1
Compared two SIEM tools side by side for 3 months, one was clearly better at catching false positives
I ran Splunk and Wazuh in parallel on the same network for a quarter. Splunk caught a lot more alerts but half of them were noise from a misconfigured Jenkins server. Wazuh missed a few real things but its rules were way easier to tune without breaking things. I ended up keeping Wazuh because I spent less time chasing ghosts and more time on actual threats. Has anyone else noticed a similar trade off between enterprise and open source SIEMs?
2 comments