Comparison Buyer's Guide

Executive SummaryUpdated on Jun 7, 2024

Categories and Ranking

Security Onion
Ranking in Log Management
Average Rating
Number of Reviews
Ranking in other categories
AWS Marketplace (1st)
Ranking in Log Management
Average Rating
Number of Reviews
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Extended Detection and Response (XDR) (3rd)

Market share comparison

As of June 2024, in the Log Management category, the market share of Security Onion is 19.2% and it increased by Infinity% compared to the previous year. The market share of Wazuh is 20.2% and it increased by 4.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
Unique Categories:
AWS Marketplace
Security Information and Event Management (SIEM)
Extended Detection and Response (XDR)

Featured Reviews

Jörg Kippe - PeerSpot reviewer
Jan 18, 2024
A mature and affordable solution that is easy to install and easy to update
The solution is used to learn how the tools work. It enables us to do consulting and demonstrate solutions. We develop attacks, detect them, and demonstrate how it works. The customers are interested in seeing how and what these tools can do We are only working with open-source products. The tool…
Jun 15, 2023
Good for file integrity monitoring
There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"The most valuable feature of Security Onion for security monitoring is its ability to find infected ports."
"Security Onion is the most mature solution in the market."
"We use Security Onion for internal vulnerability assessment."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"The product is easy to customize."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."


"Security Onion's user interface could be improved."
"The initial setup of the solution is a little bit difficult."
"The product is not easy to learn."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"We would like to see more improvements on the cloud."
"The only challenge we faced with Wazuh was the lack of direct support."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"Integration with Vyara could be better."

Pricing and Cost Advice

"Security Onion is a free solution."
"It is an open-source solution."
"Security Onion is an open-source solution."
"The solution's pricing is very competitive."
"The solution's cost is above the average."
"The current pricing is open source."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"Wazuh is not an expensive solution."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
"Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
787,560 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Comms Service Provider
Computer Software Company
Comms Service Provider
Financial Services Firm

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available

Questions from the Community

What do you like most about Security Onion?
The most valuable feature of Security Onion for security monitoring is its ability to find infected ports.
What is your experience regarding pricing and costs for Security Onion?
Security Onion is an open-source solution. On a scale from one to ten, where ten is expensive and one is cheap, I rate the solution's pricing a six out of ten.
What needs improvement with Security Onion?
The initial setup of the solution is a little bit difficult.
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating mu...
What is your primary use case for Wazuh?
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.




Find out what your peers are saying about Security Onion vs. Wazuh and other solutions. Updated: June 2024.
787,560 professionals have used our research since 2012.