Wazuh Reviews

Name: Wazuh
Brand: Wazuh
Rating: 3.7 (46 reviews)

Vendor: Wazuh

3.7 out of 5

46 reviews
79% willing to recommend

138 followers

Start review

What is Wazuh?

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

Get the Wazuh Buyer's Guide and find out what your peers are saying about Wazuh, CrowdStrike Falcon, Microsoft Sentinel and more!

Wazuh is the #1 ranked solution in Log Management Software, #2 ranked solution in top Security Information and Event Management (SIEM) solutions, and #3 ranked solution in XDR Security products. PeerSpot users give Wazuh an average rating of 7.4 out of 10. Wazuh is most commonly compared to CrowdStrike Falcon: Wazuh vs CrowdStrike Falcon. Wazuh is popular among the large enterprise segment, accounting for 47% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.

Helped 849,686 peers since 2012

Featured Wazuh reviews

Sandip_Patel

Student at Dakota State University

Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

Read full review

SyedAli17

Assistant Director at PTA

One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs. Creating executive-level reports can be a bit time-consuming and requires a lot of fine-tuning to meet specific organizational requirements. It would be helpful if Wazuh offered more standardized use cases commonly seen in the industry, reducing the effort needed for customization and fine-tuning. Overall, enhancing reporting features and providing standard use cases would be a valuable improvement for Wazuh.

Read full review

Godwin Edmond

Senior Security Information Analyst at Carbon MFB

The most valuable feature of Wazuh is its EDR capabilities. It operates in a server-agent mode, which allows us to aggregate logs from endpoints and monitor server activities, such as vulnerability scans and compliance checks. Wazuh is open to numerous integrations with third-party tools like forensics tools, adding to its versatility.

Read full review

Wazuh mindshare

Product category:

As of May 2025, the mindshare of Wazuh in the Security Information and Event Management (SIEM) category stands at 13.9%, down from 15.2% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

PeerResearch reports based on Wazuh reviews

Type	Title	Date
Category	Security Information and Event Management (SIEM)	Apr 30, 2025	Download
Product	Reviews, tips, and advice from real users	Apr 30, 2025	Download
Comparison	Wazuh vs Splunk Enterprise Security	Apr 30, 2025	Download
Comparison	Wazuh vs Microsoft Sentinel	Apr 30, 2025	Download
Comparison	Wazuh vs IBM Security QRadar	Apr 30, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	4.7%	96%	126 interviews Add to research
Microsoft Sentinel	4.1	7.2%	93%	92 interviews Add to research

Valuable Features

Wazuh's key features include MITRE ATT&CK correlation, ELK integration, PCI DSS compliance, cloud-native infrastructure, SIEM capabilities, and robust monitoring tools. It is open-source, integrates well with various environments, and supports real-time file integrity monitoring. Its vulnerability assessment, compliance management, and scalability are highly valued. Wazuh provides flexible dashboards, comprehensive logging, endpoint monitoring, and active response. Additionally, it offers extensive documentation and community support, allowing seamless integration with third-party tools.

"I would recommend Wazuh to others."
"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."
"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."

Room for Improvement

Wazuh’s interface is less user-friendly compared to other platforms, with complex configuration and alert setup. Scalability is limited, especially in larger enterprises. It lacks built-in threat intelligence and advanced AI features. Integration with third-party and cloud applications requires enhancements. Real-time monitoring for Unix systems is inadequate. Deployment is complex, and reporting lacks standard templates for executive use. Improved threat detection and more comprehensive security features are necessary improvements needed in Wazuh.

"There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements."
"An issue I noticed is with tag values in certain rules not functioning properly."
"An issue I noticed is with tag values in certain rules not functioning properly."

ROI

Teams experience significant ROI from Wazuh through reduced detection time from three months to an hour and response time from thirty days to two days. Investing in personnel is crucial, though it saves on licensing. Wazuh shows high ROI potential for small to medium businesses when compared to other market options, offering more cost-effective choices without compromising security.

Pricing

Wazuh is an open-source solution, making it an attractive option for budget-conscious organizations. There are no licensing fees, but support costs may apply. Users often only incur expenses related to infrastructure, elasticsearch, and log storage, typically around $3,000 monthly. Managed cloud hosting, like Wazuh Cloud, entails additional fees. Users find Wazuh's pricing competitive, citing lower costs compared to alternatives. Community editions allow many to use Wazuh without incurring direct software costs.

"The product price is neither too high nor too low."
"Wazuh is an open-source tool."
"Wazuh is a cheaply priced product."

Popular Use Cases

Organizations primarily use Wazuh for log management, security monitoring, and compliance. It serves as a centralized platform for aggregating and correlating logs against frameworks like MITRE ATT&CK and ensures compliance with various standards. Wazuh is deployed for endpoint detection, incident management, anomaly detection, and vulnerability scanning. Its customizable and open-source nature makes it ideal for cost-effective security information and event management across diverse sectors such as finance, healthcare, and telecommunications.

Service and Support

Wazuh's customer service ranges from excellent to needing improvement. Paid support is rated highly, whereas the community offers a robust platform for free users. Many rely on documentation, forums, and community channels like Slack. While some find support responsive, others report delays, especially due to time zone differences. Technical support for licensed products is considered decent, but response times could be faster. Open-source users primarily use forums and community resources for assistance.

Deployment

Wazuh's initial setup experiences vary. Some find it straightforward, highlighting ease and good documentation, while others note it can be complex, especially during integrations or larger deployments. Installation time ranges from minutes to months, often depending on customization and environment specifics. Maintenance and expertise levels influence the setup process's perceived difficulty. Wazuh is praised for its flexibility, accommodating both cloud and on-premise installations, yet some challenges, such as certificate issues, arise during certain configurations.

Scalability

Wazuh is considered scalable, with room for improvement. Users find it adaptable for various deployment configurations, managing multiple endpoints effectively. Some note that technical expertise is needed for setup. While scalable in different environments, it may face challenges with extensive data. Users see potential in its scalability for small to medium enterprises, but it might not fully meet enterprise-scale needs. Several emphasize ease in expanding infrastructure to support additional usage.

Stability

Wazuh receives mixed opinions regarding stability. Many users find it stable, especially with proper maintenance, rating it between six and nine out of ten. Some still encounter occasional glitches and require frequent updates. Rapid feature introduction may lead to temporary instability. Users note that stability can improve with careful configuration and maintenance. Mid-level customers find Wazuh suitable, though it faces challenges with high data volumes or improper setup. Experienced occasional issues stem from configuration errors rather than Wazuh itself.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Wazuh Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

16%

Comms Service Provider

University

Government

Manufacturing Company

Educational Organization

Financial Services Firm

Retailer

Healthcare Company

Media Company

Construction Company

Hospitality Company

Insurance Company

Real Estate/Law Firm

Non Profit

Energy/Utilities Company

Outsourcing Company

Legal Firm

Wholesaler/Distributor

Transportation Company

Performing Arts

Recreational Facilities/Services Company

Consumer Goods Company

Aerospace/Defense Firm

Pharma/Biotech Company

Compare Wazuh with alternative products

Learn more about Wazuh

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
Wazuh manages the agents, can analyze agent data, and can scale horizontally.
Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.
Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.
Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.
Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.
Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.
Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.
Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

No vendor lock-in
No license costs
Uses lightweight, multi-platform agents
Free community support

Wazuh Offers

Annual support and maintenance
Assistance with deployment and configuration
Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

“The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm