Elastic Security requires a longer setup time and has a steeper learning curve than Wazuh, but it excels in real-time monitoring, scalability, and advanced threat hunting. Wazuh, appreciated for its support and reasonable pricing, offers efficient log analysis and customizable alerts but needs UI and integration improvements.
The summary above is based on 48 interviews we conducted recently with Elastic Security and Wazuh users. To access the review's full transcripts, download our report.
Providing necessary assistance efficiently.
There is no dedicated technical support for Wazuh as it is open source.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
We use the open-source version of Wazuh, which does not provide paid support.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
In terms of stability, I would rate Elastic a solid eight out of ten.
The stability of Wazuh is largely dependent on maintenance.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
There is room for improvement by integrating more AI into Wazuh.
An issue I noticed is with tag values in certain rules not functioning properly.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
Elastic Security is considered cost-effective, especially at lower EPS levels.
Totaling around two lakh Indian rupees per month.
Since Wazuh is open source, the pricing for support could be applicable to medium-sized companies without much issue.
Elastic Security is as flexible and configurable as Microsoft Sentinel.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
Wazuh is a SIEM tool that is highly customizable and versatile.
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs.
We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.
Wazuh Capabilities
Some of Wazuh’s most notable capabilities include:
Wazuh Benefits
Some of the most valued benefits of Wazuh include:
Wazuh Offers
Reviews From Real Users
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited
“The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.