Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Wazuh comparison

Elastic and Wazuh are both solutions in the Log Management category. Elastic is ranked #5 with an average rating of 7.7, while Wazuh is ranked #2 with an average rating of 7.6. Elastic holds a 4.8% mindshare in LM, compared to Wazuh’s 17.0% mindshare. Additionally, 85% of Elastic users are willing to recommend the solution, compared to 79% of Wazuh users who would recommend it.
Elastic Security
Read 62 Elastic Security reviews
  • 10,239 Views
  • 8,567 Comparison Views
85% willing to recommend
Wazuh
Read 45 Wazuh reviews
  • 34,744 Views
  • 20,524 Comparison Views
79% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 9, 2024

Elastic Security requires a longer setup time and has a steeper learning curve than Wazuh, but it excels in real-time monitoring, scalability, and advanced threat hunting. Wazuh, appreciated for its support and reasonable pricing, offers efficient log analysis and customizable alerts but needs UI and integration improvements.

  • Features: Elastic Security excels in real-time monitoring and advanced threat hunting, offering deep data insights and high scalability. Wazuh's standout features include robust security, customizable alerts, and a user-friendly interface with extensive documentation.
  • Pricing and ROI: Elastic Security setup costs are considered reasonable but may require clarity on complex licensing structures. Wazuh offers a straightforward setup with flexible licensing options. Wazuh appears more user-friendly in terms of understanding setup and licensing. Elastic Security boasts higher ROI through enhanced threat detection, cost-effectiveness, and reduced operational overhead. Wazuh delivers positive ROI but lacks the comprehensive features of Elastic Security.
  • Room for Improvement: Elastic Security needs UI refinements, better performance with large datasets, and improved documentation. Wazuh also needs a more intuitive UI and better integration but specifically lacks customizable reporting options and clearer documentation.
  • Deployment and customer support: User reviews suggest Elastic Security requires a more involved and time-consuming deployment and setup process, indicating a steeper learning curve. Wazuh seems to have quicker deployment and setup times, suggesting a simpler implementation. Elastic Security customers praise the promptness, professionalism, and detailed guidance of the support team. Wazuh users highlight the knowledgeable, responsive, and efficient assistance. Elastic Security excels in clarifying technical concepts; Wazuh focuses on efficient problem resolution.

The summary above is based on 48 interviews we conducted recently with Elastic Security and Wazuh users. To access the review's full transcripts, download our report.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Elastic Security vs. Wazuh Report (Updated: November 2024).
Buyer's Guide
Elastic Security vs. Wazuh
November 2024
Download the complete report
Helped 824,053 peers since 2012
 

Categories and Ranking

Elastic Security
Ranking in Log Management
5th
Ranking in Security Information and Event Management (SIEM)
5th
Ranking in Extended Detection and Response (XDR)
8th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
62
Ranking in other categories
Endpoint Detection and Response (EDR) (16th), Security Orchestration Automation and Response (SOAR) (6th)
Wazuh
Ranking in Log Management
2nd
Ranking in Security Information and Event Management (SIEM)
2nd
Ranking in Extended Detection and Response (XDR)
3rd
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
45
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of December 2024, in the Log Management category, the mindshare of Elastic Security is 4.8%, down from 7.7% compared to the previous year. The mindshare of Wazuh is 17.0%, up from 13.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Log Management
 

Featured Reviews

Gajewski Marek - PeerSpot reviewer
Provides good anomaly detection and connectivity reporting
We previously used Splunk but switched to Elastic Security because Splunk was more expensive. Feature-wise, both tools are pretty much the same. They have almost the same functions. Elastic Security has a much better AI assistant that allows you to ask questions like a normal person. With Elastic Security, I can also predict the price and how much it will cost. Splunks's pricing depends on how much data we use and the different add-ons I have to add. The pricing is much better with Elastic Security.
Read full review
AKASH MAJUMDER - PeerSpot reviewer
Open-source platform with custom alerting
There are three key strengths of Wazuh that stand out to me. Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly. Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in. Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"I like the indexing of the logs."
"Elastic Security is very easy to adapt."
"The most valuable feature is the speed, as it responds in a very short time."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"Elastic Security is cost-effective compared to Defender and CrowdStrike."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
More Elastic Security pros
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Wazuh is simple to use for PCI compliance."
"We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh."
"The product's initial setup phase was easy."
"It offers built-in modules for file integrity and vulnerability management."
"The solution is easy to maintain."
"Its cost-effectiveness is the most valuable aspect."
"If they support a solution, it is easy to do an integration."
More Wazuh pros
 

Cons

"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Better integration with third-party APMs would be really good."
"It could use maybe a little more on the Linux side."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
More Elastic Security cons
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh."
"Wazuh is missing many things that a typical SIEM should have."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"The computing resources are consuming and do not make sense."
"The deployment is a bit complex."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
More Wazuh cons
 

Pricing and Cost Advice

"There is no charge for using the open-source version."
"The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
"Elastic Stack is an open-source tool. You don't have to pay anything for the components."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"We are using the free, open-source version of this solution."
"This is an open-source product, so there are no costs."
More Elastic Security pricing and cost advice
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"We use the free version of Wazuh."
"The solution's pricing is very competitive."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"Wazuh is free and open source."
"The solution's cost is above the average."
"Wazuh is a good tool, but the open-source version has scalability limitations."
More Wazuh pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Log Management solutions are best for your needs.
See recommendations
824,053 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
10%
Government
10%
University
7%
Computer Software Company
16%
Comms Service Provider
7%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
See all answers
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
See all answers
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is cost-effective compared to Defender and CrowdStrike. The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building...
See all answers
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
See all answers
What needs improvement with Wazuh?
I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear...
See all answers
What is your primary use case for Wazuh?
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and...
See all answers
 

Comparisons

CrowdStrike Falcon vs Elastic Security Logo
CrowdStrike Falcon vs Elastic Security
Compared 8% of the time
IBM Security QRadar vs Elastic Security Logo
IBM Security QRadar vs Elastic Security
Compared 7% of the time
Microsoft Sentinel vs Elastic Security Logo
Microsoft Sentinel vs Elastic Security
Compared 6% of the time
Splunk Enterprise Security vs Elastic Security Logo
Splunk Enterprise Security vs Elastic Security
Compared 6% of the time
Microsoft Defender for Endpoint vs Elastic Security Logo
Microsoft Defender for Endpoint vs Elastic Security
Compared 5% of the time
More Elastic Security Competitors
Security Onion vs Wazuh Logo
Security Onion vs Wazuh
Compared 16% of the time
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Compared 9% of the time
Elastic Stack vs Wazuh Logo
Elastic Stack vs Wazuh
Compared 9% of the time
Graylog vs Wazuh Logo
Graylog vs Wazuh
Compared 5% of the time
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Compared 5% of the time
More Wazuh Competitors
 

Product Reports

Buyer's Guide
Elastic Security
December 2024
Elastic Security reportDownload Elastic Security product report
Buyer's Guide
Wazuh
November 2024
Wazuh reportDownload Wazuh product report
 

Also Known As

Elastic SIEM, ELK Logstash
No data available
 

Learn More

Elastic
Wazuh
 

Overview

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

  • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
  • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
  • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Information Not Available
Buyer's Guide
Elastic Security vs. Wazuh
November 2024
Free Report: Elastic Security vs. Wazuh
Find out what your peers are saying about Elastic Security vs. Wazuh and other solutions. Updated: November 2024.
DOWNLOAD NOW
824,053 professionals have used our research since 2012.
See our Elastic Security vs. Wazuh report.

We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.