ArcSight Logger vs Wazuh comparison

Read 43 Wazuh reviews

35,381 Views
20,675 Comparison Views

78% willing to recommend

ArcSight Logger

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Oct 9, 2024

ArcSight Logger and Wazuh are competing products in the security information and event management space. Wazuh holds an advantage due to its cost-effectiveness and comprehensive features, which many users find worth the investment despite its initial complexity.

Features: ArcSight Logger is well-regarded for its robust log management, high-capacity storage capabilities, and reliable integration with other products. Wazuh stands out with wide-ranging threat detection features, easy scalability, and open-source flexibility. Its comprehensive dashboards and ability to integrate a broad set of data sources make it valuable to users.

Room for Improvement: Users note that ArcSight Logger could benefit from a more intuitive management experience and reduced complexity in managing log data volume. Wazuh has room to enhance its initial setup process to be more straightforward and could improve its documentation for troubleshooting issues effectively.

Ease of Deployment and Customer Service: ArcSight Logger is noted for straightforward deployment processes, though large-scale setups can present challenges. It receives positive feedback for responsive customer service. In contrast, Wazuh’s deployment might be more complex, however, it provides excellent community support alongside official resources, assisting users in navigating initial challenges effectively.

Pricing and ROI: ArcSight Logger can incur significant setup costs, affecting its ROI perception among users, but its performance and support often justify these costs. Wazuh offers a lower initial investment owing to its open-source nature, resulting in a favorable ROI with acknowledged value over time.

To learn more, read our detailed ArcSight Logger vs. Wazuh Report (Updated: October 2024).

ArcSight Logger vs. Wazuh

October 2024

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

ArcSight Logger

Ranking in Log Management

29th

Average Rating

7.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Wazuh

Ranking in Log Management

2nd

Average Rating

7.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (3rd), Extended Detection and Response (XDR) (4th)

Mindshare comparison

As of November 2024, in the Log Management category, the mindshare of ArcSight Logger is 0.9%, down from 1.4% compared to the previous year. The mindshare of Wazuh is 17.1%, up from 13.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Log Management

Featured Reviews

Nagendra Nekkala.

Senior Manager ICT & at Bangalore International Airport Limited

Dec 1, 2023

A scalable and stable solution that enables users to see all the event logs in one place

The product helps me see all the event logs in one place. When I look into the application, I can see different levels of alerts and make the required decision The solution provides information about the risk factors. It also provides information on our security exposure. There are multiple…

Read full review

SyedAli17

Confidential at PTA

Sep 25, 2023

Has excellent scalability when deployed on Azure

We primarily use Wazuh for internal security monitoring to ensure the safety of our organization's internal systems. We have two specific requirements: first, we use it to monitor our internal operations, which is essential for general security purposes. Second, we rely on Wazuh to manage the…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We haven't had any crashes or bugs. It is stable."

"We check a lot of logs in ArcSight Logger because we're running a massive database platform."

"ArcSight provides the basic information that we want."

"Our return on investment for implementing ArcSight Logger over the past 12 months has been positive."

"It's a brilliant log collection tool, and it can handle hundreds of thousands of servers in a single shot to ingest the data."

"The technical support team is good...It is a scalable solution."

"It is one of the best products available in the market."

"The machine learning is a good feature."

More ArcSight Logger pros

"Its cost-effectiveness is the most valuable aspect."

"Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories. Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports."

"The deployment is easy and they provide very good documentation."

"The MITRE ATT&CK correlation is most valuable."

"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."

"It offers built-in modules for file integrity and vulnerability management."

"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."

"The configuration assessment and Pile integrity monitoring features are decent."

More Wazuh pros

Cons

"It would be better if the product is cheaper."

"I would like to see better scheduling in the next release of this solution."

"I think the ArcSight team should try to simplify legacy products for the customers, because that product is not easy to use or to work with. It needs more more competency or appeal to use. We hope Micro Focus is trying to resolve this."

"The speed of Logger indexing and searching for certain bugs for some queries that we provide could be improved. It can handle a huge number of logs but it can be improved."

"The solution could be improved in maintenance settings."

"The next release should have AI capabilities."

"I had some latency issues for two months. I had to increase our storage capacity significantly to reduce the latency."

"We have had problems with archiving."

More ArcSight Logger cons

"The computing resources are consuming and do not make sense."

"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."

"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."

"The only challenge we faced with Wazuh was the lack of direct support."

"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."

"While it is scalable, it can suffer from reduced latencies."

"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."

"The tool doesn't detect anomalies or new environments."

More Wazuh cons

Pricing and Cost Advice

"ArcSight Logger is very expensive compared to their competitors, but when we talk to the customer and explain what the features are and how we can scale, they understand. Still, ArcSight is more expensive than the competition."

"We have a lifetime license, so we don't pay a monthly fee."

"It's not cheap at all as it's a big product and has been in the market for quite some time now."

"Pricing is reasonable compared to similar tools on the market. They offer perpetual licenses."

"ArcSight is an expensive solution."

"I rate the product’s pricing a seven out of ten, where one is inexpensive, and ten is expensive."

"The pricing is quite harsh."

"I would rate the product a seven out of ten since it's an enterprise product."

"The solution's cost is above the average."

"The product is cheaper compared to other tools."

"It is a free-of-cost solution."

"It is a cost-effective solution."

"They have a good pricing strategy for market expansion."

"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."

"The product price is neither too high nor too low."

"Wazuh is a good tool, but the open-source version has scalability limitations."

More Wazuh pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Log Management solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

20%

Computer Software Company

15%

Government

10%

Educational Organization

Computer Software Company

16%

University

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about ArcSight Logger?

We have a trigger. So, Logger automatically blocks these IP addresses. We could have Logger put them on a blacklist.

What is your experience regarding pricing and costs for ArcSight Logger?

The pricing isn't the problem. We have a lifetime license, so we don't pay a monthly fee.

What needs improvement with ArcSight Logger?

The solution has room for improvement. We're currently upgrading to the newer version, where they have something like Kafka, a hub for all solutions feeding information into Logger. However, I thin...

What do you like most about Wazuh?

Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.

What needs improvement with Wazuh?

Wazuh doesn't have native support for some enterprise solutions. It requires an agent installed on the server, whether Windows Server or Linux, to collect logs. While you can gather information via...

What is your primary use case for Wazuh?

My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure. We provide Wazuh as a service to our customers. Currently, we ha...

Splunk Enterprise Security vs ArcSight Logger

Comparisons

Compared 37% of the time

IBM Security QRadar vs ArcSight Logger

Compared 33% of the time

Elastic Security vs ArcSight Logger

Compared 13% of the time

LogRhythm SIEM vs ArcSight Logger

Compared 3% of the time

Grafana Loki vs ArcSight Logger

Compared 3% of the time

More ArcSight Logger Competitors

Security Onion vs Wazuh

Compared 16% of the time

AlienVault OSSIM vs Wazuh

Compared 10% of the time

Elastic Security vs Wazuh

Compared 9% of the time

Elastic Stack vs Wazuh

Compared 7% of the time

Splunk Enterprise Security vs Wazuh

Compared 6% of the time

More Wazuh Competitors

Product Reports

Download ArcSight Logger product report

ArcSight Logger

November 2024

Download Wazuh product report

October 2024

Also Known As

Micro Focus Arcsight Logger, HPE Arcsight Logger

No data available

Learn More

OpenText

Overview

HPE ArcSight Data Platform (ADP) offers a future-ready data solution that enriches data in real time and supports open standards for better threat detection. Using security data connectors, ADP collects data and enriches it in real-time to give analysts organized information that can be acted upon instantly.

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
Wazuh manages the agents, can analyze agent data, and can scale horizontally.
Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.
Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.
Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.
Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.
Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.
Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.
Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

No vendor lock-in
No license costs
Uses lightweight, multi-platform agents
Free community support

Wazuh Offers

Annual support and maintenance
Assistance with deployment and configuration
Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

“The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

Sample Customers

China Merchants Bank, Bank AlJazira, Banca Intesa

Information Not Available