We performed a comparison between ArcSight ESM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. ArcSight ESM users have recommended improvements in training, speed, and data administration. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"The solution is pretty stable."
"The most valuable feature of ArcSight ESM is its ease of use."
"ArcSight ESM provides us the flexibility to write our own passwords and customize the solution. It lets us search and log a variety of SmartConnectors. It has 480-plus SmartConnectors."
"ESM has valuable features for event prediction and security analysis."
"It has absolutely improved the efficiency of our security team. We use it internally as well. It is such a powerful tool that our internal security team became a customer of our ArcSight managed service."
"The reports that we are from getting from ArcSight are very valuable. The reporting in ArcSight is good. Our regulators ask us for the reports on a regular basis, and we have been able to provide the required data. Its overall functionality in terms of log analysis and the speed at which it does that is also valuable. It is very quick. Whatever alerts we had configured were extremely fast. We immediately get alerts when there is unauthorized access or unknown access, or even positive access. This is where we found the difference between ArcSight and other solutions."
"The correlation feature is good."
"The solution offers very good monitoring."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"The deployment is easy and they provide very good documentation."
"The most valuable features are the modules and metrics."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"It's stable."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"It has efficient SCA capabilities."
"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."
"HPE ArcSight has a quite steep learning curve."
"Could benefit from a more modern interface."
"There are several improvements that we would like to see, including: Building a system based on a log collection (SOC), a scenario for external encroachment, and Operator training."
"ArcSight ESM could improve the alerts for the storage capacities or actions."
"Customer service and support is our biggest challenge."
"ArcSight ESM is lacking cloud scalable technology."
"The solution could be more stable."
"We would like to see more improvements on the cloud."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Its configuration process is time-consuming."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Since it's an open-source tool, scalability is the main issue."
"Integration with Vyara could be better."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Wazuh is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and Graylog. See our ArcSight Enterprise Security Manager (ESM) vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.