Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is easy to monitor users and that is how the solution is adding value to our firm."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The solution's most valuable features are the graphical user interface and the reporting."
"I can investigate attacks more quickly using machine learning tools."
"It has a lot of features. It has file integration monitoring."
"Good capability pinpointing specific cyber incidents."
"The most valuable features are file activity monitoring and registry activity monitoring."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"It's stable."
"The product’s interface is intuitive."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"Wazuh is simple to use for PCI compliance."
"Good for monitoring, active response, and for vulnerabilities."
 

Cons

"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The UI could be improved a little bit."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The cloud version is lacking and not up to par."
"Its configuration process is time-consuming."
"Some features, like alerting, are complex with Wazuh."
"Wazuh doesn't have native support for some enterprise solutions."
"Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."
"Wazuh currently fails to provide its users with AI and ML."
"We would like to see more improvements on the cloud."
"The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
 

Pricing and Cost Advice

"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"It is quite a budget-friendly product."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"The pricing is nice when compared to other products in the industry."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"We use the free version of Wazuh."
"Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
"They have a good pricing strategy for market expansion."
"Wazuh is not an expensive solution."
"The product is cheaper compared to other tools."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"My client uses the open-source version of Wazuh."
"It is a cost-effective solution."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
6%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

Find out what your peers are saying about LogRhythm UEBA vs. Wazuh and other solutions. Updated: June 2025.
861,390 professionals have used our research since 2012.