We performed a comparison between Sumo Logic Security and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"It helps a lot because we can troubleshoot issues pretty easily."
"We have used it many times to find a root cause of a live issue, then fix the problem in the applications."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"It gives us a bird's eye view of what's happening from our connection's point of view."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"Technical support is always great."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"If they support a solution, it is easy to do an integration."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Wazuh has very flexible and robust features."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The only thing is sometimes you can have a false positive."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"We'd like also a better ticketing system, which is older."
"The AI capabilities must be improved."
"If you look at some of the other offerings right now that are available in the market, they do offer APM as well as the product they're offering. I believe Sumo Logic is not there yet. So that's something which I would love to see."
"The solution should improve its UI."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"It took a bit of trial and error to get it set up correctly based on everything we had to do. In the end, we had to send everything over HTTP, which was sort of a stop-gap."
"Sumo Logic needs to make sure integrating solutions are seamless."
"The integration with multiple sources could be better."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"The implementation is very complex."
"We would like to see more improvements on the cloud."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
Sumo Logic Security is ranked 20th in Log Management with 18 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Sumo Logic Security is rated 8.6, while Wazuh is rated 7.4. The top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Sumo Logic Security is most compared with Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs, IBM Security QRadar and Grafana Loki, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Fortinet FortiAnalyzer. See our Sumo Logic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.