We performed a comparison between Sumo Logic Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The solution is quite stable."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The MITRE ATT&CK correlation is most valuable."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"The tool is stable."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The configuration assessment and Pile integrity monitoring features are decent."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The troubleshooting has room for improvement."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"One key area that can be improved is by building a strong integration with our XDR platform."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"There are some API gaps that are missing."
"The integration with multiple sources could be better."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The initial setup is the most stressful, like learning how to use it."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Some features, like alerting, are complex with Wazuh."
"We would like to see more improvements on the cloud."
"The deployment is a bit complex."
"The tool does not provide CTI to monitor darknet."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Integration with Vyara could be better."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
Sumo Logic Security is ranked 21st in Log Management with 17 reviews while Wazuh is ranked 3rd in Log Management with 38 reviews. Sumo Logic Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Sumo Logic Security writes "Integrates well, useful rules, and beneficial GUI". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Sumo Logic Security is most compared with Splunk Enterprise Security, Rapid7 InsightIDR, VMware Aria Operations for Logs, IBM Security QRadar and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Splunk Enterprise Security, Security Onion, AlienVault OSSIM and USM Anywhere. See our Sumo Logic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.