We performed a comparison between Wazuh and Elastic Security based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison results: Based on the parameters we compared, Wazuh comes out ahead of Elastic Security. While both offer valuable vulnerability detection, Elastic Security’s lack of AI capabilities and lack of tech support leave room for improvement.
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The summarization of emails is a valuable feature."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"The product has huge integration varieties available."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The performance is good and it is faster than IBM QRadar."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"I like the indexing of the logs."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"The tool is stable."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The most valuable feature of Wazuh is the ELK for doing an investigation."
"It has efficient SCA capabilities."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Advanced attacks could use an improvement."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The web filtering solution needs to be improved because currently, it is very simple."
"The solution does not offer a unified response and standard data."
"The support team is not competent or responsive."
"The price should be adjustable by region."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The tool should improve its scalability."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"The tool does not provide CTI to monitor darknet."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"The deployment is a bit complex."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"The implementation is very complex."
"A lack of certain features creates limitations."
Elastic Security is ranked 5th in Log Management with 59 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Elastic Security is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Elastic Security is most compared with Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Wazuh is most compared with Security Onion, Splunk Enterprise Security, AlienVault OSSIM, Graylog and Cortex XDR by Palo Alto Networks. See our Elastic Security vs. Wazuh report.
See our list of best Log Management vendors, best Security Information and Event Management (SIEM) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.