We performed a comparison between Cortex XDR by Palo Alto Networks and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The product is very easy to use."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The integrations are out-of-the-box, as are the playbooks."
"I've found the solution to be highly scalable for enterprises."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The deployment is easy and they provide very good documentation."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"It has efficient SCA capabilities."
"Wazuh is simple to use for PCI compliance."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"It's stable."
"Wazuh has very flexible and robust features."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"There could be a way to proactively monitor unusual activity ."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"The tool needs to be improved in terms of integration and interface."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The product's pricing could be better."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"There could be a hardware monitoring tool for the solution."
"While it is scalable, it can suffer from reduced latencies."
"The tool does not provide CTI to monitor darknet."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"The tool doesn't detect anomalies or new environments."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"The deployment is a bit complex."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our Cortex XDR by Palo Alto Networks vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.