We performed a comparison between ArcSight ESM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. ArcSight ESM users have recommended improvements in training, speed, and data administration. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."
"ArcSight is customizable. You can integrate just about anything. I also like the ease of use."
"Stable solution with good customer service support."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"The most useful features are directories, price, and live reporting."
"Some of the benefits of using this solution are rapid correlation and near-time response on alerts."
"It is a robust product and has multiple valuable features."
"We use ArcSight ESM for log analysis and security alerts. It warns us of threats and then helps us conduct a forensic investigation of a cyber attack or internal incident after it happens."
"The most valuable features are the modules and metrics."
"Wazuh is simple to use for PCI compliance."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"It has efficient SCA capabilities."
"The weakness in this system comes about because, with so many different logs, it is possible that the security analyst will lose information."
"They need to develop NetFlow appliances that can be installed in the customer network on span ports, collect NetFlow, and send it to ArcSight without relying on the devices' NetFlow capability and their position in the network."
"The product should include a lot more predefined scenarios so the adopted company will have knowledge and a broader skill set in security and network."
"ArcSight ESM needs to improve performance, user interface, and automation."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"Customer service during the transition from HPE to Micro Focus was abysmal where it became disruptive to our service delivery."
"ArcSight ESM could improve by adding more features and documentation. There needs to be more documentation."
"It would be nice if the interface were more user-friendly, with, for example, a minimal number of tabs to navigate."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"We would like to see more improvements on the cloud."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"The computing resources are consuming and do not make sense."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Wazuh is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and Securonix Next-Gen SIEM, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Graylog. See our ArcSight Enterprise Security Manager (ESM) vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.