We performed a comparison between Google Chronicle Suite and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"It has basic out-of-the-box integrations with multiple log sources."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"Free ingestion for Azure logs (with E5 licence)"
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The support team is responsive."
"The tool's most valuable feature is the search option, allowing easy navigation."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"Google Chronicle Suite provides useful APIs."
"The log folder is fairly simple."
"The product’s interface is intuitive."
"The MITRE ATT&CK correlation is most valuable."
"If they support a solution, it is easy to do an integration."
"It offers built-in modules for file integrity and vulnerability management."
"The main thing I like about it is that it has an EDR."
"Wazuh has very flexible and robust features."
"The most valuable features are the modules and metrics."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We'd like also a better ticketing system, which is older."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"We'd like to see more connectors."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The configuration is not optimal."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The tool is complicated for a first-time user. It should also include newer APIs."
"A few areas are difficult to understand for someone who has less experience using the product."
"The product's default dashboard feature has a few limitations regarding availability."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"Some features, like alerting, are complex with Wazuh."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"We would like to see more improvements on the cloud."
"A lack of certain features creates limitations."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Google Chronicle Suite is rated 7.8, while Wazuh is rated 7.4. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Stellar Cyber Open XDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our Google Chronicle Suite vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.