We performed a comparison between NNT Log Tracker Enterprise and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"It's pretty powerful and its performance is pretty good."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The automation feature is valuable."
"The pricing of the product is excellent."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The most valuable feature is the predefined reports for PCI compliance."
"This is a very easy-to-use interface with a quick ramp-up time."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"File integrity monitoring is a very important function."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"The configuration assessment and Pile integrity monitoring features are decent."
"If they support a solution, it is easy to do an integration."
"The deployment is easy and they provide very good documentation."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The most valuable features are the modules and metrics."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The solution could improve the playbooks."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"The correlation suite needs to be improved."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"While it is scalable, it can suffer from reduced latencies."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
NNT Log Tracker Enterprise is ranked 47th in Log Management with 4 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. NNT Log Tracker Enterprise is rated 8.2, while Wazuh is rated 7.4. The top reviewer of NNT Log Tracker Enterprise writes "Great for PCI compliance but issues with stability and large amounts of data". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". NNT Log Tracker Enterprise is most compared with , whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our NNT Log Tracker Enterprise vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.