We performed a comparison between AT&T AlienVault USM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The main difference between the two products is that Wazuh users say the product is missing threat intelligence. In addition, Wazuh users do not mention an ROI. For these reasons, AT&T AlienVault USM is the winner in this comparison.
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The analytic rule is the most valuable feature."
"The UI-based analytics are excellent."
"Log aggregation and data connectors are the most valuable features."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It is my "security person" looking at irregularities and letting me know when something has occurred."
"It allows you to define what alerts you want to see, or not to see, as well as if you want them grouped, or ungrouped."
"The dashboards are very descriptive and contain just the right amount of information. The activity alarms and events contain a plethora of data that is very descriptive and useful."
"Its powerful correlation engine helps reduce time in manually correlating events."
"AlienVault has an advanced component within one package. With this, we can cover more area with one solution."
"The best thing about AlienVault USM is it being a “Jack-of-All Trades” solution. It provides SIEM, HIDS/NIDS, FIM, NetFlow, Asset Management, Vulnerability Management, etc., under one USM platform. None of the commercial SIEM vendors like ArcSight, McAfee, etc., can boast of such a diverse feature set."
"The most valuable feature of this solution is security management for PCI DSS."
"The solution is stable."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"It's stable."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"The deployment is easy and they provide very good documentation."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The product’s interface is intuitive."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"I would like to be able to monitor applications outside of the Azure Cloud."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The solution should allow for a streamlined CI/CD procedure."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"We'd like also a better ticketing system, which is older."
"It was easy on PoC, but when we got to the product it was different story. We had to learn the product again and got feeling that the PoC was a different product."
"As this software is in the cloud, you do not have control on updates and general changes which are happening."
"Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."
"The solution already has quite good tools, however, they need better integration tools for linking with Office 365, Google Suite, and so on."
"USM Anywhere relies a lot on the community putting the data in. Often, you'll right-click on the attack, but nothing will be found. That's a weakness of it."
"Maybe logs are the problem, as the database query is too slow. If you want to search something, you need time to find it."
"I've been told that AlienVault doesn't have a full version of NES running in there, but I'm not sure if that's accurate or if my engineer made it that way. I'm not sure he was completely honest either because we had NES in the environment before. Those tools could be improved because AlienVault is a SIEM, and it added all these other features."
"We develop additional rules and scripts to make it more usable."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"The implementation is very complex."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
USM Anywhere is ranked 15th in Log Management with 113 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. USM Anywhere is rated 8.4, while Wazuh is rated 7.4. The top reviewer of USM Anywhere writes "Easy to use and affordable". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". USM Anywhere is most compared with AlienVault OSSIM, IBM Security QRadar, Splunk Enterprise Security, Rapid7 InsightIDR and LogRhythm SIEM, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security and AlienVault OSSIM. See our USM Anywhere vs. Wazuh report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.