Wazuh Reviews

We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other security threats. 

We use Wazuh's vulnerability management dashboard to scan our servers for vulnerabilities and ensure compliance with standards such as HIPAA and PCI DSS.

Wazuh has enhanced our security posture by providing visibility into our environment and enabling proactivity in incident response. It alerts us to any discrepancies in the environment, allowing us to respond swiftly. 

Additionally, it supports features like active response, blocking potential intrusions automatically.

The most valuable feature of Wazuh is its EDR capabilities. It operates in a server-agent mode, which allows us to aggregate logs from endpoints and monitor server activities, such as vulnerability scans and compliance checks. Wazuh is open to numerous integrations with third-party tools like forensics tools, adding to its versatility.

The latest version, 4.9, has improved the interface significantly. I am yet to explore more about the update to identify further areas for improvement. So far, the recent updates have addressed most challenges we previously faced.

I have been working with Wazuh for more than three years.

Wazuh is very stable over the years, and it has consistently met our needs without issues.

Wazuh is quite scalable. We have deployed it across 20 to 30 servers. You can increase the server resources to handle more endpoints as needed.

Customer service is excellent, rated a ten out of ten. Wazuh has a vast online community on platforms like Slack and Google groups. The response time for queries is great due to the extensive community support.

Positive

I did not use other SIEM solutions beforehand. Wazuh was already in use when I joined my organization. I am aware of Splunk, which is a commercial SIEM tool, yet have not used it.

Today, even novices can deploy Wazuh due to the simplified setup process using pre-configured scripts and marketplace images for quick deployment.

Wazuh is open-source, with a free version and a commercial cloud subscription for those needing managed cloud hosting. The Wazuh Cloud requires additional licensing fees.

There's no perfect solution in security, as it's a combination of tools, people, and processes. Staying proactive is essential, particularly with AI-enhanced attacks becoming more prevalent.

I'd rate the solution eight out of ten.

I use the solution in my company for XDR and SIEM.

The solution's most valuable feature is that its XDR part provides a very good experience compared to other open-source software. Wazuh is also better than the existing XDR apps.

Wazuh needs improvement in terms of AI. All the tools, whether SIEM or other tools, are focused on AI-based areas. Wazuh should plan to integrate with the AI part.

The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.

Considering the current technology, the entire infra will be changed for quantum computing and security. We need AI, which is drastically evolving. We needed some alignment with the AI-based Wazuh, and I believe it would be a very promising development since it would not be stable otherwise. Splunk has started working on AI-related stuff. Wazuh's XDR is very good.

I have been using Wazuh for three years. My company has a partnership with Wazuh.

The tool is very powerful, without a doubt. It is a stable tool. Wazuh is better than Splunk, and I say so since it is very suitable for small and mid-level businesses with lower data volume. Splunk is the best if we need to deal with a higher volume. I can go ahead with Splunk if it is a higher volume. When it comes to small and middle-level businesses, our organization, Wazuh, which has the lowest data volumes, is the best and most stable tool.

When it comes to scalability, there are two things to consider while scaling up Wazuh's deployment. One is that our server and infra facilities should be aligned properly. Wazuh is a scalable tool. I can say the only drawback is that one requires technical knowledge to set up and configure the tool.

The solution's technical support quality is mid-range. I rate the technical support a seven out of ten.

Neutral

It is easy to install and deploy the tool, but only an experienced person can handle such areas. It means the subject matter expert can handle the tool. It cannot be given to someone randomly as the person needs to have some expertise.

The solution is easy to maintain.

Three people can deploy the solution.

Wazuh has given some timelines for the average deployment, but I must ask my team about it.

The product price is neither too high nor too low. A lot of small players can easily adapt to Wazuh. Many are interested in adopting Wazuh in their own infrastructure.

I would say that Wazuh's threat detection capabilities are effective at around 80 percent.

Regarding compliance and integrity monitoring, I would say that the problem stems from the fact that someone who doesn't know or has any background associated with Wazuh or someone junior in the profession cannot configure the product. An experienced person should configure Wazuh, and then only we can get the settings right because it is mostly a configuration-based tool. There are a lot of things in the configuration-based part. The product offers seamless integration capabilities.

I will have to ask my team members about details related to the operational cost and security incident response time associated with the solution.

My final bottom line recommendation to others is that they should consider whether they are using small volumes, and if so, it means their organization is small or mid-sized and is using very few data volumes for which Wazuh is the best choice instead of Graylog, Splunk or some other tool. We need the expertise to set up and configure the tool properly. Expertise and knowledge should be the key thing if anybody needs to adopt the tool. Others need to consider the tool's readiness for the AI revolution.

I rate the tool an eight out of ten.

We primarily use Wazuh for internal security monitoring to ensure the safety of our organization's internal systems. We have two specific requirements: first, we use it to monitor our internal operations, which is essential for general security purposes. Second, we rely on Wazuh to manage the security of the National Telecom department's specialized software. This second requirement involves using multiple SOC solutions. However, within our organization, Wazuh's main focus is on monitoring our internal software.

Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms. We have encountered limitations with QRadar and Splunk in the past, which we couldn't overcome, but Wazuh has proven effective. We have successfully integrated it with 56 operators within our national telecom department, although the integration process was a bit challenging. Overall, Wazuh offers valuable features, making it a beneficial addition to our security infrastructure.

One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs. Creating executive-level reports can be a bit time-consuming and requires a lot of fine-tuning to meet specific organizational requirements. It would be helpful if Wazuh offered more standardized use cases commonly seen in the industry, reducing the effort needed for customization and fine-tuning. Overall, enhancing reporting features and providing standard use cases would be a valuable improvement for Wazuh.

I have been using Wazuh for almost five years.

I would rate the stability a seven out of ten. We had a few issues with it.

Wazuh is very scalable. I would give it a ten out of ten for scalability. 18 people use the solution at my company.

The initial setup of Wazuh was relatively straightforward, with installation being easy and not time-consuming. Challenges were minimal, thanks to the availability of comprehensive documentation, guides, and forums providing ample information. In summary, the installation process was smooth and well-supported by available resources. Installation took about 30 minutes, but integration took a few months.

I would definitely recommend Wazuh to others. Overall, I would rate it a nine out of ten. 

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

I want more support for regional compliance standards to serve my ANZ region customers better.

I have been using Wazuh for the past three years.

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating. 

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Neutral

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Overall, I would rate Wazuh as seven out of ten.

My company uses Wazuh in our lab environment, where we have 100 endpoints.

The tool does not provide CTI to monitor darknet. In the future, I want the tool to provide CTI to monitor the darknet so that by creating a single query, I can monitor the darknet.

I have been using Wazuh for a year. I am an end user of the solution.

Stability-wise, I rate the solution a five or six out of ten.

My company has a problem with the stability of the product because we don't have a high-availability architecture. The fact that my company does not have a high availability architecture might be our company's problem.

Around three security operators in my company use the product.

Though I want the use of the product to be increased in the company, the decision to do so lies in the hands of the management.

I have not contacted the tool's support team. If my company contacts the product's support team, it would be easier for our company to deal with the product's areas like deployment and usage. In the upcoming year, I would like to use the commercial tech support offered by the product.

Previously, I have used IBM QRadar, SentinelOne, and Splunk, which were all very expensive products.

My company started to use Wazuh considering its low prices compared to other solutions.

I rate the product's initial setup phase an eight or nine on a scale of one to ten, where one is difficult, and ten is easy. Wazuh is a very simple tool.

The solution is deployed on a private cloud.

It is difficult to comment on how much time is required to deploy the product since there is always a need to add new log sources and integration. The solution can be deployed in a few days so that the testing phase can be carried out.

Wazuh is a cheaply priced product.

The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process.

My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product.

The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance.

My company uses the product for event analysis. My company uses Wazuh as a SIEM solution.

My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis.

The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good.

More time is required for me to be able to see how the product's scalability can impact our company's environment.

The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool.

I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented.

I rate the tool an eight out of ten.

Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.

In our company, around 200-300 people are using Wazuh. Most of them are regular employees, such as HR and IT personnel. Additionally, there are some stock traders who also use the solution.

There are three key strengths of Wazuh that stand out to me. 

Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.

Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.

Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies.

In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.

As a stock analyst, I have been using Wazuh as my preferred solution for the past three and a half years, and I am currently using the latest version available.

I would rate the stability of Wazuh a six out of ten. At times, there have been issues with bugs in the configuration, which can lead to unexpected use cases.

I would rate the scalability of Wazuh a seven out of ten because it cannot perform deep data analysis.

A few years back, when I deployed Wazuh for the first time, there was no cloud model available, so they didn't offer support for on-premises deployments. However, with the cloud model now in place, the support is much better. That being said, the customer service and support still require improvement.

Neutral

I found it to be more straightforward compared to other products like Splunk and Scalyr.

You can get started within five minutes.

Deploying Wazuh can be done by one person, but for proper configuration within a specific use case, it is recommended to have at least three to four experienced individuals involved in the deployment process.

I have a level three analyst on my team, and as a stock analyst, I am aware that they also offer an MSP program that provides partnership offerings and other related services. However, I am not very familiar with it.

Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price would be around $23 to $24.

Compared to its competitors like ELK Stack and other similar products, Wazuh offers a reasonable price point, with many of its competitors priced higher.

I have used Splunk.

Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender.

In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.

We primarily use the solution as a cybersecurity monitoring solution. It has a powerful endpoint agent and can work as an EDR for endpoint detection and response. 

We gather information about the company and identify data sources. We develop a use case around them and have a specified case output. For example, if we want to do hard test or service scans, we gather some event logs from the firewalls, et cetera, and develop some logic. The logic will help us detect anomalies during hard scans. We use Wazuh for log extraction and logic application. It is a general framework. 

We like the fact that it is open-source and free to use. 

It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

It's stable.

The solution can scale. 

My understanding is the latest version, eight, can't support the latest version of Elasticsearch.

The older versions do not support EQ query syntax. There need to be more languages on offer. 

They need to improve collation detection.

The deployment is a bit complex. 

The performance is very good. It's reliable. It's better than Splunk. I'd rate the stability eight out of ten. 

The solution is scalable. I'd rate the ability to scale nine out of ten.

We have 13 people using the solution, and we provide some services to different companies. We work as an MSP.

I can't speak to support. We have some limitations when it comes to receiving support. We cannot directly contact the company as we are in Iran. 

I am also familiar with Splunk. I find this product to offer better performance. Splunk is also a commercial solution. It is not open-source.

The solution offers a complex deployment. We wanted to divide it up and set different modules on different machines. That made it a bit more difficult. 

I'd rate the ease of setup sic out of ten. While for smaller setups, the situation may be more straightforward, for larger enterprise-level setups, it can get complex. 

The deployment happens across many phases. There's the identification of scope, assets, and communication. Then, you need to deploy to a basic cluster. After that, you need to collect logs from various areas of the organization. Then, there's the normalization and parsing of event logs and verification processes. 

We managed a deployment with three people. However, a higher-level installation would likely need more people. We only need two or three people to handle maintenance for 24/7 coverage. If we drop that to work hours only, we need one or two people to cover maintenance. 

The solution is open-source. We do not have to pay for a license. 

I'm an end-user.

We are not using the latest version of the solution as it may not be compatible with Elasticsearch. We use version seven. 

I'd highly recommend the solution to others. I'd rate it seven out of ten. 

Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

I have yet to find the same capability in Wazuh to get logs from different sources into the system. I haven't been able to explore that.

There are many functions I want to add. For example, I want to get feeds from different places through threat intelligence. If the feature is there, it needs to be matured. Threat intelligence is key to the use case I've deployed the solution for. It would be good if Wazuh correlated it with the internal and external feeds. Integrating Wazuh with other platforms is a key aspect.

I recently started using Wazuh. It's been about two months.

I rate Wazuh's stability a seven out of ten. It's stable. It's been working so far, and I have no reason to complain.

We have 20 endpoints on Wazuh and two or three administrators for now managing the solution.

I used an old SIEM before Wazuh. Wazuh is more stable. I preferred Wazuh because it's open source. The old SIEM is closing in on the product, though.

The initial setup is really simple. It took three hours to deploy Wazuh.

I implemented Wazuh myself since I'm an experienced administrator.

We use the free version of Wazuh. We will eventually move on to the commercial version.

I did some research, but I didn't test. The research was based on user opinions. I saw that most people have tested Wazuh. You can easily get resources online to help you to use the product. Wazuh is getting more popular. If you have a problem, you are not on your own.

Another solution we evaluated was Security Onion, but it was based on a platform that may be at the end of its life, which is Linux Red Hat. Linux Red Hat seems to be on shaky ground, and we don't know where it's headed. We wanted something that provides a roadmap that is not ending soon.

We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward.

I rate Wazuh a seven out of ten.