We performed a comparison between Rapid7 InsightIDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The unified view of the threat landscape on a central dashboard is the most valuable feature."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The alerting to drive investigations and remediation has been its most valuable feature."
"I like the tool's user analysis feature."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"Simple configuration and automatically syncs to the cloud platform."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The MITRE ATT&CK correlation is most valuable."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"The configuration assessment and Pile integrity monitoring features are decent."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"The most valuable features are the modules and metrics."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The licensing is a nightmare and has room for improvement."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The main problem lies in the processes within the client's operating systems."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"I feel it would greatly benefit from more supported log sources."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Its configuration process is time-consuming."
"The implementation is very complex."
"It would be great if there could be customization for the decoder portion."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"The computing resources are consuming and do not make sense."
"A lack of certain features creates limitations."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 30 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Rapid7 InsightIDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "Helps in the management of compliance, secret events and information". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and SentinelOne Singularity Complete. See our Rapid7 InsightIDR vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.