We performed a comparison between Rapid7 InsightIDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"It has great stability."
"The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The summarization of emails is a valuable feature."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Features for user behavior analytics and the rules for attack review are good."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"The web interface is great — very useful and user-friendly."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"Enables the use of honey pots, honey users, and honey files to monitor for suspicious patterns."
"Great coverage of all systems within our network from endpoint to firewall."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh has very flexible and robust features."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"I like that the solution is on top of the Kubernetes stack."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"Needs a better ability to customize the check within the console."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"Lacks a mobile application."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"The searching feature in Rapid7 InsightIDR needs to evolve"
"Cloud risk assessment is one area where I think they need a lot of improvement."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"The tool doesn't detect anomalies or new environments."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"Since it's an open-source tool, scalability is the main issue."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
Rapid7 InsightIDR is ranked 9th in Security Information and Event Management (SIEM) with 30 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Rapid7 InsightIDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Rapid7 InsightIDR vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.