• Home
  • Fortinet FortiSIEM vs. Wazuh

Fortinet FortiSIEM vs Wazuh comparison

Cancel
You must select at least 2 products to compare!
Fortinet Logo
Fortinet FortiSIEM
Read 65 Fortinet FortiSIEM reviews
7,231 views|3,991 comparisons
80% willing to recommend
Wazuh Logo
Wazuh
Read 38 Wazuh reviews
29,433 views|15,888 comparisons
75% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Fortinet FortiSIEM vs. Wazuh
May 2024
Executive Summary
Updated on Jul 20, 2023

We performed a comparison between Fortinet FortiSIEM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Features: Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.  Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.

  • Service and Support: Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.

  • Ease of Deployment: Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.

  • Pricing: FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets. Wazuh is a cost-effective option as it is open-source and completely free to acquire.

  • ROI: Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.

Conclusion: Based on the comparison of Fortinet FortiSIEM and Wazuh, it is evident that Fortinet FortiSIEM is the preferred choice. This is due to its user-friendly interface, ease of use, and advanced features such as anomaly-reporting alarms and the integration of SOC and NOC into a single solution. Fortinet FortiSIEM also offers better integration and configuration guides, more flexibility in report generation, and improved technical support. Furthermore, its pricing is reasonable and competitive, with options for both perpetual and subscription licenses, providing flexibility for partners.
To learn more, read our detailed Fortinet FortiSIEM vs. Wazuh Report (Updated: May 2024).
Download the complete report
771,212 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Wazuh but chose Fortinet FortiSIEM: Provides an excellent analytics engine, and the real-time monitoring features make life easy
Usman Arif
Transforming security features with notable vulnerability reduction and comprehensive compliance
Before the deployment of Wazuh, we faced challenges related to vulnerability management and version change history. Vulnerabilities often went... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.""Easy alert setup which enables different alerts in different categories.""The most valuable feature is the anomaly-reporting alarms.""Both the collecting logs and duo correlation are valuable features for us.""I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.""FortiSIEM's best features are the dashboards and customization.""The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install.""The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."

More Fortinet FortiSIEM Pros →

"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company.""Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.""I like that the solution is on top of the Kubernetes stack.""Wazuh has very flexible and robust features.""Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.""Its cost-effectiveness is the most valuable aspect.""The deployment is easy and they provide very good documentation.""Wazuh is simple to use for PCI compliance."

More Wazuh Pros →

Cons
"The solution's interface could be modernized and improved.""The nodes on our network did not comply with the SIEM solution. They use a different format parking log.""Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information.""I would like to see more integration with other platforms.""The process of installing Fortinet FortiSIEM and the customization of the alerts take too long.""They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.""The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate.""The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."

More Fortinet FortiSIEM Cons →

"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions.""The deployment is a bit complex.""Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.""The only challenge we faced with Wazuh was the lack of direct support.""Some features, like alerting, are complex with Wazuh.""Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.""Wazuh is missing many things that a typical SIEM should have.""The computing resources are consuming and do not make sense."

More Wazuh Cons →

Pricing and Cost Advice
  • "Please be cheaper and more simplified."
  • "We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that."
  • "Pricing is acceptable for more than 90% of our customers, as they normally get discounts."
  • "Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
  • "The price of Fortinet FortiSIEM is a lot less when compared to other solutions."
  • "They have a yearly subscription."
  • "The solution is available for both, perpetual and subscription licenses."
  • "Manageable, however would be better as pay as you go versus CapEX."

    • More Fortinet FortiSIEM Pricing and Cost Advice →

  • "Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
  • "There is not a license required for Wazuh."
  • "Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
  • "Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
  • "Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
  • "Wazuh has a community edition, and I was using that. It's free and open source."
  • "The current pricing is open source."
  • "Wazuh is free and open source."

    • More Wazuh Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    771,212 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Fortinet FortiSIEM?
    Top Answer:Fortinet FortiSIEM needs to provide better API integrations to users.
    Read all 37 answers   →
    What is your experience regarding pricing and costs for Fortinet FortiSIEM?
    Top Answer:I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool. There is a need to make yearly payments towards the licensing charges attached… more »
    Read all 24 answers   →
    What needs improvement with Fortinet FortiSIEM?
    Top Answer:Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers. The product already offers good integration capabilities with multiple… more »
    Read all 37 answers   →
    What do you like most about Wazuh?
    Top Answer:Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
    Read all 28 answers   →
    What needs improvement with Wazuh?
    Top Answer:I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating… more »
    Read all 28 answers   →
    What is your primary use case for Wazuh?
    Top Answer:We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.
    Read all 26 answers   →
    Ranking
    9th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    7,231
    Comparisons
    3,991
    Reviews
    22
    Average Words per Review
    439
    Rating
    7.6
    3rd
    out of 80 in Security Information and Event Management (SIEM)
    Views
    29,433
    Comparisons
    15,888
    Reviews
    31
    Average Words per Review
    479
    Rating
    7.6
    Comparisons
    Also Known As
    FortiSIEM, AccelOps
    Learn More
    Fortinet
    Wazuh
    Overview

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements

    Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

    It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

    • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
    • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
    • Elastic Stack is where alerts are indexed and stored.

    Wazuh Capabilities

    Some of Wazuh’s most notable capabilities include:

    • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

    • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

    • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

    • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

    • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
    • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

    • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

    • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

    • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

    Wazuh Benefits

    Some of the most valued benefits of Wazuh include:

    • No vendor lock-in
    • No license costs
    • Uses lightweight, multi-platform agents
    • Free community support

    Wazuh Offers

    • Annual support and maintenance
    • Assistance with deployment and configuration
    • Training and instructional hands-on courses

    Reviews From Real Users

    "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

    The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

    Sample Customers
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Information Not Available
    Top Industries
    REVIEWERS
    Comms Service Provider21%
    Financial Services Firm12%
    Computer Software Company10%
    Media Company10%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Government9%
    Comms Service Provider9%
    Financial Services Firm7%
    REVIEWERS
    Computer Software Company25%
    Comms Service Provider18%
    Security Firm14%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Comms Service Provider8%
    Government7%
    Financial Services Firm7%
    Company Size
    REVIEWERS
    Small Business41%
    Midsize Enterprise25%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business30%
    Midsize Enterprise17%
    Large Enterprise52%
    REVIEWERS
    Small Business54%
    Midsize Enterprise28%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise48%
    Buyer's Guide
    Fortinet FortiSIEM vs. Wazuh
    May 2024
    Free Report: Fortinet FortiSIEM vs. Wazuh
    Find out what your peers are saying about Fortinet FortiSIEM vs. Wazuh and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,212 professionals have used our research since 2012.

    Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Fortinet FortiSIEM is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Fortinet FortiSIEM is most compared with IBM Security QRadar, Microsoft Sentinel, Splunk Enterprise Security, LogRhythm SIEM and ThousandEyes, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Graylog. See our Fortinet FortiSIEM vs. Wazuh report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.