We performed a comparison between Microsoft Sentinel and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Sentinel effectively identifies threats and integrates seamlessly with other Microsoft solutions. Users say Sentinel makes it easy to find information quickly using KQL queries and praised the solution’s centralized log storage. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Microsoft Sentinel could benefit from simplifying documentation, enhancing collaboration with security vendors, and improving data ingestion. Users also want more robust threat intelligence and UEBA features. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some users praised Microsoft’s quick response times and expertise, while others experienced challenges and support delays. Wazuh's customer service is generally deemed satisfactory overall, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some users said that deploying Microsoft Sentinel is straightforward, while others consider it to be moderately complex. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: Microsoft Sentinel charges customers based on data usage, and it can be expensive for users who need to ingest data from non-cloud sources. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Some Sentinel users have seen cost savings, while others have not experienced any financial benefits. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
Comparison Results: Our users prefer Microsoft Sentinel over Wazuh. Users appreciate its advanced threat-hunting capabilities, automation, and analysis. Microsoft Sentinel also offers seamless integrations with different software platforms and provides a single pane of glass view of security incidents.
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Wazuh is simple to use for PCI compliance."
"Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation."
"The deployment is easy and they provide very good documentation."
"The MITRE ATT&CK correlation is most valuable."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"It offers built-in modules for file integrity and vulnerability management."
"It has efficient SCA capabilities."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The solution should allow for a streamlined CI/CD procedure."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"We'd like to see more connectors."
"Sentinel's reporting is complex and can be more user-friendly."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"While it is scalable, it can suffer from reduced latencies."
"It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"The tool doesn't detect anomalies or new environments."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Microsoft Sentinel is rated 8.2, while Wazuh is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Google Chronicle Suite, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and CrowdStrike Falcon. See our Microsoft Sentinel vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.