Try our new research platform with insights from 80,000+ expert users
Wazuh Logo

Wazuh pros and cons

Vendor: Wazuh
3.7 out of 5
Badge Ranked 1
138 followers
Start review

Pros & Cons summary

Wazuh integrates easily but requires enhancements in detection, scalability, and cloud support. Its robust ELK investigation and cost-effective implementation are notable, yet it lacks threat intelligence feeds and AI capabilities. Wazuh's compliance management excels with PCI DSS and GDPR standards, although regional support is missing. Essential features include syscheck and vulnerability resolution, but integration options need expansion. Despite its open-source nature, Wazuh's on-premises scalability and feature set require further development for competitive edge.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

MITRE ATT&CK correlation and easy integration make Wazuh valuable for combining with other environments, cloud applications, and on-premises applications.
Wazuh offers strong features like ELK for investigations, vulnerability scanning, host-based intrusion detection, and file integrity monitoring, integrating seamlessly with AWS cloud-native services.
Its open-source nature allows for cost-effective, customizable security solutions that include compliance with PCI DSS and GDPR standards and efficient SCA capabilities.
Valuable features include scalability on platforms like Azure and built-in capabilities for malware detection, inventory management, and vulnerability management, bolstered by machine learning data handling.
The platform provides comprehensive compliance management and is recognized for its enhanced HDR version, built-in rules, and ability to define custom rules for detecting malicious activities.

CONS

Wazuh struggles with real-time monitoring, especially for Unix systems, and lacks a comprehensive threat intelligence integration, requiring users to seek out external intelligence for incident handling.
Wazuh's configuration and deployment processes are notably complex, proving to be time-consuming and challenging for integration, requiring significant manual setup and expertise.
Scalability is a recurring issue with Wazuh, particularly with the on-premise version, constraining its ability to manage a high volume of logs effectively and efficiently.
Technical support from Wazuh is often not optimal, with slow response times and insufficient assistance, which places a burden on users to conduct extensive independent research for effective implementation.
Wazuh lacks some critical features such as native support for enterprise solutions, comprehensive reporting mechanisms, and AI capabilities, which are essential for enhancing its functionality and meeting enterprise demands.
 

Wazuh Pros review quotes

MB
Dec 16, 2024
Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors.
Read full review
reviewer2301372 - PeerSpot reviewer
Feb 9, 2024
One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability.
Read full review
Vikrant Puranik - PeerSpot reviewer
Aug 1, 2022
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.
Read full review
Buyer's Guide
Wazuh
April 2025
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
AKASH MAJUMDER - PeerSpot reviewer
Mar 20, 2023
Wazuh offers an enhanced HDR version that outperforms its competitors.
Read full review
Wajih Ul Hasan - PeerSpot reviewer
May 11, 2022
I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems.
Read full review
NH
Jul 11, 2024
The solution is easy to maintain.
Read full review
PrzemekAndula - PeerSpot reviewer
Feb 7, 2024
The product is easy to customize.
Read full review
Robert Cheruiyot - PeerSpot reviewer
Oct 28, 2021
It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.
Read full review
MS
Jul 10, 2024
The product's initial setup phase was easy.
Read full review
Sulabh Khanal - PeerSpot reviewer
Nov 7, 2022
The deployment is easy and they provide very good documentation.
Read full review
Show 10 more reviews (out of 46)
 

Wazuh Cons review quotes

MB
Dec 16, 2024
The only challenge we faced with Wazuh was the lack of direct support.
Read full review
reviewer2301372 - PeerSpot reviewer
Feb 9, 2024
They could include flexibility and customization capabilities by modifying for customers based on partner agreements.
Read full review
Vikrant Puranik - PeerSpot reviewer
Aug 1, 2022
Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage.
Read full review
Buyer's Guide
Wazuh
April 2025
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
DOWNLOAD NOW
849,686 professionals have used our research since 2012.
AKASH MAJUMDER - PeerSpot reviewer
Mar 20, 2023
While it is scalable, it can suffer from reduced latencies.
Read full review
Wajih Ul Hasan - PeerSpot reviewer
May 11, 2022
Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions.
Read full review
NH
Jul 11, 2024
The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.
Read full review
PrzemekAndula - PeerSpot reviewer
Feb 7, 2024
The tool does not provide CTI to monitor darknet.
Read full review
Robert Cheruiyot - PeerSpot reviewer
Oct 28, 2021
Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh.
Read full review
MS
Jul 10, 2024
Wazuh currently fails to provide its users with AI and ML.
Read full review
Sulabh Khanal - PeerSpot reviewer
Nov 7, 2022
We would like to see more improvements on the cloud.
Read full review
Show 10 more reviews (out of 46)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
LogRhythm SIEM vs Wazuh Logo
LogRhythm SIEM vs Wazuh
Rapid7 InsightIDR vs Wazuh Logo
Rapid7 InsightIDR vs Wazuh
Cynet vs Wazuh Logo
Cynet vs Wazuh
Fortinet FortiSIEM vs Wazuh Logo
Fortinet FortiSIEM vs Wazuh
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Sumo Logic Security vs Wazuh Logo
Sumo Logic Security vs Wazuh
Securonix Next-Gen SIEM vs Wazuh Logo
Securonix Next-Gen SIEM vs Wazuh
Google Chronicle Suite vs Wazuh Logo
Google Chronicle Suite vs Wazuh
Exabeam vs Wazuh Logo
Exabeam vs Wazuh
ManageEngine Log360 vs Wazuh Logo
ManageEngine Log360 vs Wazuh
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
LogRhythm SIEM vs Wazuh Logo
LogRhythm SIEM vs Wazuh
Rapid7 InsightIDR vs Wazuh Logo
Rapid7 InsightIDR vs Wazuh
Cynet vs Wazuh Logo
Cynet vs Wazuh
Fortinet FortiSIEM vs Wazuh Logo
Fortinet FortiSIEM vs Wazuh
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Sumo Logic Security vs Wazuh Logo
Sumo Logic Security vs Wazuh
Securonix Next-Gen SIEM vs Wazuh Logo
Securonix Next-Gen SIEM vs Wazuh
Google Chronicle Suite vs Wazuh Logo
Google Chronicle Suite vs Wazuh
Exabeam vs Wazuh Logo
Exabeam vs Wazuh
ManageEngine Log360 vs Wazuh Logo
ManageEngine Log360 vs Wazuh
See all alternatives
Related questions
  • 523
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 285
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 60
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 141
What are the main differences between Nessus and Arcsight?
  • 6
What's The Best Way to Trial SIEM Solutions?
  • 207
Which is the best SIEM solution for a government organization?
  • 1,169
What is the difference between IT event correlation and aggregation?
  • 165
What Is SIEM Used For?
  • 26
RSA-EMC vs. other SIEM products?
  • 512
What Questions Should I Ask Before Buying SIEM?