We performed a comparison between LogRhythm UEBA and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Advanced hunting is good. I like that. We can drill down to lots of details."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The integration between all the Defender products is the most valuable feature."
"I have found the ability to delete unwanted threats beneficial."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The tool's most valuable feature is server threat hunting."
"The most valuable features are file activity monitoring and registry activity monitoring."
"Good capability pinpointing specific cyber incidents."
"It has a lot of features. It has file integration monitoring."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"It has efficient SCA capabilities."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"Good for monitoring, active response, and for vulnerabilities."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The mobile app support for Android and iOS is difficult and needs improvement."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The solution does not offer a unified response and standard data."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The search feature needs to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The UI could be improved a little bit."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The cloud version is lacking and not up to par."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"The computing resources are consuming and do not make sense."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Wazuh is missing many things that a typical SIEM should have."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. LogRhythm UEBA is rated 7.2, while Wazuh is rated 7.4. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". LogRhythm UEBA is most compared with Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our LogRhythm UEBA vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.