We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The integration, visibility, vulnerability management, and device identification are valuable."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable feature is the speed, as it responds in a very short time."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"If they support a solution, it is easy to do an integration."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The product is easy to customize."
"Wazuh has very flexible and robust features."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The tool should improve its scalability."
"This solution is very hard to implement."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Their visuals and graphs need to be better."
"There isn't really a very good user experience. You need a lot of training."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Wazuh is missing many things that a typical SIEM should have."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"We would like to see more improvements on the cloud."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The computing resources are consuming and do not make sense."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"There could be a hardware monitoring tool for the solution."
Elastic Security is ranked 5th in Log Management with 58 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Wazuh is most compared with Security Onion, Splunk Enterprise Security, AlienVault OSSIM, Graylog and USM Anywhere. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.