Compare Wazhu with proprietary SIEM Solution
438 views
Skip to first unread message
Muhammad Samiul Haq
Aug 8, 2023, 3:14:17 AM8/8/23
to wa...@googlegroups.com
Dear Members,
Some proprietary SIEM vendors claims that wazhu can fulfill compliance requirements , however the capabilities of wazhu is not comparable with QRadar and Logrithm etc. Have any body practically used both system and wat is their opinion on it.
Regards,
sami.
Benjamin Nworah
Aug 8, 2023, 4:48:10 AM8/8/23
to Wazuh mailing list
Dear Muhammad,
Thank you for using Wazuh!
Wazuh has some key advantages over some commercial SIEM Products like the ones you mentioned. I will compare Wazuh with QRadar since I have used QRadar SIEM.
Thank you for using Wazuh!
Wazuh has some key advantages over some commercial SIEM Products like the ones you mentioned. I will compare Wazuh with QRadar since I have used QRadar SIEM.
Wazuh has the following benefits over QRadar SIEM.
1. Wazuh has a single agent to support all operating systems like Windows , Linux and macOS, where as QRadar has an agent called WinCollect to collect Windows logs. To collect Linux logs, QRadar relies on syslog protocol (Wazuh also support syslog protocol).
2. Wazuh agent is not just a SIEM, but an XDR platform. Wazuh has the active response module to respond to security incidents. You will need QRadar SOAR (Resilient) platform integrated with QRadar SIEM to respond to security incidents. This add more cost to your security budget.
3- Another thing is cost, Wazuh is a free solution with nice capabilities to protect, detect, and respond to different security threats. The cost of acquiring QRadar SIEM or any other commercial SIEM is very high.
1. Wazuh has a single agent to support all operating systems like Windows , Linux and macOS, where as QRadar has an agent called WinCollect to collect Windows logs. To collect Linux logs, QRadar relies on syslog protocol (Wazuh also support syslog protocol).
2. Wazuh agent is not just a SIEM, but an XDR platform. Wazuh has the active response module to respond to security incidents. You will need QRadar SOAR (Resilient) platform integrated with QRadar SIEM to respond to security incidents. This add more cost to your security budget.
3- Another thing is cost, Wazuh is a free solution with nice capabilities to protect, detect, and respond to different security threats. The cost of acquiring QRadar SIEM or any other commercial SIEM is very high.
4. Wazuh is more flexible compared to QRadar SIEM in terms of extending its threat detection and response by creating custom decoders and rules.
Regarding your first questions, Wazuh can help organizations meet regulatory requirements like TSC, PCIDSS, CIS, NIST, and many more.
Please let me know if this helps.
Regards,
Regarding your first questions, Wazuh can help organizations meet regulatory requirements like TSC, PCIDSS, CIS, NIST, and many more.
Please let me know if this helps.
Regards,
Muhammad Samiul Haq
Aug 14, 2023, 6:19:22 AM8/14/23
to Benjamin Nworah, Wazuh mailing list
Thanks Benjamin,
Its mean we can use wazhu in place of qradar, nothing is special with respect to SIEM in qradar which is not covered by wazhu?
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/09433918-e7d8-4b8b-8a66-472bff69c649n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages