Wazuh OverviewUNIXBusinessApplication

Wazuh is the #8 ranked solution in Log Management Software. PeerSpot users give Wazuh an average rating of 7.2 out of 10. Wazuh is most commonly compared to Elastic Security: Wazuh vs Elastic Security. Wazuh is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Wazuh Buyer's Guide

Download the Wazuh Buyer's Guide including reviews and more. Updated: May 2023

What is Wazuh?

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

Wazuh Video

Wazuh Pricing Advice

What users are saying about Wazuh pricing:
  • "Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
  • "Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
  • Wazuh Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Vikrant Puranik - PeerSpot reviewer
    Manager Cloud Security Operations at TraceLink, Inc.
    Real User
    Top 10
    It integrates seamlessly with AWS cloud-native services
    Pros and Cons
    • "Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
    • "Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."

    What is our primary use case?

    Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution.

    The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution. 

    What is most valuable?

    Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. 

    What needs improvement?

    Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.

    I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed Kubernetes solutions. 

    For how long have I used the solution?

    We've used Wazuh for two years.

    Buyer's Guide
    Wazuh
    May 2023
    Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    709,643 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source solution. You pay for a licensed product or you deal with minor problems in open source. 

    What do I think about the scalability of the solution?

    Wazuh's scalability has room for improvement.

    How are customer service and support?

    We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of the answers you need in the community groups or forums. I rate Wazuh support eight out of 10. 

    Which solution did I use previously and why did I switch?

    I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a commercial product or rely on our skills to deploy an open-source solution. 

    The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.

    How was the initial setup?

    I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment, the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.

    What about the implementation team?

    Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the documentation is excellent, and they have good community support as well.

    What's my experience with pricing, setup cost, and licensing?

    Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend anything except for resources. 

    What other advice do I have?

    I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment.

    If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    AKASH MAJUMDER - PeerSpot reviewer
    SOC Analyst at Ovelosec
    Real User
    Top 10
    Open-source platform with custom alerting
    Pros and Cons
    • "Wazuh offers an enhanced HDR version that outperforms its competitors."
    • "While it is scalable, it can suffer from reduced latencies."

    What is our primary use case?

    Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.

    How has it helped my organization?

    In our company, around 200-300 people are using Wazuh. Most of them are regular employees, such as HR and IT personnel. Additionally, there are some stock traders who also use the solution.

    What is most valuable?

    There are three key strengths of Wazuh that stand out to me. 

    Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.

    Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.

    Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

    What needs improvement?

    One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies.

    In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.

    For how long have I used the solution?

    As a stock analyst, I have been using Wazuh as my preferred solution for the past three and a half years, and I am currently using the latest version available.

    What do I think about the stability of the solution?

    I would rate the stability of Wazuh a six out of ten. At times, there have been issues with bugs in the configuration, which can lead to unexpected use cases.

    What do I think about the scalability of the solution?

    I would rate the scalability of Wazuh a seven out of ten because it cannot perform deep data analysis.

    How are customer service and support?

    A few years back, when I deployed Wazuh for the first time, there was no cloud model available, so they didn't offer support for on-premises deployments. However, with the cloud model now in place, the support is much better. That being said, the customer service and support still require improvement.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    I found it to be more straightforward compared to other products like Splunk and Scalyr.

    You can get started within five minutes.

    What about the implementation team?

    Deploying Wazuh can be done by one person, but for proper configuration within a specific use case, it is recommended to have at least three to four experienced individuals involved in the deployment process.

    What was our ROI?

    I have a level three analyst on my team, and as a stock analyst, I am aware that they also offer an MSP program that provides partnership offerings and other related services. However, I am not very familiar with it.

    What's my experience with pricing, setup cost, and licensing?

    Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price would be around $23 to $24.

    Compared to its competitors like ELK Stack and other similar products, Wazuh offers a reasonable price point, with many of its competitors priced higher.

    Which other solutions did I evaluate?

    I have used Splunk.

    What other advice do I have?

    Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender.

    In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Wazuh
    May 2023
    Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
    709,643 professionals have used our research since 2012.
    Wajih Ul Hasan - PeerSpot reviewer
    Cyber Security Engineer at Digit Labs
    Real User
    Top 10
    Features enable you to monitor the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems
    Pros and Cons
    • "I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
    • "Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."

    What is our primary use case?

    I use Wazuh as an open-source solution for SIEM and file integrity monitoring. I have conducted a few POCs in the bank sectors, as well as demos specifically regarding SIEM. 

    In Pakistan, we have a state bank that controls the regularities. The banking sector wants to save money and is only interested in compliance. Our company helps them with this. Wazuh is used for file integrity monitoring on Unix, Linux, and Windows systems.

    Wazuh is available on the cloud, however,  it depends on the customer. I work with the financial sector, which does not want its data to be on a public or private cloud.

    What is most valuable?

    I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems. 

    There are three other features I find valuable. First, Wazuh helped me harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS compliance as it gives a very clear view regarding the benchmark of the PCI DSS. Last, Wazuh is most famous for the SIEM. The solution gives integrity monitoring for the specific file and updates on the real-time monitoring if the hashes change.

    What needs improvement?

    Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions. 

    We found a workaround by reducing the frequency, so it would give us some sort of real-time monitoring.

    For how long have I used the solution?

    I have been using Wazuh for four months. 

    What do I think about the stability of the solution?

    Wazuh is stable, however, at the start, I did face many difficulties managing the solution. We have a private lab in our office and the server is turned down each day. At the start of the next day, I would face an issue with our Elasticsearch not completely being loaded and the Kibana not loaded.

    What do I think about the scalability of the solution?

    The solution is quite scalable. 

    How was the initial setup?

    The initial setup of Wazuh is straightforward. I was able to implement this by following the documentation. I downloaded the CentOS OS appliance, which takes a few minutes, and then another ten to twenty minutes to upload and give it the IP address and network. It takes only one integrator like me to deploy everything.

    What about the implementation team?

    Implementation of Wazuh depends on the organization, specifically, if the organization is on Azure Active Directory, or if it's just a normal Active Directory. 

    When I implement the solution, I will never go on the agent-based implementation, I will do centralized implementation which is provided by Wazuh. Using the create agent part, I have a power shell script for Windows or a different script for either Linux or Unix. 

    I give the script to the administrator and request them to push it directly on the systems, so within a few seconds I can see on the Wazuh dashboards that the agents are active. This allows me to manage them through centralized groups. It would not be recommended to push every script and change every file on the final device.

    What's my experience with pricing, setup cost, and licensing?

    Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year.

    What other advice do I have?

    My advice to someone considering Wazuh would depend on if they are using the open-source solution or not. If they are using open-source, I recommend that they purchase the support from Wazuh. Be prepared to be patient and wait for the services to be completely up. Once it is up, you are free to use it.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Customer but also integrator
    PeerSpot user
    Robert Cheruiyot - PeerSpot reviewer
    IT Security Consultant at Microlan Kenya Limited
    Real User
    Top 5Leaderboard
    Good integration with other platforms but not easily scalable and lacks threat intelligence
    Pros and Cons
    • "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
    • "Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."

    What is most valuable?

    It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.

    What needs improvement?

    Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.

    For how long have I used the solution?

    I only started working with Wazuh recently. 

    What do I think about the stability of the solution?

    It seems like they're constantly updating Wazuh, and it causes some instability. So you get a lot of updates after a short while, and there are so many things that Wazuh is trying to implement. When I see these rapid changes, it means the Wazuh team is trying to implement some of the things that are not yet implemented. So when you implement new features, you only have to understand that it's not covering many sources of events. That's where I would say stability becomes an issue.

    What do I think about the scalability of the solution?

    Wazuh is not easily scalable. You have to consider the sources of events and maybe the amount of traffic. I think it's still a solution that's not easily adaptable to a massive amount of information.

    How are customer service and support?

    Our current clients are happy with Wazuh support. One client upgraded from the basic open-source package to a support subscription, so I haven't heard any complaints from that person since.

    How was the initial setup?

    Wazuh is a straightforward platform to set it up in a new environment. I wouldn't say it's complex. Another platform I used had a lot of licenses that were a pain to implement. Of course, after I implemented these licenses, it was very nice to work with. But Wazuh and Splunk are effortless to deploy.

    What's my experience with pricing, setup cost, and licensing?

    Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.

    What other advice do I have?

    I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. 

    If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Sulabh Khanal - PeerSpot reviewer
    Head of DevSecOps at Vairav Technology
    Real User
    Good vulnerability assessment and scoring with helpful support
    Pros and Cons
    • "The deployment is easy and they provide very good documentation."
    • "We would like to see more improvements on the cloud."

    What is our primary use case?

    We're using it in our company as well as our customer's companies. 

    It is usually used for SIM and log collection and licenses.

    What is most valuable?

    The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

    It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

    It is stable. 

    The deployment is easy, and they provide very good documentation.

    It can scale well.

    Technical support is quite helpful.

    What needs improvement?

    We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

    The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

    For how long have I used the solution?

    We've been using the solution for around one year.

    What do I think about the stability of the solution?

    The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

    What do I think about the scalability of the solution?

    As far as I can see, it is scalable. 

    We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

    Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

    How are customer service and support?

    Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

    Which solution did I use previously and why did I switch?

    We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

    How was the initial setup?

    It is very easy to deploy and works well with different types of operating systems. 

    They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

    The overall agent installation and the server installation took maybe half an hour.

    What's my experience with pricing, setup cost, and licensing?

    We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

    What other advice do I have?

    We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

    My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

    According to the use case scenario we have, I would rate it an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    AliAhangari - PeerSpot reviewer
    Founder and CTO at Soorin
    Real User
    A total, open-source solution but the initial setup can be a bit complex
    Pros and Cons
    • "It's stable."
    • "The deployment is a bit complex."

    What is our primary use case?

    We primarily use the solution as a cybersecurity monitoring solution. It has a powerful endpoint agent and can work as an EDR for endpoint detection and response. 

    We gather information about the company and identify data sources. We develop a use case around them and have a specified case output. For example, if we want to do hard test or service scans, we gather some event logs from the firewalls, et cetera, and develop some logic. The logic will help us detect anomalies during hard scans. We use Wazuh for log extraction and logic application. It is a general framework. 

    What is most valuable?

    We like the fact that it is open-source and free to use. 

    It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

    It's stable.

    The solution can scale. 

    What needs improvement?

    My understanding is the latest version, eight, can't support the latest version of Elasticsearch.

    The older versions do not support EQ query syntax. There need to be more languages on offer. 

    They need to improve collation detection.

    The deployment is a bit complex. 

    What do I think about the stability of the solution?

    The performance is very good. It's reliable. It's better than Splunk. I'd rate the stability eight out of ten. 

    What do I think about the scalability of the solution?

    The solution is scalable. I'd rate the ability to scale nine out of ten.

    We have 13 people using the solution, and we provide some services to different companies. We work as an MSP.

    How are customer service and support?

    I can't speak to support. We have some limitations when it comes to receiving support. We cannot directly contact the company as we are in Iran. 

    Which solution did I use previously and why did I switch?

    I am also familiar with Splunk. I find this product to offer better performance. Splunk is also a commercial solution. It is not open-source.

    How was the initial setup?

    The solution offers a complex deployment. We wanted to divide it up and set different modules on different machines. That made it a bit more difficult. 

    I'd rate the ease of setup sic out of ten. While for smaller setups, the situation may be more straightforward, for larger enterprise-level setups, it can get complex. 

    The deployment happens across many phases. There's the identification of scope, assets, and communication. Then, you need to deploy to a basic cluster. After that, you need to collect logs from various areas of the organization. Then, there's the normalization and parsing of event logs and verification processes. 

    We managed a deployment with three people. However, a higher-level installation would likely need more people. We only need two or three people to handle maintenance for 24/7 coverage. If we drop that to work hours only, we need one or two people to cover maintenance. 

    What's my experience with pricing, setup cost, and licensing?

    The solution is open-source. We do not have to pay for a license. 

    What other advice do I have?

    I'm an end-user.

    We are not using the latest version of the solution as it may not be compatible with Elasticsearch. We use version seven. 

    I'd highly recommend the solution to others. I'd rate it seven out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    SHEERAZ AHMED - PeerSpot reviewer
    Managing Director at SharpTel
    Real User
    Top 10
    Great reporting features that allow us to complete forensic tasks and track attacks
    Pros and Cons
    • "Wazuh has very flexible and robust features."
    • "The computing resources are consuming and do not make sense."

    What is our primary use case?

    It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.

    What is most valuable?

    The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.

    What needs improvement?

    The computing resources are consuming and do not make sense. It should be lighter in terms of memory, CPU, and computing. There is a direct need for improvisation for any user, and it should be lighter than the current version. In the next release, they should include secure mobile app integration.

    For how long have I used the solution?

    We have been using this solution for almost three months. It is deployed on-premises by our vendor.

    What do I think about the stability of the solution?

    It is a stable solution, and the performance is good.

    What do I think about the scalability of the solution?

    It is scalable and does not require adding further devices. The number of devices that we already have are listed there. The basic use case is the compliance factor, and there's no additional need. However, if we start doing more extensive logging, we might need Splunk because Wazuh has some limitations in consuming heavier resources. Splunk is the best for large data computing and big data.

    How are customer service and support?

    The vendor provides support, but we haven't approached them for support yet.

    How was the initial setup?

    We hired a third-party company for the setup, and they took considerable time to complete it. They were not experts, and it took them about a week. It should have taken only about three days. I rate the setup an eight out of ten. After setup, it does not require any additional maintenance.

    What's my experience with pricing, setup cost, and licensing?

    We paid a lump sum as managed services, so the operator charges an amount for a year using a complete compliance system. The complete compliance system is just one component, so we are not being charged separately for the suite. This means we have the luxury of using it as a combo deal.

    What other advice do I have?

    I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Principal Architect at Calsoft
    Real User
    Top 5
    The pile integrity monitoring features are solid, but log analysis could be improved.
    Pros and Cons
    • "The configuration assessment and Pile integrity monitoring features are decent."
    • "Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."

    What is our primary use case?

    Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

    Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

    What is most valuable?

    The configuration assessment and pile integrity monitoring features are decent.

    What needs improvement?

    Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

    Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

    For how long have I used the solution?

    We implemented Wazuh in 2019.

    What do I think about the stability of the solution?

    I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

    What do I think about the scalability of the solution?

    I rate Wazuh eight out of 10 for scalability.

    How are customer service and support?

    We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

    How was the initial setup?

    Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

    What about the implementation team?

    We deployed Wazuh. 

    What's my experience with pricing, setup cost, and licensing?

    Wazuh is a free solution. 

    Which other solutions did I evaluate?

    We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

    What other advice do I have?

    I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Wazuh Report and get advice and tips from experienced pros sharing their opinions.
    Updated: May 2023
    Product Categories
    Log Management
    Buyer's Guide
    Download our free Wazuh Report and get advice and tips from experienced pros sharing their opinions.