We performed a comparison between SentinelOne Singularity Complete and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"Microsoft 365 Defender is a good solution and easy to use."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions"
"The most valuable features of SentinelOne are the endpoint detection of threats, and it does not only rely on signatures for detection."
"The most valuable feature of SentinelOne is the EDR functionality. We are protected against threats, such as ransomware."
"SentinelOne is very lightweight. It doesn’t consume much memory of endpoints. Endpoints don't hang, and machine performance doesn’t get impacted. Their technical support is also very nice."
"The fact that SentinelOne is actively looking for threats and runs them against the hash on the Internet to determine if they are malicious or not, is what takes it to the next level compared to other antivirus products."
"I find the application inventory feature to be extremely useful."
"The tool's most valuable feature is EDR."
"The solution has helped reduce our alerts."
"If they support a solution, it is easy to do an integration."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"It's stable."
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"The product is easy to customize."
"The MITRE ATT&CK correlation is most valuable."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The management and automation of the cloud apps have room for improvement."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"It seems like they are doing a lot with their automatic updates. They can maybe slow down the actual release cycle to make it easier to deploy the most recent and then do it using the live update. They can continue to work on that because trying to get agent changes through change management platforms and get approvals and testing can be quite difficult."
"Deployment strategy for large organizations that do not use active directory (AD)."
"Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better."
"The biggest thing for me in terms of improvements is the online console. There are frequent updates, and sometimes we'll get a little agitated getting signed in."
"The improvement could be in terms of reducing more noise and continuing to cut that down. AI seems to be the big thing with Purple. We are excited to get our hands on that."
"The documentation provided for implementation is not adequate and has caused us challenges."
"The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do."
"SentinelOne's performance and the accuracy of its incident filtering could be improved."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"It would be great if there could be customization for the decoder portion."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"The implementation is very complex."
More SentinelOne Singularity Complete Pricing and Cost Advice →
SentinelOne Singularity Complete is ranked 2nd in Extended Detection and Response (XDR) with 177 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. SentinelOne Singularity Complete is rated 8.8, while Wazuh is rated 7.4. The top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Check Point Harmony Endpoint, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our SentinelOne Singularity Complete vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.