We performed a comparison between ArcSight ESM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: ArcSight ESM is praised for its well-designed dashboard, real-time reporting, and threat intelligence capabilities that leverage AI and correlation tools. Users also like ArcSight’s seamless integration and effortless management. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. ArcSight ESM users have recommended improvements in training, speed, and data administration. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some ArcSight ESM users have found the support to be responsive and helpful, while others have faced issues with slow response times and a lack of expertise. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some said that ArcSight ESM is straightforward to set up, while others noted that integration with other systems can be challenging and requires specialized knowledge. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Users consider the pricing of ArcSight ESM to be reasonable and affordable. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: ArcSight ESM delivers an ROI by helping clients achieve compliance objectives and prevent incidents. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"The correlation feature is good."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"Customization. ArcSight gives you a platform to on-board out-of-the-box devices with a more accurate way of collecting desired logs/events."
"I think that the overall experience with this solution is good, but in particular, I think that the dashboards are quite interactive."
"When WannaCry attacks I can minimize the damage. My company had no protection at the time. We get alerts in ArcSight and then whenever a user got a copy of WannaCry and the WannaCry malware wants to connect to the mother ship, it alerts me in the ArcSight dashboard, and that helps us a lot. We then just go to the user and erase the malware."
"What I found most valuable in ArcSight Enterprise Security Manager (ESM) is its good integration with third-party products. The solution also has good core capabilities."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"We have been satisfied with the support."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Good for monitoring, active response, and for vulnerabilities."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh has very flexible and robust features."
"The most valuable features are the modules and metrics."
"It has efficient SCA capabilities."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"ArcSight is incredibly complex when configuring and deploying, and if your organization doesn't know what they want and what they need, ArcSight will be a challenge for them."
"It is quite complex and could use a better UI. So the improvement would be a simplification. It is pretty complicated to use. The architecture is not complex but the setup and use are."
"The API integration could be better, and I'd like to see more machine-learning capabilities in the future."
"The biggest requirement is that there is no cloud solution for this product yet. They need to create a cloud version. It's the biggest thing they can do to make the solution better."
"There could be more API features for extracting logs on different devices included in the product."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"The solution could be more stable."
"The first limitation is with the ArcSight Data Storage Manager (ADSM). ArcSight's total capacity is currently capped at 12 TB. This becomes an issue if a customer needs a longer real-time data retention period, such as exceeding 90 days or reaching a year or even ten months. Increasing the disk space beyond 12 TB is not currently possible."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"The implementation is very complex."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Wazuh is rated 7.4. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, Trellix ESM, ArcSight Intelligence, IBM Security QRadar and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and Graylog. See our ArcSight Enterprise Security Manager (ESM) vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.