We performed a comparison between Splunk and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Splunk easily wins out in this comparison. Compared with Wazuh, it is a mature and robust solution with a proven ROI.
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The flexibility of the solution is quite good."
"Easy to deploy and simple to use."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"The most valuable feature is the incident dashboard, and the extensive use of correlation searches, which isn't available with a standard Splunk search package. This feature is important to me because it enables SOC analysts to do their job more efficiently and be able to investigate or mediate incidents at a faster pace."
"The best part of Splunk Enterprise Security is its customizable settings."
"Great platform with user-friendly interface and GUI."
"It's better than IBM, in my opinion, because it's an independent entity."
"It allows for transparency into IT metrics for insightful business analytics."
"The main thing I like about it is that it has an EDR."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"It is a stable solution."
"Wazuh is simple to use for PCI compliance."
"Its cost-effectiveness is the most valuable aspect."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"The only thing is sometimes you can have a false positive."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"I think the number one area of improvement for Sentinel would be the cost."
"It is a hugely complicated product."
"The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however."
"Splunk could have more built-in use case presets that customers can build on and customize."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"A lot of people are averse to using new tools so if they make it even more user-friendly than it already is, I think that could go a long way."
"It needs more thoroughly tested releases. Every new big version (6, 7, etc.) has had so many bugs that it makes me wary of customers upgrading right away."
"Technical support needs to be more responsive."
"Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Since it's an open-source tool, scalability is the main issue."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"The implementation is very complex."
"Some features, like alerting, are complex with Wazuh."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
Splunk Enterprise Security is ranked 1st in Log Management with 228 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Splunk Enterprise Security is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Splunk Enterprise Security is most compared with Dynatrace, IBM Security QRadar, Elastic Security, Datadog and Azure Monitor, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Graylog and Fortinet FortiAnalyzer. See our Splunk Enterprise Security vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.