We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"The most valuable feature is the network security."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"It's not very complicated to install Elastic."
"Stability-wise, I rate the solution a ten out of ten."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"It's very customizable, which is quite helpful."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The product’s interface is intuitive."
"It is a stable solution."
"Wazuh has very flexible and robust features."
"Its cost-effectiveness is the most valuable aspect."
"It has efficient SCA capabilities."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Stability could be improved by avoiding frequent changes to the interface."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The support could be more knowledgable to improve their offering."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Their visuals and graphs need to be better."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"There isn't really a very good user experience. You need a lot of training."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"The implementation is very complex."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"We would like to see more improvements on the cloud."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
Elastic Security is ranked 5th in Log Management with 59 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Wazuh is most compared with Security Onion, AlienVault OSSIM, Splunk Enterprise Security, Graylog and SentinelOne Singularity Complete. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.