Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs Wazuh comparison

LogRhythm and Wazuh are both solutions in the Extended Detection and Response (XDR) category. LogRhythm is ranked #34 with an average rating of 6.8, while Wazuh is ranked #5 with an average rating of 7.6. LogRhythm holds a 1.0% mindshare in XDR, compared to Wazuh’s 11.6% mindshare. Additionally, 55% of LogRhythm users are willing to recommend the solution, compared to 80% of Wazuh users who would recommend it.
LogRhythm UEBA
Read 11 LogRhythm UEBA reviews
  • 1,307 Views
  • 902 Comparison Views
55% willing to recommend
Wazuh
Read 48 Wazuh reviews
  • 46,908 Views
  • 13,603 Comparison Views
80% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Wazuh and LogRhythm UEBA compete in the security solutions category. LogRhythm UEBA has the upper hand for those needing extensive analytical capabilities due to its advanced features and adaptability.

Features: Wazuh boasts strong integration capabilities, open-source flexibility, and customization latitude. LogRhythm UEBA offers advanced analytics, machine learning enhancements, and comprehensive feature depth.

Room for Improvement: Wazuh could improve user training, support documentation, and integration capabilities. LogRhythm UEBA would benefit from enhancing integration support, performance optimization, and user experience for smoother operations.

Ease of Deployment and Customer Service: Wazuh's deployment is straightforward with responsive community support, fitting for SMBs. LogRhythm UEBA has a structured deployment process that requires more time but is supported by professional customer service.

Pricing and ROI: Wazuh's low setup costs and high ROI are appealing for budget-conscious users. LogRhythm UEBA, although priced higher, achieves ROI through its advanced analytical capabilities, making it attractive for those seeking comprehensive analysis.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed LogRhythm UEBA vs. Wazuh Report (Updated: June 2025).
Buyer's Guide
LogRhythm UEBA vs. Wazuh
June 2025
Download the complete report
Helped 861,170 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
34th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (14th)
Wazuh
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
7.4
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 1.0% compared to the previous year. The mindshare of Wazuh is 11.6%, down from 11.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Read full review
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I can investigate attacks more quickly using machine learning tools."
"Good capability pinpointing specific cyber incidents."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"It has a lot of features. It has file integration monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The most valuable features are file activity monitoring and registry activity monitoring."
More LogRhythm UEBA pros
"Good for monitoring, active response, and for vulnerabilities."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"It has efficient SCA capabilities."
"The main thing I like about it is that it has an EDR."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh has very flexible and robust features."
"Its cost-effectiveness is the most valuable aspect."
More Wazuh pros
 

Cons

"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The cloud version is lacking and not up to par."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The search feature needs to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
More LogRhythm UEBA cons
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"So far, the recent updates have addressed most challenges we previously faced."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
More Wazuh cons
 

Pricing and Cost Advice

"The pricing is nice when compared to other products in the industry."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"It is quite a budget-friendly product."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"The product is cheaper compared to other tools."
"Wazuh is an open-source tool."
"It is an open-source product."
"The solution's pricing is very competitive."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"They have a good pricing strategy for market expansion."
"We use the free version of Wazuh."
More Wazuh pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Comms Service Provider
6%
Computer Software Company
15%
Comms Service Provider
9%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
See all answers
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
See all answers
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
See all answers
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
See all answers
What needs improvement with Wazuh?
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
See all answers
What is your primary use case for Wazuh?
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
See all answers
 

Comparisons

Darktrace vs LogRhythm UEBA Logo
Darktrace vs LogRhythm UEBA
Compared 21% of the time
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA Logo
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA
Compared 11% of the time
Microsoft Purview Insider Risk Management vs LogRhythm UEBA Logo
Microsoft Purview Insider Risk Management vs LogRhythm UEBA
Compared 8% of the time
IBM Security QRadar vs LogRhythm UEBA Logo
IBM Security QRadar vs LogRhythm UEBA
Compared 7% of the time
Trend Vision One vs LogRhythm UEBA Logo
Trend Vision One vs LogRhythm UEBA
Compared 6% of the time
More LogRhythm UEBA Competitors
Security Onion vs Wazuh Logo
Security Onion vs Wazuh
Compared 13% of the time
Elastic Stack vs Wazuh Logo
Elastic Stack vs Wazuh
Compared 13% of the time
Graylog vs Wazuh Logo
Graylog vs Wazuh
Compared 7% of the time
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Compared 7% of the time
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Compared 4% of the time
More Wazuh Competitors
 

Product Reports

Buyer's Guide
User Entity Behavior Analytics (UEBA)
June 2025
LogRhythm UEBA reportDownload LogRhythm UEBA product report
Buyer's Guide
Wazuh
June 2025
Wazuh reportDownload Wazuh product report
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
No data available
 

Overview

LogRhythm UEBA enables your security team to quickly and effectively detect, respond to, and neutralize both known and unknown threats. Providing evidence-based starting points for investigation, it employs a combination of scenario analytics techniques (e.g., statistical analysis, rate analysis, trend analysis, advanced correlation), and both supervised and unsupervised machine learning (ML).

LogRhythm

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

Wazuh
Buyer's Guide
LogRhythm UEBA vs. Wazuh
June 2025
Free Report: LogRhythm UEBA vs. Wazuh
Find out what your peers are saying about LogRhythm UEBA vs. Wazuh and other solutions. Updated: June 2025.
DOWNLOAD NOW
861,170 professionals have used our research since 2012.
See our LogRhythm UEBA vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.