No more typing reviews! Try our Samantha, our new voice AI agent.

ArcSight Logger vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 1, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
1.0
ArcSight Logger is valued for ease of use, aiding fraud investigation, and seen as cost-effective despite licensing costs.
Sentiment score
3.3
Wazuh offers rapid threat response and cost-effective security, benefiting small businesses with significant savings and no proprietary costs.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Security Consultant at ebenezer.okoh@agorasecurity.it
 

Customer Service

Sentiment score
5.8
ArcSight Logger support is generally helpful, but technical assistance quality varies, with community reliance and time zone issues noted.
Sentiment score
3.0
Wazuh offers valuable community forums and support, with a preference for cloud services despite occasional response time delays.
We provide pre-implementation, implementation, and post-implementation support.
Sr. Cybersecurity Consultant IT/OT at EJADA
They responded quickly, which was crucial as I was on a time constraint.
Cyber Security Software Engineer at a tech services company with 11-50 employees
We use the open-source version of Wazuh, which does not provide paid support.
Tech Lead at a tech vendor with 201-500 employees
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
Student at Dakota State University
 

Scalability Issues

Sentiment score
6.2
ArcSight Logger offers scalable solutions for enterprises, though smaller setups may face performance and storage issues at high loads.
Sentiment score
6.4
Wazuh is seen as scalable, fitting small to medium businesses, with potential challenges in larger data and sectors.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Security Operations Center Analyst at mailbox.org
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Security Consultant at ebenezer.okoh@agorasecurity.it
This is because of the backend work the agent is collecting and processing, causing the laptop to slow down and the bandwidth to decrease.
Security Consultant at Payatu
 

Stability Issues

Sentiment score
8.4
ArcSight Logger is mostly stable and reliable but experiences occasional disruptions during DDoS attacks and major upgrades.
Sentiment score
6.3
Wazuh is reliable for small to mid-level businesses, despite occasional bugs and maintenance challenges affecting stability.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
Tech Lead at a tech vendor with 201-500 employees
The stability of Wazuh is largely dependent on maintenance.
Security Operations Center Analyst at mailbox.org
The indexer frequently times out, requiring system restarts.
Cyber Security Software Engineer at a tech services company with 11-50 employees
 

Room For Improvement

ArcSight Logger requires UI improvements, more connectors, enhanced analytics, better integration, indexing, scalability, and cost efficiency.
Wazuh faces scalability and integration issues, needing enhanced security, AI features, and better support for large enterprises.
Splunk does much more than SIEM, including log analysis, user behavior analysis, threat intelligence, and customer behavior analysis.
Sr. Cybersecurity Consultant IT/OT at EJADA
Machine learning is needed along with understanding user behavior and behavioral patterns.
Engineer Information Security at N-Able (Pvt) Ltd
If we had a correlation of logs where I could just search one unique ID and then the unique ID pulls every system in a time-wise manner, that would be a great improvement I would suggest.
Security Consultant at Payatu
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
Tech Lead at a tech vendor with 201-500 employees
 

Setup Cost

ArcSight Logger is costly and complex, yet valued for capabilities and scalability despite competitive pricing and setup challenges.
Wazuh's open-source solution is cost-effective for enterprises, with cloud costs and scalability as key considerations.
Wazuh is completely free of charge.
Security Consultant at ebenezer.okoh@agorasecurity.it
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Engineer Information Security at N-Able (Pvt) Ltd
Totaling around two lakh Indian rupees per month.
Tech Lead at a tech vendor with 201-500 employees
 

Valuable Features

ArcSight Logger excels in scalability, performance, integration, and ease of use, providing powerful search and compliance features.
Wazuh offers open-source security solutions with cloud integration, exceptional logging, scalability, and compatibility with platforms like Azure and AWS.
ArcSight Logger installs on very minimal resources with very few requirements
Sr. Cybersecurity Consultant IT/OT at EJADA
Wazuh is a SIEM tool that is highly customizable and versatile.
Security Operations Center Analyst at mailbox.org
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
Security Consultant at ebenezer.okoh@agorasecurity.it
With this open source tool, organizations can establish their own customized setup.
Cyber Security Software Engineer at a tech services company with 11-50 employees
 

Categories and Ranking

ArcSight Logger
Ranking in Log Management
32nd
Average Rating
7.6
Reviews Sentiment
5.8
Number of Reviews
32
Ranking in other categories
No ranking in other categories
Wazuh
Ranking in Log Management
2nd
Average Rating
7.4
Reviews Sentiment
5.9
Number of Reviews
51
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Extended Detection and Response (XDR) (6th)
 

Mindshare comparison

As of July 2026, in the Log Management category, the mindshare of ArcSight Logger is 0.9%, up from 0.7% compared to the previous year. The mindshare of Wazuh is 4.6%, down from 13.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management Mindshare Distribution
ProductMindshare (%)
Wazuh4.6%
ArcSight Logger0.9%
Other94.5%
Log Management
 

Featured Reviews

MA
Sr. Cybersecurity Consultant IT/OT at EJADA
Compliance and cost-effectiveness have improved while critical infrastructure security adapts to evolving needs
ArcSight Logger fulfills compliance requirements and passes audit requirements. It is one of the Aramco standards requirements and is recommended by Aramco for any implementation. Aramco, SABIC, water companies, and electricity companies are critical infrastructure with air-gapped networks. In an air-gapped network, there is no communication going out from that network area to the outside world, even to the corporate network. ArcSight Logger is installed on minimal resources with minimal requirements. There are not many upgrades or new features that come up frequently, though they do occur occasionally.
RS
Engineer Information Security at N-Able (Pvt) Ltd
Has faced limitations in AI capabilities and pricing flexibility
Pricing-wise, Wazuh stands out, along with deployment flexibility and its documentation which is extremely good in comparison to Forti. The community support is also incredible. They have helped quite a bit because previously, we had a separate tool and management dashboard to do our compliance. With Wazuh, we receive that information without having to do anything extra. We just set up the SIEM and all of that information was automatically populated. The dashboards are very easy to understand and very quick with no lag or delay. I have experienced delays on Forti's dashboards, but not with Wazuh. Wazuh is quite good. In comparison to Forti, they are quite similar. They are very good at detection.
report
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
903,257 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
11%
Financial Services Firm
9%
Manufacturing Company
9%
Comms Service Provider
7%
Comms Service Provider
11%
Computer Software Company
11%
University
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise9
Large Enterprise17
By reviewers
Company SizeCount
Small Business27
Midsize Enterprise15
Large Enterprise9
 

Questions from the Community

What needs improvement with ArcSight Logger?
This decision is made by higher management as they don't want to have multiple solutions for one solution. ArcSight Logger themselves don't provide good support, but companies such as ours provide ...
What is your primary use case for ArcSight Logger?
We do work for multiple SIEM solutions such as Splunk, QRadar, LogRhythm. My team and I mostly work on ArcSight Logger and Splunk because we are dealing with projects related to these solutions. We...
What advice do you have for others considering ArcSight Logger?
As a department head, my staff uses my credentials and contacts everywhere. Only ArcSight Logger with Splunk was implemented in Aramco, not in other organizations. I rate ArcSight Logger 8 out of 10.
What do you like most about Wazuh?
Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
What needs improvement with Wazuh?
Regarding compliance, I find it not stable. I do not recommend it for that purpose. It can comply with Wazuh NCA, which we have here in Saudi Arabia. Wazuh NCA has many frameworks starting with ECC...
What is your primary use case for Wazuh?
I have been working with Wazuh for two years, and I can explain how I use Wazuh. I did not use Wazuh as a SIEM solution. I use Wazuh as a tool for services we provide. This service is called compro...
 

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger
Wazuh All-In-One Deployment
 

Overview

 

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa
Information Not Available
Find out what your peers are saying about ArcSight Logger vs. Wazuh and other solutions. Updated: June 2026.
903,257 professionals have used our research since 2012.