Try our new research platform with insights from 80,000+ expert users
Wazuh Logo

Wazuh pros and cons

Vendor: Wazuh
3.7 out of 5
Badge Ranked 1
Leave a review

Pros & Cons summary

Wazuh excels in integration with cloud and on-premises systems, offering free features akin to premium solutions. Its compliant security features cover PCI DSS and GDPR standards, enhancing its appeal. Easy deployment and built-in modules support varied security needs, yet it lacks effective event source coverage compared to Splunk. Future releases should improve enterprise readiness, real-time threat intelligence, automation, and scalability in log management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Wazuh is highly valued for its integration capabilities with both cloud and on-premises environments, particularly for its seamless interaction with AWS cloud-native services.
The cost-effectiveness of Wazuh, being free with features similar to premium market solutions, is a significant advantage for many users.
Wazuh's comprehensive compliance management features fully comply with PCI DSS and GDPR standards, making it supportive in various regions.
Wazuh's extensive security features include file integrity monitoring, vulnerability scanning, host-based intrusion detection, and custom rules for detecting malicious activities.
Wazuh supports easy deployment with robust documentation and a wide range of built-in modules for various security needs.

CONS

Wazuh struggles with covering sources of events as effectively as Splunk.
The next release should target large enterprises, as they often avoid open source offerings, and Wazuh needs more robust features suited for such clients.
Threat intelligence is a significant oversight, needing in-built integration for real-time alerts and feedback in security incidents.
Scalability presents a challenge, particularly with log volume management in its on-prem version and distributed architecture utilizing Elastic DB.
Wazuh has limitations in automation for incident responses and needs enhancements in log data analysis for better detection and security.
 

Wazuh Pros review quotes

reviewer1593909 - PeerSpot reviewer
reviewer1593909
Chief Information Security Officer at a financial services firm with 501-1,000 employees
Jun 4, 2021
The MITRE ATT&CK correlation is most valuable.
Read full review
Robert Cheruiyot - PeerSpot reviewer
Robert Cheruiyot
IT Security Consultant at Microlan Kenya Limited
Oct 28, 2021
It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.
Read full review
reviewer1785186 - PeerSpot reviewer
reviewer1785186
CBO at a security firm with 11-50 employees
Feb 17, 2022
The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.
Read full review
Buyer's Guide
Wazuh
December 2025
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
880,490 professionals have used our research since 2012.
reviewer1804125 - PeerSpot reviewer
reviewer1804125
Tech Lead Security at a comms service provider with 51-200 employees
Mar 16, 2022
The most valuable feature of Wazuh is the ELK for doing an investigation.
Read full review
GS
GaryStarling
Vice President Information Technology and Security at a comms service provider with 201-500 employees
Apr 8, 2022
My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance.
Read full review
Shaamil Ashraff - PeerSpot reviewer
Shaamil Ashraff
Architect - Database Administration at Mitra Innovation
Jul 4, 2022
I like that the solution is on top of the Kubernetes stack.
Read full review
Wajih Ul Hasan - PeerSpot reviewer
Wajih Ul Hasan
Cyber Security Engineer at Digit Labs
May 11, 2022
I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems.
Read full review
Dr. Sushan Banerjee - PeerSpot reviewer
Dr. Sushan Banerjee
GISO - Global Information Security Officer at Beyon Connect
Jul 10, 2022
I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform.
Read full review
Vikrant Puranik - PeerSpot reviewer
Vikrant Puranik
Manager Cloud Security Operations at TraceLink, Inc.
Aug 1, 2022
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.
Read full review
Maikel Richard Villar Rodriguez - PeerSpot reviewer
Maikel Richard Villar Rodriguez
Cybersecurity supervisior at Optical Network
Sep 17, 2022
Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.
Read full review
Show 10 more reviews (out of 49)
 

Wazuh Cons review quotes

reviewer1593909 - PeerSpot reviewer
reviewer1593909
Chief Information Security Officer at a financial services firm with 501-1,000 employees
Jun 4, 2021
Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.
Read full review
Robert Cheruiyot - PeerSpot reviewer
Robert Cheruiyot
IT Security Consultant at Microlan Kenya Limited
Oct 28, 2021
Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh.
Read full review
reviewer1785186 - PeerSpot reviewer
reviewer1785186
CBO at a security firm with 11-50 employees
Feb 17, 2022
I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions.
Read full review
Buyer's Guide
Wazuh
December 2025
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
880,490 professionals have used our research since 2012.
reviewer1804125 - PeerSpot reviewer
reviewer1804125
Tech Lead Security at a comms service provider with 51-200 employees
Mar 16, 2022
Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions.
Read full review
GS
GaryStarling
Vice President Information Technology and Security at a comms service provider with 201-500 employees
Apr 8, 2022
There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded.
Read full review
Shaamil Ashraff - PeerSpot reviewer
Shaamil Ashraff
Architect - Database Administration at Mitra Innovation
Jul 4, 2022
The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way.
Read full review
Wajih Ul Hasan - PeerSpot reviewer
Wajih Ul Hasan
Cyber Security Engineer at Digit Labs
May 11, 2022
Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions.
Read full review
Dr. Sushan Banerjee - PeerSpot reviewer
Dr. Sushan Banerjee
GISO - Global Information Security Officer at Beyon Connect
Jul 10, 2022
It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism.
Read full review
Vikrant Puranik - PeerSpot reviewer
Vikrant Puranik
Manager Cloud Security Operations at TraceLink, Inc.
Aug 1, 2022
Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage.
Read full review
Maikel Richard Villar Rodriguez - PeerSpot reviewer
Maikel Richard Villar Rodriguez
Cybersecurity supervisior at Optical Network
Sep 17, 2022
Wazuh needs more security and features, particularly visualization features and a health monitor.
Read full review
Show 10 more reviews (out of 49)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
SentinelOne Singularity Complete vs Wazuh Logo
SentinelOne Singularity Complete vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
Cribl vs Wazuh Logo
Cribl vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Elastic Observability vs Wazuh Logo
Elastic Observability vs Wazuh
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
SentinelOne Singularity Complete vs Wazuh Logo
SentinelOne Singularity Complete vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
Cribl vs Wazuh Logo
Cribl vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Elastic Observability vs Wazuh Logo
Elastic Observability vs Wazuh
See all alternatives
Related questions
  • 440
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 134
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 80
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 84
What are the main differences between Nessus and Arcsight?
  • 63
What's The Best Way to Trial SIEM Solutions?
  • 117
Which is the best SIEM solution for a government organization?
  • 557
What is the difference between IT event correlation and aggregation?
  • 66
What Is SIEM Used For?
  • 50
RSA-EMC vs. other SIEM products?
  • 251
What Questions Should I Ask Before Buying SIEM?