We performed a comparison between Graylog Security and Wazuh based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The Log analytics are useful."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We use the solution to collect logs."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"The main thing I like about it is that it has an EDR."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The MITRE ATT&CK correlation is most valuable."
"The tool is stable."
"I like that the solution is on top of the Kubernetes stack."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"The solution could improve the playbooks."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The on-prem log sources still require a lot of development."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Graylog Security needs to incorporate security scorecards."
"Wazuh is missing many things that a typical SIEM should have."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"Some features, like alerting, are complex with Wazuh."
"The deployment is a bit complex."
"We would like to see more improvements on the cloud."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"While it is scalable, it can suffer from reduced latencies."
"Since it's an open-source tool, scalability is the main issue."
Graylog Security is ranked 34th in Security Information and Event Management (SIEM) with 1 review while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Graylog Security is rated 9.0, while Wazuh is rated 7.4. The top reviewer of Graylog Security writes "Helps to collect logs and pricing is cheap ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog Security is most compared with Microsoft Defender XDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.