Benchmark

Open-source SIEM benchmark

A vendor-neutral comparison of open-source SIEM tools for teams that need detection and log management without an enterprise licence. We score each free SIEM against the monitoring and incident-reporting controls NIS2 expects.

What we compare

Open-source SIEM software, side by side

Comparison subjects

The benchmark evaluates widely used open-source SIEM tools including Wazuh (Wazuh SIEM), Graylog, OSSIM, Security Onion and the ELK stack (ELK SIEM). Where teams weigh a Wazuh vs Splunk decision, we cover where open source is enough and where it is not.

Log collection and management

How each platform handles open source log management: ingestion, parsing, retention and search across your estate.

Detection and correlation

Rule quality, threat detection content and how quickly a free SIEM surfaces the events that matter.

Scale and operations

Deployment effort, resource footprint and day-two operations โ€” the real cost of running SIEM software open source.

Why a SIEM matters for compliance

NIS2 incident reporting

A capable SIEM is how you detect and evidence the incidents NIS2 requires you to report within its tight timelines.

Continuous monitoring

Free SIEM tooling gives smaller teams the continuous monitoring that risk-management obligations assume.

Related reading

Pair this with the regulation

Read the critical infrastructure protection and vulnerability management pillar guides for the regulatory context behind this benchmark.

Critical infrastructure protection

See how detection and incident reporting fit the wider obligations for essential entities.

Vulnerability management

A SIEM watches; vulnerability management reduces the surface it has to watch.

See which open-source SIEM fits your team.

Request the full comparison report and subscribe for version updates.