We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The Log analytics are useful."
"The Splunk user community and forum are most valuable."
"The most valuable feature of Splunk is the management and built-in workflows."
"Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us."
"It's better than IBM, in my opinion, because it's an independent entity."
"It provides a risk score for each object, device, or user. We can then take action if they are at a higher risk."
"The product provides visibility and enables us to correlate data and generate alerts."
"The correlation searches are most valuable just because we are able to do things like RBA."
"The dashboard and reporting are very good... It provides very good visibility in a hybrid cloud environment, and you can build custom utilization APIs using Splunk."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"It has efficient SCA capabilities."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"The configuration assessment and Pile integrity monitoring features are decent."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The solution could improve the playbooks."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
"I'd like to see more integration with more antivirus systems."
"The upgrading process could be smoother."
"Writing queries is a bit complicated sometimes."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"This solution could be improved by better pricing in general and by easier installation."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"There could be a hardware monitoring tool for the solution."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"The only challenge we faced with Wazuh was the lack of direct support."
"While it is scalable, it can suffer from reduced latencies."
"The implementation is very complex."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
Splunk Enterprise Security is ranked 1st in Log Management with 71 reviews while Wazuh is ranked 3rd in Log Management with 28 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.2. The top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". On the other hand, the top reviewer of Wazuh writes "Good for file integrity monitoring". Splunk Enterprise Security is most compared with Dynatrace, Elastic Security, IBM Security QRadar, Azure Monitor and Zabbix, whereas Wazuh is most compared with Elastic Security, Graylog, USM Anywhere, Fortinet FortiAnalyzer and IBM Security QRadar. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.