We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The product is very easy to use."
"Microsoft Defender XDR is scalable."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The product has huge integration varieties available."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The most valuable feature is the machine learning capability."
"I like the indexing of the logs."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"It's very stable and reliable."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Its cost-effectiveness is the most valuable aspect."
"The deployment is easy and they provide very good documentation."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"There could be a way to proactively monitor unusual activity ."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Stability could be improved by avoiding frequent changes to the interface."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"The solution could offer better reporting features."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"Technical support could respond faster."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"The biggest challenge has been related to the implementation."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"The deployment is a bit complex."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"A lack of certain features creates limitations."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
Elastic Security is ranked 5th in Log Management with 59 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Wazuh is most compared with Security Onion, Splunk Enterprise Security, AlienVault OSSIM, Graylog and Cortex XDR by Palo Alto Networks. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.