Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA [EOL] vs Wazuh comparison

Exabeam and Wazuh are both solutions in the Extended Detection and Response (XDR) category. Additionally, 55% of Exabeam users are willing to recommend the solution, compared to 80% of Wazuh users who would recommend it.
LogRhythm UEBA [EOL]
Read 11 LogRhythm UEBA [EOL] reviews
    55% willing to recommend
    Wazuh
    Read 48 Wazuh reviews
    • 45,325 Views
    • 12,691 Comparison Views
    80% willing to recommend
     

    Comparison Buyer's Guide

    Download the report
    Executive SummaryUpdated on Jul 24, 2025

    Wazuh and LogRhythm UEBA are competitors in the security software sector. Wazuh appears to have the upper hand due to its open-source flexibility and robust integration capabilities.

    Features: Wazuh is recognized for its SIEM features, integration with ELK for forensic analysis, and cloud-native capability, enhancing its deployment on platforms like AWS. It supports extensive compliance frameworks and is free of cost, offering a competitive alternative to premium solutions. LogRhythm UEBA, on the other hand, focuses on using machine learning for analyzing user behavior to detect security threats effectively. Its machine learning capabilities are its standout feature, providing deep insights into end-user activities.

    Room for Improvement: Wazuh needs advancements in accommodating large-scale enterprises, enhancing threat intelligence integrations, and increasing use case libraries for better cloud interaction. LogRhythm UEBA faces criticism for high costs, requiring an enriched library of use cases, and demands better machine learning accuracy and dashboard customization compared to competitors.

    Ease of Deployment and Customer Service: Wazuh benefits from diverse deployment options, including on-premises and cloud, backed by community support and optional paid services. However, its support responsiveness can improve. LogRhythm UEBA is limited to on-premises deployments, often necessitating professional services for integration, which increases complexity and cost.

    Pricing and ROI: Wazuh, being open-source, offers a cost-effective solution for small businesses with investments mostly needed for manpower. While its operation efforts may imply higher TCO, it ultimately provides strong ROI by savings on security tools. LogRhythm UEBA's pricing is more expensive, featuring a yearly subscription but providing flexible modules. However, cloud versions and professional service fees can escalate overall expenses.

    DOWNLOAD THE COMPLETE REPORT
    To learn more, read our detailed Extended Detection and Response (XDR) Report (Updated: July 2025).
    Buyer's Guide
    Extended Detection and Response (XDR)
    July 2025
    Download the complete report
    Helped 865,384 peers since 2012

    Review summaries and opinions

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Categories and Ranking

    LogRhythm UEBA [EOL]
    Average Rating
    7.0
    Reviews Sentiment
    6.7
    Number of Reviews
    11
    Ranking in other categories
    No ranking in other categories
    Wazuh
    Average Rating
    7.4
    Reviews Sentiment
    6.7
    Number of Reviews
    48
    Ranking in other categories
    Log Management (1st), Security Information and Event Management (SIEM) (2nd), Extended Detection and Response (XDR) (5th)
     

    Featured Reviews

    Sheikh Abu Ayub Azad - PeerSpot reviewer
    Great at managing cyber incidents; the technical support could be improved
    The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
    Read full review
    Sandip_Patel - PeerSpot reviewer
    Evaluating robust file monitoring with insights for community support improvements
    Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.
    Read full review

    Quotes from Members

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Pros

    "I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
    "It has a lot of features. It has file integration monitoring."
    "Good capability pinpointing specific cyber incidents."
    "It is easy to monitor users and that is how the solution is adding value to our firm."
    "The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
    "What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
    "The solution's most valuable features are the graphical user interface and the reporting."
    "LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
    More LogRhythm UEBA [EOL] pros
    "The deployment is easy and they provide very good documentation."
    "Wazuh is simple to use for PCI compliance."
    "It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment."
    "The most valuable feature of Wazuh is its EDR capabilities."
    "The configuration assessment and Pile integrity monitoring features are decent."
    "It has efficient SCA capabilities."
    "It is a stable solution."
    "I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."
    More Wazuh pros
     

    Cons

    "What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
    "The search feature needs to be improved."
    "It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
    "The product could be user-friendly for someone who doesn’t have any prior experience working with it."
    "LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
    "The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
    "The cloud version is lacking and not up to par."
    "The UI could be improved a little bit."
    More LogRhythm UEBA [EOL] cons
    "The tool does not provide CTI to monitor darknet."
    "The implementation is very complex."
    "Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
    "I have yet to find the same capability in Wazuh to get logs from different sources into the system"
    "The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
    "Wazuh needs more security and features, particularly visualization features and a health monitor."
    "There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements."
    "When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results."
    More Wazuh cons
     

    Pricing and Cost Advice

    "The pricing is nice when compared to other products in the industry."
    "LogRhythm UEBA's pricing is affordable for small and medium businesses."
    "As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
    "I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
    "Licensing is on a yearly basis. It's not expensive compared to its competitors."
    "It is quite a budget-friendly product."
    "We use the free version of Wazuh."
    "Wazuh is not an expensive solution."
    "It is a cost-effective solution."
    "The product price is neither too high nor too low."
    "The current pricing is open source."
    "When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
    "It is an open-source product."
    "The solution's cost is above the average."
    More Wazuh pricing and cost advice
    report
    See which vendors are best for you
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    See recommendations
    865,384 professionals have used our research since 2012.
     

    Top Industries

    By visitors reading reviews
    Computer Software Company
    13%
    Financial Services Firm
    9%
    Retailer
    9%
    Comms Service Provider
    7%
    Computer Software Company
    15%
    Comms Service Provider
    9%
    University
    8%
    Manufacturing Company
    7%
     

    Company Size

    By reviewers
    Large Enterprise
    Midsize Enterprise
    Small Business
     

    Questions from the Community

    What do you like most about LogRhythm UserXDR?
    The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
    See all answers
    What is your experience regarding pricing and costs for LogRhythm UserXDR?
    I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
    See all answers
    What needs improvement with LogRhythm UserXDR?
    In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
    See all answers
    What do you like most about Wazuh?
    Wazuh is its flexibility and open-source nature, which allows us to tailor threat detection and response across diverse client environments. Its integration capabilities with SOAR, cloud platforms,...
    See all answers
    What needs improvement with Wazuh?
    That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active communit...
    See all answers
    What is your primary use case for Wazuh?
    Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I ...
    See all answers
     

    Comparisons

    Darktrace vs LogRhythm UEBA [EOL] Logo
    Darktrace vs LogRhythm UEBA [EOL]
    Compared 20% of the time
    Cortex XDR by Palo Alto Networks vs LogRhythm UEBA [EOL] Logo
    Cortex XDR by Palo Alto Networks vs LogRhythm UEBA [EOL]
    Compared 12% of the time
    IBM Security QRadar vs LogRhythm UEBA [EOL] Logo
    IBM Security QRadar vs LogRhythm UEBA [EOL]
    Compared 7% of the time
    Microsoft Purview Insider Risk Management vs LogRhythm UEBA [EOL] Logo
    Microsoft Purview Insider Risk Management vs LogRhythm UEBA [EOL]
    Compared 7% of the time
    Trend Vision One vs LogRhythm UEBA [EOL] Logo
    Trend Vision One vs LogRhythm UEBA [EOL]
    Compared 7% of the time
    More LogRhythm UEBA [EOL] Competitors
    Security Onion vs Wazuh Logo
    Security Onion vs Wazuh
    Compared 13% of the time
    Elastic Stack vs Wazuh Logo
    Elastic Stack vs Wazuh
    Compared 12% of the time
    Graylog vs Wazuh Logo
    Graylog vs Wazuh
    Compared 7% of the time
    AlienVault OSSIM vs Wazuh Logo
    AlienVault OSSIM vs Wazuh
    Compared 7% of the time
    Elastic Security vs Wazuh Logo
    Elastic Security vs Wazuh
    Compared 4% of the time
    More Wazuh Competitors
     

    Product Reports

    Buyer's Guide
    User Entity Behavior Analytics (UEBA)
    July 2025
    LogRhythm UEBA [EOL] reportDownload LogRhythm UEBA [EOL] product report
    Buyer's Guide
    Wazuh
    June 2025
    Wazuh reportDownload Wazuh product report
     

    Also Known As

    LogRhythm UserXDR, LogRhythm Enterprise UEBA
    No data available
     

    Overview

    LogRhythm UEBA [EOL] offers advanced threat detection with an intuitive interface, utilizing correlation, behavior analysis, and machine learning to monitor server threats and privileged accounts effectively.

    LogRhythm UEBA [EOL] provides comprehensive user behavior analytics and threat hunting capabilities, making use of customizable dashboards, reporting tools, file and registry monitoring. CloudAI adds depth by identifying unknown activities, enhancing network visibility and cyber risk reduction through constant monitoring. Users in Sri Lanka find it valuable for network stability, while other users leverage it for improved user monitoring and quick attack investigation. Despite its strong features, enhancements in integration, pricing in Asia, and documentation could improve its adoption.

    What are the key features of LogRhythm UEBA [EOL]?
    • Intuitive Graphical Interface: Provides a user-friendly experience tailored to cybersecurity needs.
    • Customizable Dashboards: Offers personalized monitoring views and reporting capabilities.
    • Effective Reporting Tools: Enhances incident analysis and decision-making with detailed insights.
    • Machine Learning: Identifies patterns in user behavior, detecting anomalies efficiently.
    • CloudAI: Detects unknown activities, improving threat identification accuracy.
    What benefits can users expect from LogRhythm UEBA [EOL]?
    • Enhanced Threat Detection: Increases network safety through comprehensive monitoring.
    • Improved Network Visibility: Facilitates better management of cybersecurity resources.
    • Quick Attack Investigation: Reduces time to detect and respond to threats.
    • Cyber Risk Reduction: Employs machine learning to address potential security gaps proactively.

    In the financial sector, LogRhythm UEBA [EOL] is implemented to monitor privileged accounts and identify suspicious transactions swiftly. Healthcare organizations use it to safeguard sensitive patient data through behavior analysis. Manufacturing firms apply it to protect intellectual property and ensure compliance with industry regulations. Across these industries, the adaptability and analytics of LogRhythm UEBA [EOL] offer a strategic approach to cybersecurity management.

    Exabeam

    Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

    It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

    • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
    • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
    • Elastic Stack is where alerts are indexed and stored.

    Wazuh Capabilities

    Some of Wazuh’s most notable capabilities include:

    • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

    • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

    • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

    • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

    • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
    • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

    • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

    • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

    • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

    Wazuh Benefits

    Some of the most valued benefits of Wazuh include:

    • No vendor lock-in
    • No license costs
    • Uses lightweight, multi-platform agents
    • Free community support

    Wazuh Offers

    • Annual support and maintenance
    • Assistance with deployment and configuration
    • Training and instructional hands-on courses

    Reviews From Real Users

    "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

    The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

    Wazuh
    Buyer's Guide
    Extended Detection and Response (XDR)
    July 2025
    Download Free Report
    Find out what your peers are saying about CrowdStrike, Microsoft, SentinelOne and others in Extended Detection and Response (XDR). Updated: July 2025.
    DOWNLOAD NOW
    865,384 professionals have used our research since 2012.
    See our list of best Extended Detection and Response (XDR) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.