We performed a comparison between Microsoft Defender XDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Microsoft 365 Defender is a good solution and easy to use."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It has efficient SCA capabilities."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The product is easy to customize."
"Its cost-effectiveness is the most valuable aspect."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Advanced attacks could use an improvement."
"The support could be more knowledgable to improve their offering."
"We should be able to use the product on devices like Apple, Linux, etc."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"We would like to see more improvements on the cloud."
"The tool does not provide CTI to monitor darknet."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Since it's an open-source tool, scalability is the main issue."
"While it is scalable, it can suffer from reduced latencies."
"Some features, like alerting, are complex with Wazuh."
"The implementation is very complex."
Microsoft Defender XDR is ranked 6th in Extended Detection and Response (XDR) with 76 reviews while Wazuh is ranked 4th in Extended Detection and Response (XDR) with 38 reviews. Microsoft Defender XDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Trend Vision One and Microsoft Sentinel, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Microsoft Defender XDR vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.