We performed a comparison between Microsoft Defender XDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The threat intelligence is excellent."
"It has efficient SCA capabilities."
"The configuration assessment and Pile integrity monitoring features are decent."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"The most valuable features are the modules and metrics."
"It is a stable solution."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Good for monitoring, active response, and for vulnerabilities."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"Advanced attacks could use an improvement."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The data recovery and backup could be improved."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"There could be a hardware monitoring tool for the solution."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Wazuh is missing many things that a typical SIEM should have."
"The tool doesn't detect anomalies or new environments."
"The computing resources are consuming and do not make sense."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"A lack of certain features creates limitations."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Microsoft Defender XDR is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Trend Vision One and Microsoft Sentinel, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Microsoft Defender XDR vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.