We performed a comparison between LogRhythm UEBA and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"Its most significant advantage lies in its affordability."
"The most valuable aspect is undoubtedly the exploration capability"
"It has great stability."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"Good capability pinpointing specific cyber incidents."
"The most valuable features are file activity monitoring and registry activity monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"It has a lot of features. It has file integration monitoring."
"The solution's most valuable features are the graphical user interface and the reporting."
"The most valuable features are the modules and metrics."
"If they support a solution, it is easy to do an integration."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"It offers built-in modules for file integrity and vulnerability management."
"I like that the solution is on top of the Kubernetes stack."
"It is a stable solution."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The tool gives inconsistent answers and crashes a lot."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The UI could be improved a little bit."
"The search feature needs to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The implementation is very complex."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"We would like to see more improvements on the cloud."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Integration with Vyara could be better."
"It would be great if there could be customization for the decoder portion."
"Wazuh should come up with more in-built rules and integrations for the cloud."
LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. LogRhythm UEBA is rated 7.2, while Wazuh is rated 7.4. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". LogRhythm UEBA is most compared with Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our LogRhythm UEBA vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.