No more typing reviews! Try our Samantha, our new voice AI agent.

Uptycs vs Wazuh comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 1, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Uptycs
Ranking in Extended Detection and Response (XDR)
39th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
2
Ranking in other categories
Endpoint Protection Platform (EPP) (44th), Container Security (37th), Endpoint Detection and Response (EDR) (51st), Cloud Workload Protection Platforms (CWPP) (23rd), Cloud Security Posture Management (CSPM) (33rd), Cloud-Native Application Protection Platforms (CNAPP) (22nd), Cloud Detection and Response (CDR) (12th)
Wazuh
Ranking in Extended Detection and Response (XDR)
6th
Average Rating
7.4
Reviews Sentiment
5.9
Number of Reviews
51
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (3rd)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Uptycs is 0.7%, up from 0.2% compared to the previous year. The mindshare of Wazuh is 4.9%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Wazuh4.9%
Uptycs0.7%
Other89.8%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
SangramGupta - PeerSpot reviewer
Security Consultant at Deloitte
Centralized visibility has improved risk-based vulnerability management but onboarding still needs simplification
From my perspective, the features of Uptycs that stand out more for my projects and organization are the vulnerability management, endpoint visibility, and asset inventory management features. I can share two specific outcomes that show this positive impact using Uptycs. First, it reduces significant time and effort from the asset inventory point of view because previously I needed to scan all of the assets which were in scope, but now I only scan those assets that are currently active and in scope, and the CMDB and asset inventory receive proper updates of those assets. Secondly, in vulnerability prioritization, I receive all the prioritized vulnerabilities so I can prioritize and mitigate or remediate them as soon as possible, which reduces the overall time of remediation as well.
RS
Engineer Information Security at N-Able (Pvt) Ltd
Has faced limitations in AI capabilities and pricing flexibility
Pricing-wise, Wazuh stands out, along with deployment flexibility and its documentation which is extremely good in comparison to Forti. The community support is also incredible. They have helped quite a bit because previously, we had a separate tool and management dashboard to do our compliance. With Wazuh, we receive that information without having to do anything extra. We just set up the SIEM and all of that information was automatically populated. The dashboards are very easy to understand and very quick with no lag or delay. I have experienced delays on Forti's dashboards, but not with Wazuh. Wazuh is quite good. In comparison to Forti, they are quite similar. They are very good at detection.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The behavior-based detection feature is valuable."
"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."
"I recognize that Cortex XDR by Palo Alto Networks is one of the best products in its category regarding capabilities."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."
"My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features."
"Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure."
"The level of security I get for my endpoints and servers is extremely valuable."
"They have multiple great features."
"I have seen a return on investment from using Uptycs, saving almost 25 to 30 percent in terms of asset investigations or asset inventory management and vulnerability prioritization, which is significant."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Other than that, it's a highly recommended product from our side, and we wish that this product had intel support."
"Wazuh is a powerful tool, and you can do lots of things with it."
"It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment."
"Good for monitoring, active response, and for vulnerabilities."
"The main thing I like about it is that it has an EDR."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
 

Cons

"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."
"A better pricing plan would make this product more competitive."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"Regarding improvements for Uptycs, I suggest simplified onboarding for complex cloud environments because the current onboarding method is complex and requires checks with the support team."
"We end up facing a lot of issues after upgrades."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Some features, like alerting, are complex with Wazuh."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"So far, the recent updates have addressed most challenges we previously faced."
"The deployment is a bit complex."
"Wazuh should come up with more in-built rules and integrations for the cloud."
 

Pricing and Cost Advice

"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"This is an expensive solution."
"The price is on the higher side, but it's okay."
"This is an expensive solution."
"It is "expensive" and flexible."
"I don't like that they have different types of licenses."
Information not available
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"There is not a license required for Wazuh."
"The product price is neither too high nor too low."
"It is an open-source product."
"The product is cheaper compared to other tools."
"Wazuh is not an expensive solution."
"Wazuh is free and open source."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
903,807 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Financial Services Firm
18%
Construction Company
13%
Manufacturing Company
6%
Insurance Company
6%
Comms Service Provider
11%
Computer Software Company
11%
University
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business27
Midsize Enterprise15
Large Enterprise9
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Uptycs?
Regarding improvements for Uptycs, I suggest simplified onboarding for complex cloud environments because the current...
What is your primary use case for Uptycs?
I use Uptycs as part of cloud security threat detection, vulnerability management, and security operations initiative...
What advice do you have for others considering Uptycs?
My advice for others looking into using Uptycs is that if you are looking for a centralized solution for all security...
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diver...
What needs improvement with Wazuh?
Regarding compliance, I find it not stable. I do not recommend it for that purpose. It can comply with Wazuh NCA, whi...
What is your primary use case for Wazuh?
I have been working with Wazuh for two years, and I can explain how I use Wazuh. I did not use Wazuh as a SIEM soluti...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Wazuh All-In-One Deployment
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Comcast, Crossbeam, Flexport, Greenlight Financial, Lookout Security, PayNearMe
Information Not Available
Find out what your peers are saying about Uptycs vs. Wazuh and other solutions. Updated: June 2026.
903,807 professionals have used our research since 2012.