Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features are file activity monitoring and registry activity monitoring."
"The solution's most valuable features are the graphical user interface and the reporting."
"The tool's most valuable feature is server threat hunting."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"Good capability pinpointing specific cyber incidents."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"It has a lot of features. It has file integration monitoring."
"It's stable."
"Its cost-effectiveness is the most valuable aspect."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"The product’s interface is intuitive."
"We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh."
"The most valuable feature of Wazuh is its EDR capabilities."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"I like that the solution is on top of the Kubernetes stack."
 

Cons

"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"The UI could be improved a little bit."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The cloud version is lacking and not up to par."
"The search feature needs to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"The implementation is very complex."
"While it is scalable, it can suffer from reduced latencies."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"The computing resources are consuming and do not make sense."
 

Pricing and Cost Advice

"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"It is quite a budget-friendly product."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"The pricing is nice when compared to other products in the industry."
"Wazuh is free and open source."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"It is a free-of-cost solution."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
"Wazuh is not an expensive solution."
"There is not a license required for Wazuh."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"It is a cost-effective solution."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Retailer
8%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

Find out what your peers are saying about LogRhythm UEBA vs. Wazuh and other solutions. Updated: June 2025.
862,514 professionals have used our research since 2012.