Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Wazuh comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Cortex XDR secures data, reduces malware, lowers costs, and replaces systems, enhancing user satisfaction and operational efficiency.
Sentiment score
3.5
Wazuh offers rapid detection and response, reducing costs and ensuring high ROI for small to medium businesses without security compromises.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
 

Customer Service

Sentiment score
6.6
Cortex XDR support is praised for responsiveness but criticized for delayed responses and knowledge gaps in certain regions.
Sentiment score
4.3
Wazuh's support is praised, but response times vary; satisfaction ranges from 7 to 9 out of 10.
Their support is efficient and responsive whenever I raise a ticket through my portal.
Every vendor has similar support; it depends on how the case is handled and raised.
There is no dedicated technical support for Wazuh as it is open source.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
We use the open-source version of Wazuh, which does not provide paid support.
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable, efficient data handling across Linux, Mac, and Windows, praised for simplifying large enterprise management.
Sentiment score
7.4
Wazuh is scalable and adaptable but requires technical expertise for setup and may struggle with massive data handling.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
 

Stability Issues

Sentiment score
8.1
Cortex XDR is praised for its stability and reliability, with minor issues noted but generally offering seamless protection.
Sentiment score
7.0
Wazuh is generally stable and reliable for small to mid-level businesses, though updates and configuration errors can cause issues.
Cortex XDR is stable, offering high quality and reliable performance.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
 

Room For Improvement

Cortex XDR struggles with integration, high memory, false positives, limited features, complex setup, and lacks enhanced support and customization.
Wazuh needs scalability, user interface improvements, better AI, cloud integration, Unix support, and efficient threat detection features.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
There is room for improvement by integrating more AI into Wazuh.
An issue I noticed is with tag values in certain rules not functioning properly.
 

Setup Cost

Enterprise buyers view Cortex XDR as expensive yet flexible, offering scalable licensing with varying costs based on features and users.
Wazuh provides cost-effective, open-source security with free software but may incur costs for support, storage, and Wazuh Cloud enhancements.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Totaling around two lakh Indian rupees per month.
Since Wazuh is open source, the pricing for support could be applicable to medium-sized companies without much issue.
 

Valuable Features

Cortex XDR excels in cybersecurity with advanced detection, ease of use, and integration, offering scalable, efficient threat management.
Wazuh provides comprehensive security features, scalability, and cost-effectiveness, supporting diverse environments and regulatory compliance with strong community support.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
The fact that it is open source means it is always being expanded, which is beneficial for customizing solutions for individual client requests.
We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh.
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs.
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
7th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Wazuh
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
7.4
Reviews Sentiment
6.3
Number of Reviews
46
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd)
 

Mindshare comparison

As of April 2025, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 5.6%, down from 6.8% compared to the previous year. The mindshare of Wazuh is 13.0%, up from 10.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Computer Software Company
16%
Comms Service Provider
8%
University
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements. This maintenance can be quite labor-int...
What is your primary use case for Wazuh?
We use Wazuh as a SIEM solution because it is open source, highly customizable, and continually expanding. Our clients can request various solutions for their issues, which Wazuh is able to address.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Wazuh and other solutions. Updated: March 2025.
844,944 professionals have used our research since 2012.