We performed a comparison between Cortex XDR by Palo Alto Networks and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product integrates security into one tool instead of having third-party security tools."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I have found the ability to delete unwanted threats beneficial."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"The most valuable for us is the correlation feature."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"Its cost-effectiveness is the most valuable aspect."
"The most valuable features are the modules and metrics."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The tool is stable."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The data recovery and backup could be improved."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The connection to the internet has not performed as expected."
"We would also like to have advanced tech protection and email scanning."
"It is an enterprise-level solution. Its price could be less expensive."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"Managing the product should be easier."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The only challenge we faced with Wazuh was the lack of direct support."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"The computing resources are consuming and do not make sense."
"Since it's an open-source tool, scalability is the main issue."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"The implementation is very complex."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"While it is scalable, it can suffer from reduced latencies."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our Cortex XDR by Palo Alto Networks vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.