We performed a comparison between Graylog Security and Wazuh based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The automation feature is valuable."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"We have no complaints about the features or functionality."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The tool aggregates logs. We can see the logs in one place."
"We use the solution to collect logs."
"Good for monitoring, active response, and for vulnerabilities."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"The configuration assessment and Pile integrity monitoring features are decent."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The main thing I like about it is that it has an EDR."
"Its cost-effectiveness is the most valuable aspect."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"One key area that can be improved is by building a strong integration with our XDR platform."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We'd like also a better ticketing system, which is older."
"Graylog Security needs to incorporate security scorecards."
"The tool does not provide CTI to monitor darknet."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"The computing resources are consuming and do not make sense."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Its configuration process is time-consuming."
"The only challenge we faced with Wazuh was the lack of direct support."
"We would like to see more improvements on the cloud."
Graylog Security is ranked 34th in Security Information and Event Management (SIEM) with 2 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Graylog Security is rated 8.6, while Wazuh is rated 7.4. The top reviewer of Graylog Security writes "Helps to collect logs and pricing is cheap ". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Graylog Security is most compared with Microsoft Defender XDR, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and CrowdStrike Falcon.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.