced threat hunting, supported by strong dashboard and machine learning features.

Room for Improvement: Wazuh could enhance its threat intelligence and integration ease with other security solutions, alongside scalability and documentation. LogRhythm UEBA's room for improvement includes dashboard functionalities, machine learning, and risk quantification, along with developing better pricing models and more comprehensive use cases.

Ease of Deployment and Customer Service: Wazuh allows flexibility in deployment across various environments. Its open-source nature means users often rely on community support. LogRhythm UEBA offers easier initial deployment but necessitates professional services for cloud integration, leading to higher costs and resource demands.

Pricing and ROI: Wazuh provides a low-cost entry being open-source but may incur additional costs due to resource needs. LogRhythm UEBA has higher upfront costs, offering flexible licensing models and robust features that may justify the expense for organizations seeking comprehensive security solutions.

To learn more, read our detailed Extended Detection and Response (XDR) Report (Updated: September 2025).

Extended Detection and Response (XDR)

September 2025

Download the complete report

Helped 872,029 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

LogRhythm UEBA [EOL]

Average Rating

7.0

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Wazuh

Average Rating

7.4

Reviews Sentiment

6.3

Number of Reviews

Ranking in other categories

Log Management (1st), Security Information and Event Management (SIEM) (2nd), Extended Detection and Response (XDR) (5th)

Featured Reviews

Sheikh Abu Ayub Azad

CEO at Trustaira

Great at managing cyber incidents; the technical support could be improved

The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.

Read full review

Ebenezer Okoh

Security Consultant at ebenezer.okoh@agorasecurity.it

Innovative platform enables proactive threat hunting and endpoint monitoring

I have not seen Wazuh moving in the direction of AI-driven threat detection projects myself, but since the market is moving that way, I wouldn't be surprised if they implemented it soon. My plans to increase the usage of Wazuh or switch to another tool depend on what my boss decides. We don't refer to any community support specifically, as we rely on other platforms such as GitHub or Discord, depending on the application. I recommend that as more companies come on board with Wazuh, it will motivate those who contribute to it, but I am also cautious that as it gains attention, a large company might buy it and change its course of business. Overall, I rate Wazuh a nine out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."

"The most valuable features are file activity monitoring and registry activity monitoring."

"The tool's most valuable feature is server threat hunting."

"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."

"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."

"It is easy to monitor users and that is how the solution is adding value to our firm."

"It has a lot of features. It has file integration monitoring."

"I can investigate attacks more quickly using machine learning tools."

More LogRhythm UEBA [EOL] pros

"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."

"I would recommend Wazuh to others."

"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."

"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."

"It offers built-in modules for file integrity and vulnerability management."

"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."

"I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."

"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."

More Wazuh pros

Cons

"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."

"The cloud version is lacking and not up to par."

"The UI could be improved a little bit."

"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."

"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."

"The product could be user-friendly for someone who doesn’t have any prior experience working with it."

"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."

"The search feature needs to be improved."

More LogRhythm UEBA [EOL] cons

"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."

"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."

"Wazuh doesn't have native support for some enterprise solutions."

"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."

"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."

"There could be a hardware monitoring tool for the solution."

"Wazuh needs more security and features, particularly visualization features and a health monitor."

"Wazuh should come up with more in-built rules and integrations for the cloud."

More Wazuh cons

Pricing and Cost Advice

"LogRhythm UEBA's pricing is affordable for small and medium businesses."

"It is quite a budget-friendly product."

"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."

"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."

"Licensing is on a yearly basis. It's not expensive compared to its competitors."

"The pricing is nice when compared to other products in the industry."

"The solution's cost is above the average."

"Wazuh is a cheaply priced product."

"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."

"The product is cheaper compared to other tools."

"The current pricing is open source."

"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."

"The solution's pricing is very competitive."

"It is an open-source product."

More Wazuh pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

872,029 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

10%

Retailer

10%

Manufacturing Company

Computer Software Company

15%

Comms Service Provider

University

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	4
Large Enterprise	3

By reviewers
Company Size	Count
Small Business	26
Midsize Enterprise	15
Large Enterprise	8

Questions from the Community

What do you like most about LogRhythm UserXDR?

The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...

What is your experience regarding pricing and costs for LogRhythm UserXDR?

I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.

What needs improvement with LogRhythm UserXDR?

In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...

What do you like most about Wazuh?

Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...

What needs improvement with Wazuh?

The lack of AI features is an issue at the moment in the industry. Forti provides user behavior capabilities, which I would want to see in Wazuh. In FortiSIEM, they provide user behavior understand...

What is your primary use case for Wazuh?

At the moment, I'm working in software integration, so we are working with FortiGate. To research and get an idea, I did some investigation into Wazuh. They have already used Fortinet products. The...

Darktrace vs LogRhythm UEBA [EOL]

Comparisons

Compared 18% of the time

Cortex XDR by Palo Alto Networks vs LogRhythm UEBA [EOL]

Compared 11% of the time

Microsoft Purview Insider Risk Management vs LogRhythm UEBA [EOL]

Compared 9% of the time

IBM Security QRadar vs LogRhythm UEBA [EOL]

Compared 8% of the time

Veriato User Activity Monitoring (UAM) vs LogRhythm UEBA [EOL]

Compared 8% of the time

More LogRhythm UEBA [EOL] Competitors

Security Onion vs Wazuh

Compared 13% of the time

Elastic Stack vs Wazuh

Compared 12% of the time

Graylog Enterprise vs Wazuh

Compared 7% of the time

AlienVault OSSIM vs Wazuh

Compared 6% of the time

Elastic Security vs Wazuh

Compared 4% of the time

More Wazuh Competitors

Product Reports

User Entity Behavior Analytics (UEBA)

October 2025

Download LogRhythm UEBA [EOL] product report

Download Wazuh product report

October 2025

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA

Wazuh All-In-One Deployment

Overview

LogRhythm UEBA [EOL] offers advanced threat detection with an intuitive interface, utilizing correlation, behavior analysis, and machine learning to monitor server threats and privileged accounts effectively.

LogRhythm UEBA [EOL] provides comprehensive user behavior analytics and threat hunting capabilities, making use of customizable dashboards, reporting tools, file and registry monitoring. CloudAI adds depth by identifying unknown activities, enhancing network visibility and cyber risk reduction through constant monitoring. Users in Sri Lanka find it valuable for network stability, while other users leverage it for improved user monitoring and quick attack investigation. Despite its strong features, enhancements in integration, pricing in Asia, and documentation could improve its adoption.

What are the key features of LogRhythm UEBA [EOL]?

Intuitive Graphical Interface: Provides a user-friendly experience tailored to cybersecurity needs.
Customizable Dashboards: Offers personalized monitoring views and reporting capabilities.
Effective Reporting Tools: Enhances incident analysis and decision-making with detailed insights.
Machine Learning: Identifies patterns in user behavior, detecting anomalies efficiently.
CloudAI: Detects unknown activities, improving threat identification accuracy.

What benefits can users expect from LogRhythm UEBA [EOL]?

Enhanced Threat Detection: Increases network safety through comprehensive monitoring.
Improved Network Visibility: Facilitates better management of cybersecurity resources.
Quick Attack Investigation: Reduces time to detect and respond to threats.
Cyber Risk Reduction: Employs machine learning to address potential security gaps proactively.

In the financial sector, LogRhythm UEBA [EOL] is implemented to monitor privileged accounts and identify suspicious transactions swiftly. Healthcare organizations use it to safeguard sensitive patient data through behavior analysis. Manufacturing firms apply it to protect intellectual property and ensure compliance with industry regulations. Across these industries, the adaptability and analytics of LogRhythm UEBA [EOL] offer a strategic approach to cybersecurity management.

Exabeam

Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.

Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.

What are the essential features of Wazuh?

MITRE ATT&CK Correlation: Aligns events with recognized adversary tactics and techniques.
Log Monitoring: Collects and analyzes logs for threat detection.
Cloud-Native Infrastructure: Supports modern cloud environments.
Vulnerability Scanning: Identifies potential security weaknesses.
File Integrity Monitoring: Ensures the integrity of sensitive files.
Open-Source Flexibility: Customizable and adaptable code base.

What benefits should users consider?

Cost-Effectiveness: Offers a budget-friendly security solution.
Ease of Use: Simplified setup and management.
Comprehensive Compliance Management: Aids in meeting regulatory requirements.
High Scalability: Grows with businesses and adapts to different environments.
Extensive Third-Party Integrations: Connects to various existing systems.

Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.