Elastic Observability and Wazuh compete in the fields of centralized logging, incident response, and security management. Elastic Observability seems to have the upper hand due to its comprehensive and flexible nature, offering a more mature and feature-rich solution.
Features: Elastic Observability provides tools for centralized logging, incident response, and robust monitoring. Its quick search capability across various data sources and integration options make it adaptable. Wazuh focuses on security with file integrity monitoring, compliance management, and vulnerability detection, highlighting its open-source and cost-effective model.
Room for Improvement: Elastic Observability could improve intuitive visualizations and auto-discovery capabilities, as its current manual setup is cumbersome. Its pricing for advanced features may be an obstacle. Wazuh could enhance scalability, integration, and real-time monitoring, alongside improving user interfaces.
Ease of Deployment and Customer Service: Both Elastic Observability and Wazuh support on-premises, public cloud, and hybrid cloud deployments. Elastic has reliable technical support but faces deployment complexity due to configurations. Wazuh benefits from community support, with vendor support potentially complicating larger deployments.
Pricing and ROI: Elastic offers a cost-effective licensing model with strong ROI in time efficiency and incident reduction, though higher in public cloud scenarios. Wazuh's open-source nature removes licensing fees, appealing to budget-conscious organizations, though manual configuration can increase total cost of ownership.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Elastic support really struggles in complex situations to resolve issues.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
Elastic Observability seems to have a good scale-out capability.
Elastic Observability is easy in deployment in general for small scale, but when you deploy it at a really large scale, the complexity comes with the customizations.
What is not scalable for us is not on Elastic's side.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
There are some bugs that come with each release, but they are keen always to build major versions and minor versions on time, including the CVE vulnerabilities to fix it.
It is very stable, and I would rate it ten out of ten based on my interaction with it.
Elastic Observability is really stable.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
For instance, if you have many error logs and want to create a rule with a custom query, such as triggering an alert for five errors in the last hour, all you need to do is open the AI bot, type this question, and it generates an Elastic query for you to use in your alert rules.
It lacked some capabilities when handling on-prem devices, like network observability, package flow analysis, and device performance data on the infrastructure side.
Some areas such as AI Ops still require data scientists to understand machine learning and AI, and it doesn't have a quick win with no-brainer use cases.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
The license is reasonably priced, however, the VMs where we host the solution are extremely expensive, making the overall cost in the public cloud high.
Elastic Observability is cost-efficient and provides all features in the enterprise license without asset-based licensing.
Observability is actually cheaper compared to logs because you're not indexing huge blobs of text and trying to parse those.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
The most valuable feature is the integrated platform that allows customers to start from observability and expand into other areas like security, EDR solutions, etc.
the most valued feature of Elastic is its log analytics capabilities.
All the features that we use, such as monitoring, dashboarding, reporting, the possibility of alerting, and the way we index the data, are important.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Market Share (%) |
|---|---|
| Wazuh | 12.6% |
| Elastic Observability | 1.3% |
| Other | 86.1% |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 4 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
Elastic Observability offers a comprehensive suite for log analytics, application performance monitoring, and machine learning. It integrates seamlessly with platforms like Teams and Slack, enhancing data visualization and scalability for real-time insights.
Elastic Observability is designed to support production environments with features like logging, data collection, and infrastructure tracking. Centralized logging and powerful search functionalities make incident response and performance tracking efficient. Elastic APM and Kibana facilitate detailed data visualization, promoting rapid troubleshooting and effective system performance analysis. Integrated services and extensive connectivity options enhance its role in business and technical decision-making by providing actionable data insights.
What are the most important features of Elastic Observability?Elastic Observability is employed across industries for critical operations, such as in finance for transaction monitoring, in healthcare for secure data management, and in technology for optimizing application performance. Its data-driven approach aids efficient event tracing, supporting diverse industry requirements.
Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.
Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.
What are the essential features of Wazuh?Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
