We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The main benefit is the ease of integration."
"The Log analytics are useful."
"The most valuable feature for me is Discover."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"Elastic Security is very easy to adapt."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"It's not very complicated to install Elastic."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The configuration assessment and Pile integrity monitoring features are decent."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"It offers built-in modules for file integrity and vulnerability management."
"If they support a solution, it is easy to do an integration."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"It's stable."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"The solution should allow for a streamlined CI/CD procedure."
"We'd like also a better ticketing system, which is older."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"There is room for improvement in entity behavior and the integration site."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"This solution is very hard to implement."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"We'd like to see some more artificial intelligence capabilities."
"The implementation is very complex."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"While it is scalable, it can suffer from reduced latencies."
"A lack of certain features creates limitations."
"The computing resources are consuming and do not make sense."
"Wazuh is missing many things that a typical SIEM should have."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
Elastic Security is ranked 5th in Log Management with 28 reviews while Wazuh is ranked 3rd in Log Management with 33 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "Offers great capabilities to detect and respond to threats". On the other hand, the top reviewer of Wazuh writes "Good for file integrity monitoring". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar, CrowdStrike Falcon and AlienVault OSSIM, whereas Wazuh is most compared with Splunk Enterprise Security, Security Onion, AlienVault OSSIM, Graylog and Datadog. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.