We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"The integration between all the Defender products is the most valuable feature."
"The summarization of emails is a valuable feature."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"I have found the ability to delete unwanted threats beneficial."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"We've found the initial setup to be quite straightforward."
"It's very customizable, which is quite helpful."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It is scalable."
"It's not very complicated to install Elastic."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"If they support a solution, it is easy to do an integration."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"It is a stable solution."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"The most valuable features are the modules and metrics."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"Wazuh has very flexible and robust features."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The support could be more knowledgable to improve their offering."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Email notification should be done the same way as Logentries does it."
"The interface could be more user friendly because it is sometimes hard to deal with."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"Better integration with third-party APMs would be really good."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The tool doesn't detect anomalies or new environments."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"Integration with Vyara could be better."
"The implementation is very complex."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
Elastic Security is ranked 5th in Log Management with 59 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Wazuh is most compared with Security Onion, Splunk Enterprise Security, AlienVault OSSIM, Graylog and Cortex XDR by Palo Alto Networks. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.