We performed a comparison between NetWitness XDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft 365 Defender is simple to upgrade."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Its most significant advantage lies in its affordability."
"I have found the ability to delete unwanted threats beneficial."
"It is stable. We have been using it for some time, without any issues."
"Technical support is knowledgeable."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The stability of the RSA NetWitness Endpoint is very good."
"This solution allows us to locate the malware in real-time."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The main thing I like about it is that it has an EDR."
"The tool is stable."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"Threat detection could be better."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The solution lacks a reporting engine."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"RSA NetWitness Network could improve on integration with non-native application integration."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh is missing many things that a typical SIEM should have."
"The deployment is a bit complex."
"The tool doesn't detect anomalies or new environments."
"Some features, like alerting, are complex with Wazuh."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"While it is scalable, it can suffer from reduced latencies."
"The only challenge we faced with Wazuh was the lack of direct support."
NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. NetWitness XDR is rated 8.0, while Wazuh is rated 7.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our NetWitness XDR vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.