We performed a comparison between LogRhythm UEBA and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Defender XDR is scalable."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The summarization of emails is a valuable feature."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The most valuable features are file activity monitoring and registry activity monitoring."
"Good capability pinpointing specific cyber incidents."
"The tool's most valuable feature is server threat hunting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"It has a lot of features. It has file integration monitoring."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The MITRE ATT&CK correlation is most valuable."
"It's stable."
"Wazuh is simple to use for PCI compliance."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"The deployment is easy and they provide very good documentation."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Sometimes, configurations take much longer than expected."
"The support could be more knowledgable to improve their offering."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The support team is not competent or responsive."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The search feature needs to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The UI could be improved a little bit."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The cloud version is lacking and not up to par."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"The tool does not provide CTI to monitor darknet."
"The tool doesn't detect anomalies or new environments."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Wazuh is missing many things that a typical SIEM should have."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"We would like to see more improvements on the cloud."
LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. LogRhythm UEBA is rated 7.2, while Wazuh is rated 7.4. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". LogRhythm UEBA is most compared with Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our LogRhythm UEBA vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.