We performed a comparison between Mandiant Advantage and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The comprehensiveness of Microsoft's threat detection is good."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh is simple to use for PCI compliance."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"It offers built-in modules for file integrity and vulnerability management."
"The most valuable features are the modules and metrics."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"The tool gives inconsistent answers and crashes a lot."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"The computing resources are consuming and do not make sense."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
Mandiant Advantage is ranked 20th in Extended Detection and Response (XDR) with 3 reviews while Wazuh is ranked 4th in Extended Detection and Response (XDR) with 38 reviews. Mandiant Advantage is rated 8.6, while Wazuh is rated 7.4. The top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Mandiant Advantage is most compared with CrowdStrike Falcon, Cortex Xpanse, Microsoft Defender External Attack Surface Management and Cymulate, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Mandiant Advantage vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.