We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"The machine learning and artificial intelligence on offer are great."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The product can integrate with any device."
"It is very scalable."
"The breadth of the data sources that Splunk can ingest data from is broad and deep and it does an exemplary job at handling structured data."
"Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data."
"The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers."
"The additional vendors we've brought on board, particularly the elastic, have been quite beneficial."
"We have found all the features useful. However, the dashboarding and logging have been very helpful. Additionally, the log analysis does a great job."
"It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query on Splunk. The resolution time is about the same, but it took longer to discover the issue with ArcSight. Our previous solution took about an hour or more, but Splunk can do it within a few minutes or an hour at most."
"Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Wazuh is simple to use for PCI compliance."
"Its cost-effectiveness is the most valuable aspect."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The solution could be more user-friendly; some query languages are required to operate it."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"The solution should allow for a streamlined CI/CD procedure."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The only thing is sometimes you can have a false positive."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Sentinel's reporting is complex and can be more user-friendly."
"The price has room for improvement."
"The price of the solution could be cheaper."
"Splunk Enterprise Security could improve in automation, flexibility, and providing more content out of the box."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"The security can be improved."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
"Better directions on search head clusters."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"The deployment is a bit complex."
"Wazuh is missing many things that a typical SIEM should have."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
Splunk Enterprise Security is ranked 1st in Log Management with 240 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Datadog and Azure Monitor, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and CrowdStrike Falcon. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.