We performed a comparison between Graylog Security and Wazuh based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The analytic rule is the most valuable feature."
"It's pretty powerful and its performance is pretty good."
"The UI-based analytics are excellent."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We use the solution to collect logs."
"The MITRE ATT&CK correlation is most valuable."
"The configuration assessment and Pile integrity monitoring features are decent."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Good for monitoring, active response, and for vulnerabilities."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"It offers built-in modules for file integrity and vulnerability management."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We are invoiced according to the amount of data generated within each log."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Graylog Security needs to incorporate security scorecards."
"The tool doesn't detect anomalies or new environments."
"Since it's an open-source tool, scalability is the main issue."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"We would like to see more improvements on the cloud."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"There could be a hardware monitoring tool for the solution."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Wazuh should come up with more in-built rules and integrations for the cloud."
Graylog Security is ranked 34th in Security Information and Event Management (SIEM) with 1 review while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Graylog Security is rated 9.0, while Wazuh is rated 7.4. The top reviewer of Graylog Security writes "Helps to collect logs and pricing is cheap ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog Security is most compared with Microsoft Defender XDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.