Wazuh Reviews

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

I want more support for regional compliance standards to serve my ANZ region customers better.

I have been using Wazuh for the past three years.

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating. 

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Neutral

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Overall, I would rate Wazuh as seven out of ten.

We primarily use Wazuh for internal security monitoring to ensure the safety of our organization's internal systems. We have two specific requirements: first, we use it to monitor our internal operations, which is essential for general security purposes. Second, we rely on Wazuh to manage the security of the National Telecom department's specialized software. This second requirement involves using multiple SOC solutions. However, within our organization, Wazuh's main focus is on monitoring our internal software.

Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms. We have encountered limitations with QRadar and Splunk in the past, which we couldn't overcome, but Wazuh has proven effective. We have successfully integrated it with 56 operators within our national telecom department, although the integration process was a bit challenging. Overall, Wazuh offers valuable features, making it a beneficial addition to our security infrastructure.

One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs. Creating executive-level reports can be a bit time-consuming and requires a lot of fine-tuning to meet specific organizational requirements. It would be helpful if Wazuh offered more standardized use cases commonly seen in the industry, reducing the effort needed for customization and fine-tuning. Overall, enhancing reporting features and providing standard use cases would be a valuable improvement for Wazuh.

I have been using Wazuh for almost five years.

I would rate the stability a seven out of ten. We had a few issues with it.

Wazuh is very scalable. I would give it a ten out of ten for scalability. 18 people use the solution at my company.

The initial setup of Wazuh was relatively straightforward, with installation being easy and not time-consuming. Challenges were minimal, thanks to the availability of comprehensive documentation, guides, and forums providing ample information. In summary, the installation process was smooth and well-supported by available resources. Installation took about 30 minutes, but integration took a few months.

I would definitely recommend Wazuh to others. Overall, I would rate it a nine out of ten. 

Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

I have yet to find the same capability in Wazuh to get logs from different sources into the system. I haven't been able to explore that.

There are many functions I want to add. For example, I want to get feeds from different places through threat intelligence. If the feature is there, it needs to be matured. Threat intelligence is key to the use case I've deployed the solution for. It would be good if Wazuh correlated it with the internal and external feeds. Integrating Wazuh with other platforms is a key aspect.

I recently started using Wazuh. It's been about two months.

I rate Wazuh's stability a seven out of ten. It's stable. It's been working so far, and I have no reason to complain.

We have 20 endpoints on Wazuh and two or three administrators for now managing the solution.

I used an old SIEM before Wazuh. Wazuh is more stable. I preferred Wazuh because it's open source. The old SIEM is closing in on the product, though.

The initial setup is really simple. It took three hours to deploy Wazuh.

I implemented Wazuh myself since I'm an experienced administrator.

We use the free version of Wazuh. We will eventually move on to the commercial version.

I did some research, but I didn't test. The research was based on user opinions. I saw that most people have tested Wazuh. You can easily get resources online to help you to use the product. Wazuh is getting more popular. If you have a problem, you are not on your own.

Another solution we evaluated was Security Onion, but it was based on a platform that may be at the end of its life, which is Linux Red Hat. Linux Red Hat seems to be on shaky ground, and we don't know where it's headed. We wanted something that provides a roadmap that is not ending soon.

We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward.

I rate Wazuh a seven out of ten.

The primary use case for Wazuh is the detection of malware.

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

Improving the abilities related to security threat mapping, such as threat map landscape visualization, would be a great benefit. Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.

I have been working with it for two years.

I would rate the stability eight out of ten.

I used Azure documentation and report storage, while researching other internet resources to gain a broader perspective on different product capabilities that are available for learning and deployment needs. Wazuh offers excellent features.

When I contacted customer care, they mentioned bundling options, that I found to be overall affordable.

I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.

We use it as a cost-effective solution for our customers who are in the initial stages of adopting security measures. Many of these customers are new to security practices and are primarily seeking compliance with regulations.

Its cost-effectiveness is the most valuable aspect.

There is room for improvement in terms of simplifying the deployment process. In addition, it would be beneficial if Wazuh focused on expanding its offensive modules as the primary enhancement. Another valuable development would be the introduction of a Security Orchestration, Automation, and Response capability. It could work on further developing its threat intelligence offerings as the third priority.

I have been using it for two years.

We haven't faced any issues or challenges regarding its stability.

One of the challenges we face in Indonesia is the time zone difference when seeking support. The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement.

Negative

I have experience with IBM QRadar. The key distinction between them and Wazuh is the presence of additional modules in IBM QRadar that are not found in Wazuh. IBM QRadar provides Security Orchestration Automation and Response capabilities, while Wazuh does not offer this feature.

The initial setup is relatively smooth and typically takes approximately one week to complete.

For the deployment process, I usually allocate one or two individuals. The first person is an infrastructure engineer, and the second is a Wazuh administrator. The deployment process involves several phases. The initial step is the assessment phase, where we evaluate the customer's assets, such as the number and types of assets and the specific logs they want to send. The second step involves implementing the assessment data and configuring it in the Wazuh engine. After completing the implementation, we move to the third phase, which focuses on operational tasks. In cases where a customer has new assets and there are no existing templates for parsing the data, our team needs to manually create these parsing templates. I would rate it six out of ten.

It is a cost-effective solution.

When customers prioritize enhanced security and rapid cyberattack detection, and they have a more substantial budget to work with, I typically recommend IBM QRadar. For customers who are still in the early stages of security adoption, Wazuh is my preferred suggestion. It is a suitable choice for smaller companies, as larger organizations, particularly those in the financial industry, tend to have more experienced and knowledgeable security teams. Overall, I would rate it eight out of ten.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution.

The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution. 

Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. 

Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.

I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed Kubernetes solutions. 

We've used Wazuh for two years.

Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source solution. You pay for a licensed product or you deal with minor problems in open source. 

Wazuh's scalability has room for improvement.

We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of the answers you need in the community groups or forums. I rate Wazuh support eight out of 10. 

I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a commercial product or rely on our skills to deploy an open-source solution. 

The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.

I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment, the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.

Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the documentation is excellent, and they have good community support as well.

Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend anything except for resources. 

I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment.

If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up. 

My company uses Wazuh in our lab environment, where we have 100 endpoints.

The tool does not provide CTI to monitor darknet. In the future, I want the tool to provide CTI to monitor the darknet so that by creating a single query, I can monitor the darknet.

I have been using Wazuh for a year. I am an end user of the solution.

Stability-wise, I rate the solution a five or six out of ten.

My company has a problem with the stability of the product because we don't have a high-availability architecture. The fact that my company does not have a high availability architecture might be our company's problem.

Around three security operators in my company use the product.

Though I want the use of the product to be increased in the company, the decision to do so lies in the hands of the management.

I have not contacted the tool's support team. If my company contacts the product's support team, it would be easier for our company to deal with the product's areas like deployment and usage. In the upcoming year, I would like to use the commercial tech support offered by the product.

Previously, I have used IBM QRadar, SentinelOne, and Splunk, which were all very expensive products.

My company started to use Wazuh considering its low prices compared to other solutions.

I rate the product's initial setup phase an eight or nine on a scale of one to ten, where one is difficult, and ten is easy. Wazuh is a very simple tool.

The solution is deployed on a private cloud.

It is difficult to comment on how much time is required to deploy the product since there is always a need to add new log sources and integration. The solution can be deployed in a few days so that the testing phase can be carried out.

Wazuh is a cheaply priced product.

The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process.

My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product.

The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance.

My company uses the product for event analysis. My company uses Wazuh as a SIEM solution.

My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis.

The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good.

More time is required for me to be able to see how the product's scalability can impact our company's environment.

The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool.

I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented.

I rate the tool an eight out of ten.