We performed a comparison between LogRhythm SIEM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It's pretty powerful and its performance is pretty good."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The UI-based analytics are excellent."
"The analytic rule is the most valuable feature."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It seems like it will scale easily with the way our environment is set up."
"It supports most standard log sources."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
"Compliance reporting is another great feature of this product. It has built in reports right out of the box."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"The security operation center is excellent."
"Provides visibility into the network."
"It is a stable solution."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The deployment is easy and they provide very good documentation."
"The tool is stable."
"Wazuh has very flexible and robust features."
"Good for monitoring, active response, and for vulnerabilities."
"The most valuable features are the modules and metrics."
"Sentinel's reporting is complex and can be more user-friendly."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The solution could improve the playbooks."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"I think the number one area of improvement for Sentinel would be the cost."
"I don't think the cloud model in LogRhythm is developed enough."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"The solution is likely not the best option for a smaller organization."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"It's not easy for someone new to the solution."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"Sometimes the Platform Manager crashes because it's built around Windows."
"The only challenge we faced with Wazuh was the lack of direct support."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"Integration with Vyara could be better."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"Wazuh is missing many things that a typical SIEM should have."
"Since it's an open-source tool, scalability is the main issue."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
LogRhythm SIEM is ranked 7th in Log Management with 166 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. LogRhythm SIEM is rated 8.4, while Wazuh is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm Axon, Fortinet FortiSIEM and Fortinet FortiAnalyzer, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our LogRhythm SIEM vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.