We performed a comparison between Cortex XDR by Palo Alto Networks and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"The threat intelligence is excellent."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"They did what they said. This solution could apply to any scenario."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"The product has an intuitive dashboard."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"The main thing I like about it is that it has an EDR."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The MITRE ATT&CK correlation is most valuable."
"It has efficient SCA capabilities."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The product’s interface is intuitive."
"The most valuable features are the modules and metrics."
"Its cost-effectiveness is the most valuable aspect."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The encryption is not up to the mark."
"Cortex XDR could be improved with more GUI features."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"The GUI could be improved."
"The solution should offer more dashboards and they should be better customized."
"The solution could improve by providing better integration with their own products and others."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Cortex XDR by Palo Alto Networks vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.