We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It has basic out-of-the-box integrations with multiple log sources."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The initial setup is very simple and straightforward."
"The machine learning and artificial intelligence on offer are great."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It gives us the liberty to do more in terms of use cases."
"The most valuable feature of Splunk Enterprise Security is website activity monitoring."
"Visualizations are the best way to understand deviation techniques from the norm."
"It is very stable. We have not had any problems."
"It has a big user base, so the community is useful."
"Search language is easy to understand and teach to new users."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
"The product is good, it satisfies our customers."
"The deployment is easy and they provide very good documentation."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"The MITRE ATT&CK correlation is most valuable."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"It is a stable solution."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"The product is easy to customize."
"The solution should allow for a streamlined CI/CD procedure."
"Sentinel's reporting is complex and can be more user-friendly."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"The on-prem log sources still require a lot of development."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The setup time is quite long."
"An improved user interface along with multi-tenancy support would be beneficial."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"The complexity could be worked on so that it's even easier and faster."
"Its reporting can be improved. That's the only complaint I have heard. I don't need the reporting part, but I know that other people in the organization need it."
"The algorithms customization of Splunk could improve. They have limited algorithms for machine learning support. If they can allow the user to add more machine learning algorithms, such as the ability to choose the algorithm that a user might want. Additionally, they should provide the required libraries for those algorithms, and then analyzes the data for use."
"I would like Splunk to add more integration. QRadar has many indications with more products than Splunk."
"Search head clustering is often temperamental in its current state and should be improved, replaced by something better, or be reverted to search head pooling."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"The deployment is a bit complex."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"The only challenge we faced with Wazuh was the lack of direct support."
"There could be a hardware monitoring tool for the solution."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"The implementation is very complex."
Splunk Enterprise Security is ranked 1st in Log Management with 67 reviews while Wazuh is ranked 3rd in Log Management with 33 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". On the other hand, the top reviewer of Wazuh writes "Good for file integrity monitoring". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Azure Monitor and Datadog, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and Datadog. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.