We performed a comparison between ConnectWise SIEM and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"One valuable feature of ConnectWise Fortify is the ability to add other teams and receive notifications when customers make changes or remove multi-factor authentication in Microsoft or SAP environments."
"We have found the solution has great functionality and it is easy to use."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"I like that the solution is on top of the Kubernetes stack."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The MITRE ATT&CK correlation is most valuable."
"Its cost-effectiveness is the most valuable aspect."
"The main thing I like about it is that it has an EDR."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The playbook is a bit difficult and could be improved."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"ConnectWise Fortify could work on covering more areas, like phishing messages, which have become more complicated to detect."
"The manage portion of the solution is complicated and should be simplified by having different versions to meet the needs of different size companies."
"Wazuh is missing many things that a typical SIEM should have."
"While it is scalable, it can suffer from reduced latencies."
"The only challenge we faced with Wazuh was the lack of direct support."
"The computing resources are consuming and do not make sense."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Integration with Vyara could be better."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
ConnectWise SIEM is ranked 30th in Security Information and Event Management (SIEM) with 2 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. ConnectWise SIEM is rated 10.0, while Wazuh is rated 7.4. The top reviewer of ConnectWise SIEM writes "Efficiently monitoring and detecting suspicious activities". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". ConnectWise SIEM is most compared with SentinelOne Vigilance, Huntress, CrowdStrike Falcon Complete and Sophos MDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our ConnectWise SIEM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.