We performed a comparison between Sentinel and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel pricing is good"
"The features that stand out are the detection engine and its integration with multiple data sources."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"It has a lot of great features."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The tool is simple to use."
"The most valuable feature of Sentinel is the dashboard."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"It is a stable solution."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"It has efficient SCA capabilities."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"The most valuable features are the modules and metrics."
"The product is easy to customize."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Sentinel's reporting is complex and can be more user-friendly."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The solution should allow for a streamlined CI/CD procedure."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The on-prem log sources still require a lot of development."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"The solution does not allow outsourced authorizations."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"Log source integration with Sentinel needs to be improved."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"I would like to see a better reporting work structure on the dashboard."
"The dashboard and customer view should be improved"
"There could be a hardware monitoring tool for the solution."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"A lack of certain features creates limitations."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Since it's an open-source tool, scalability is the main issue."
"The implementation is very complex."
Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Sentinel is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM), whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our Sentinel vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.