Try our new research platform with insights from 80,000+ expert users

Gurucul UEBA vs Wazuh comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Gurucul UEBA
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
4
Ranking in other categories
User Entity Behavior Analytics (UEBA) (6th)
Wazuh
Average Rating
7.4
Reviews Sentiment
6.3
Number of Reviews
46
Ranking in other categories
Log Management (1st), Security Information and Event Management (SIEM) (2nd), Extended Detection and Response (XDR) (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Gurucul UEBA is designed for User Entity Behavior Analytics (UEBA) and holds a mindshare of 4.0%, up 2.6% compared to last year.
Wazuh, on the other hand, focuses on Security Information and Event Management (SIEM), holds 14.3% mindshare, down 14.9% since last year.
User Entity Behavior Analytics (UEBA)
Security Information and Event Management (SIEM)
 

Q&A Highlights

UT
Feb 07, 2025
 

Featured Reviews

Ravi Shekharan - PeerSpot reviewer
Helped reduce our operational costs and increase our efficiency, but it can be more user-friendly
Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design. Gurucul UEBA needs to be more user-friendly. I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.
Sandip_Patel - PeerSpot reviewer
Evaluating robust file monitoring with insights for community support improvements
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If you are genuinely looking for a UEBA solution, you should choose Gurucul confidently if your need is strictly UEBA."
"The most valuable feature of Gurucul is the ability to customize and it is on the Hadoop platform that has a lot of flexibility."
"I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS."
"The reporting feature was the key differentiator. I also liked the ability to create dynamic rules in the environment."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh has very flexible and robust features."
"I would recommend Wazuh to others."
"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
 

Cons

"It could be more stable."
"Technical support is good but can improve. I would rate it six to seven out of ten. The main issue is response time, which can take three to four hours even for simple queries."
"Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system."
"Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"The computing resources are consuming and do not make sense."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"The only challenge we faced with Wazuh was the lack of direct support."
"A lack of certain features creates limitations."
"Since it's an open-source tool, scalability is the main issue."
"Wazuh is missing many things that a typical SIEM should have."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
 

Pricing and Cost Advice

"The price of Gurucul is competitive."
"The price is fair. In fact, I believe it was on the cheaper side when compared to the competition."
"Wazuh is a good tool, but the open-source version has scalability limitations."
"The solution's pricing is very competitive."
"Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"Wazuh is free and open source."
"My client uses the open-source version of Wazuh."
"Wazuh is a cheaply priced product."
"It is an open-source product."
report
Use our free recommendation engine to learn which User Entity Behavior Analytics (UEBA) solutions are best for your needs.
848,716 professionals have used our research since 2012.
 

Answers from the Community

UT
Feb 7, 2025
Feb 7, 2025
Next-gen SIEM solutions are designed as cloud-native software as a service (SaaS) platforms, providing more elastic scaling and functionality across decentralized, hybrid, and multi-cloud environments in contrast to traditional solutions.
2 out of 3 answers
Jan 14, 2023
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security detections. Next-Gen solutions typically offer more pre-built detections and require less maintenance compared to traditional SIEMs, which primarily focus on collecting log data.   Comparing Gurucul and Wazuh, some key differences between the two include: Wazuh is open-source, while Gurucul's SIEM solution is proprietary. Wazuh focuses on providing detailed visibility and control over an organization's endpoint security, whereas Gurucul's SIEM solution provides a broader range of security features such as threat intelligence, user behavior analytics, and incident response.
SiddhantMishra - PeerSpot reviewer
Jan 16, 2023
SIEM (Security Information and Event Management) is a security management system that uses software to collect, store, and analyze security-related data from various sources. It provides a centralized view of the security posture of an organization by correlating events from different sources, such as network devices, servers, and applications. Next-gen SIEM solutions, also known as "modern" or "advanced" SIEMs, build on the basic functionality of traditional SIEMs by adding new capabilities such as: - Machine learning and artificial intelligence to improve threat detection and reduce false positives - Cloud-based deployment for greater scalability and flexibility - Integration with other security tools such as endpoint protection and vulnerability management - Automated incident response and threat hunting - Greater visibility into modern technologies such as cloud environments and IoT devices. In summary, Next-gen SIEMs offer more advanced analytics, automation, and improved scalability, to help with detecting and responding to cyber threats in real time. Wazuh is an open-source security platform that provides an integrated solution for threat detection, incident response, and compliance. It is built on top of Elastic Stack and provides an agent-based architecture for data collection and centralized management. Wazuh focuses on providing endpoint security by monitoring and alerting system activity, file integrity, and vulnerabilities. Gurucul, on the other hand, is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time. It also provides a centralized view of security-related data and can integrate with a variety of security tools. Gurucul focuses on providing user and entity behavior analytics (UEBA) and fraud detection, it can identify anomalies and suspicious activities in an organization's network, applications, and user behavior. In summary, Wazuh is an open source endpoint security platform, while Gurucul is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time.
 

Top Industries

By visitors reading reviews
Computer Software Company
19%
Financial Services Firm
10%
Healthcare Company
7%
Manufacturing Company
5%
Computer Software Company
16%
Comms Service Provider
8%
University
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Gurucul?
I appreciate the comprehensive categorization of devices based on their intended use, such as those for DNS.
What needs improvement with Gurucul?
For improvement, I have requested three enhancement tickets, which are already lodged with the Gurucul support team. The first request is to add a visualization option in reports for charts or grap...
What is your primary use case for Gurucul?
Regarding the use cases, I have created many use cases in Gurucul UEBA. It's easy to create use cases based on behaviors.
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements. This maintenance can be quite labor-int...
What is your primary use case for Wazuh?
We use Wazuh as a SIEM solution because it is open source, highly customizable, and continually expanding. Our clients can request various solutions for their issues, which Wazuh is able to address.
 

Comparisons

 

Overview

 

Sample Customers

Global semi-conductor company
Information Not Available
Find out what your peers are saying about IBM, Rapid7, Exabeam and others in User Entity Behavior Analytics (UEBA). Updated: April 2025.
848,716 professionals have used our research since 2012.