We performed a comparison between Rapid7 InsightIDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Microsoft 365 Defender is a good solution and easy to use."
"The integration with other Microsoft solutions is the most valuable feature."
"Its most significant advantage lies in its affordability."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The web interface is great — very useful and user-friendly."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"I rate Rapid7 nine out of 10 for affordability"
"Features for user behavior analytics and the rules for attack review are good."
"Rapid7's reporting is more robust than Tenable's."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"The solution's initial setup is easy."
"The solution is very scalable in terms of the licensing model."
"It has efficient SCA capabilities."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The MITRE ATT&CK correlation is most valuable."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Sometimes, configurations take much longer than expected."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"The APIs can be further improved in Rapid7."
"They should add more configuration and security features to it."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"While it is scalable, it can suffer from reduced latencies."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"It would be great if there could be customization for the decoder portion."
"Integration with Vyara could be better."
"Some features, like alerting, are complex with Wazuh."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Rapid7 InsightIDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Rapid7 InsightIDR vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.