• Home
  • AWS Security Hub vs. Wazuh

AWS Security Hub vs Wazuh comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
31,886 views|17,713 comparisons
92% willing to recommend
Amazon Web Services (AWS) Logo
AWS Security Hub
Read 17 AWS Security Hub reviews
8,071 views|6,749 comparisons
89% willing to recommend
Wazuh Logo
Wazuh
Read 38 Wazuh reviews
29,433 views|15,888 comparisons
75% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
AWS Security Hub vs. Wazuh
May 2024
Executive Summary

We performed a comparison between AWS Security Hub and Wazuh based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AWS Security Hub vs. Wazuh Report (Updated: May 2024).
Download the complete report
771,157 professionals have used our research since 2012.
Featured Review
Joseph Messina
Helps save us time, streamlines event investigations, and improves our visibility
Sentinel provides us with a unified set of tools for detecting, investigating, and responding to incidents. This centralized approach offers both... Read more →
Anonymous User
A centralized dashboard that enables efficient monitoring and management of possible security issues
Usman Arif
Transforming security features with notable vulnerability reduction and comprehensive compliance
Before the deployment of Wazuh, we faced challenges related to vulnerability management and version change history. Vulnerabilities often went... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products.""The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources.""It has a lot of great features.""The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects.""Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information.""There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.""It's pretty powerful and its performance is pretty good.""The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."

More Microsoft Sentinel Pros →

"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources.""The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.""Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup.""The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture.""The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution.""Very good at detection and providing real-time alerts.""It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale.""I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."

More AWS Security Hub Pros →

"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance.""Wazuh has very flexible and robust features.""The tool is stable.""It offers built-in modules for file integrity and vulnerability management.""The product’s interface is intuitive.""One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability.""The configuration assessment and Pile integrity monitoring features are decent.""It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."

More Wazuh Pros →

Cons
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed.""If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries.""The solution could be more user-friendly; some query languages are required to operate it.""Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized.""Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider.""I would like to see more AI used in processes.""Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification.""Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."

More Microsoft Sentinel Cons →

"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve.""We need more granular-level customizations to enable or disable the rules in AWS Security Hub.""The solution should be easier to learn and use""The solution lacks self-sufficiency.""One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function.""It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better.""The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update.""The support must be quicker."

More AWS Security Hub Cons →

"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh.""Some features, like alerting, are complex with Wazuh.""A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial.""The tool doesn't detect anomalies or new environments.""Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions.""Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage.""It would be great if there could be customization for the decoder portion.""Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."

More Wazuh Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "The price of the solution is not very competitive but it is reasonable."
  • "The price of AWS Security Hub is average compared to other solutions."
  • "The pricing is fine. It is not an expensive tool."
  • "AWS Security Hub's pricing is pretty reasonable."
  • "There are multiple subscription models, like yearly, monthly, and packaged."
  • "AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
  • "Security Hub is not an expensive solution."

    • More AWS Security Hub Pricing and Cost Advice →

  • "Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
  • "There is not a license required for Wazuh."
  • "Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
  • "Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
  • "Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
  • "Wazuh has a community edition, and I was using that. It's free and open source."
  • "The current pricing is open source."
  • "Wazuh is free and open source."

    • More Wazuh Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    771,157 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about AWS Security Hub?
    Top Answer:The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances… more »
    Read all 12 answers   →
    What needs improvement with AWS Security Hub?
    Top Answer:We are facing some cost-related issues with the solution. We integrated a couple of services into AWS Security Hub, and… more »
    Read all 12 answers   →
    What is your primary use case for AWS Security Hub?
    Top Answer:We use AWS Security Hub for cloud security posture management and automated remediation.
    Read all 12 answers   →
    What do you like most about Wazuh?
    Top Answer:Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
    Read all 28 answers   →
    What needs improvement with Wazuh?
    Top Answer:I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated… more »
    Read all 28 answers   →
    What is your primary use case for Wazuh?
    Top Answer:We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The… more »
    Read all 26 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Learn More
    Microsoft
    Amazon Web Services (AWS)
    Wazuh
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

    The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

    With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

    Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

    It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

    • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
    • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
    • Elastic Stack is where alerts are indexed and stored.

    Wazuh Capabilities

    Some of Wazuh’s most notable capabilities include:

    • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

    • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

    • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

    • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

    • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
    • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

    • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

    • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

    • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

    Wazuh Benefits

    Some of the most valued benefits of Wazuh include:

    • No vendor lock-in
    • No license costs
    • Uses lightweight, multi-platform agents
    • Free community support

    Wazuh Offers

    • Annual support and maintenance
    • Assistance with deployment and configuration
    • Training and instructional hands-on courses

    Reviews From Real Users

    "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

    The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Edmunds, Frame.io, GoDaddy, Realtor.com
    Information Not Available
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Computer Software Company23%
    Financial Services Firm15%
    Recruiting/Hr Firm8%
    Non Profit8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm12%
    Manufacturing Company8%
    Government7%
    REVIEWERS
    Computer Software Company25%
    Comms Service Provider18%
    Security Firm14%
    Financial Services Firm11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Comms Service Provider8%
    Government7%
    Financial Services Firm7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business41%
    Midsize Enterprise18%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business23%
    Midsize Enterprise13%
    Large Enterprise64%
    REVIEWERS
    Small Business54%
    Midsize Enterprise28%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise20%
    Large Enterprise48%
    Buyer's Guide
    AWS Security Hub vs. Wazuh
    May 2024
    Free Report: AWS Security Hub vs. Wazuh
    Find out what your peers are saying about AWS Security Hub vs. Wazuh and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    771,157 professionals have used our research since 2012.

    AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. AWS Security Hub is rated 7.6, while Wazuh is rated 7.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Lacework, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and CrowdStrike Falcon. See our AWS Security Hub vs. Wazuh report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.