Wazuh Reviews

We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. 

So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.

Since it's an open-source tool, scalability is the main issue. We haven't paid for it, so if we want to scale it, we would need to purchase the enterprise version, which can be quite expensive. So scalability and limited support are the main limitations of the free version.

We started in December, so it has been six months now. We are using the open-source version of Wazuh.

Eight of us in the security team are using Wazuh.

We are not allowed to contact the support team on a one-on-one basis in the free version. However, we can post our queries in the community forum, where other users share their experiences and provide assistance.

The initial setup was pretty straightforward. They provide documentation that guides us through the process.

We are using the cloud version. We have deployed it on GCP (Google Cloud Platform).

So if budget is not an issue, you should consider other options. And if you want to save costs, the open-source or Wazuh enterprise would be suitable.

Wazuh is a good tool, but the open-source version has scalability limitations.

If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices.

I would rate the open-source version as five out of ten.

Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.

In our company, around 200-300 people are using Wazuh. Most of them are regular employees, such as HR and IT personnel. Additionally, there are some stock traders who also use the solution.

There are three key strengths of Wazuh that stand out to me. 

Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.

Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.

Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies.

In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.

As a stock analyst, I have been using Wazuh as my preferred solution for the past three and a half years, and I am currently using the latest version available.

I would rate the stability of Wazuh a six out of ten. At times, there have been issues with bugs in the configuration, which can lead to unexpected use cases.

I would rate the scalability of Wazuh a seven out of ten because it cannot perform deep data analysis.

A few years back, when I deployed Wazuh for the first time, there was no cloud model available, so they didn't offer support for on-premises deployments. However, with the cloud model now in place, the support is much better. That being said, the customer service and support still require improvement.

Neutral

I found it to be more straightforward compared to other products like Splunk and Scalyr.

You can get started within five minutes.

Deploying Wazuh can be done by one person, but for proper configuration within a specific use case, it is recommended to have at least three to four experienced individuals involved in the deployment process.

I have a level three analyst on my team, and as a stock analyst, I am aware that they also offer an MSP program that provides partnership offerings and other related services. However, I am not very familiar with it.

Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price would be around $23 to $24.

Compared to its competitors like ELK Stack and other similar products, Wazuh offers a reasonable price point, with many of its competitors priced higher.

I have used Splunk.

Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender.

In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.

We primarily use the solution as a cybersecurity monitoring solution. It has a powerful endpoint agent and can work as an EDR for endpoint detection and response. 

We gather information about the company and identify data sources. We develop a use case around them and have a specified case output. For example, if we want to do hard test or service scans, we gather some event logs from the firewalls, et cetera, and develop some logic. The logic will help us detect anomalies during hard scans. We use Wazuh for log extraction and logic application. It is a general framework. 

We like the fact that it is open-source and free to use. 

It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

It's stable.

The solution can scale. 

My understanding is the latest version, eight, can't support the latest version of Elasticsearch.

The older versions do not support EQ query syntax. There need to be more languages on offer. 

They need to improve collation detection.

The deployment is a bit complex. 

The performance is very good. It's reliable. It's better than Splunk. I'd rate the stability eight out of ten. 

The solution is scalable. I'd rate the ability to scale nine out of ten.

We have 13 people using the solution, and we provide some services to different companies. We work as an MSP.

I can't speak to support. We have some limitations when it comes to receiving support. We cannot directly contact the company as we are in Iran. 

I am also familiar with Splunk. I find this product to offer better performance. Splunk is also a commercial solution. It is not open-source.

The solution offers a complex deployment. We wanted to divide it up and set different modules on different machines. That made it a bit more difficult. 

I'd rate the ease of setup sic out of ten. While for smaller setups, the situation may be more straightforward, for larger enterprise-level setups, it can get complex. 

The deployment happens across many phases. There's the identification of scope, assets, and communication. Then, you need to deploy to a basic cluster. After that, you need to collect logs from various areas of the organization. Then, there's the normalization and parsing of event logs and verification processes. 

We managed a deployment with three people. However, a higher-level installation would likely need more people. We only need two or three people to handle maintenance for 24/7 coverage. If we drop that to work hours only, we need one or two people to cover maintenance. 

The solution is open-source. We do not have to pay for a license. 

I'm an end-user.

We are not using the latest version of the solution as it may not be compatible with Elasticsearch. We use version seven. 

I'd highly recommend the solution to others. I'd rate it seven out of ten. 

Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

The configuration assessment and pile integrity monitoring features are decent.

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

We implemented Wazuh in 2019.

I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

I rate Wazuh eight out of 10 for scalability.

We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

We deployed Wazuh. 

Wazuh is a free solution. 

We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.

There were certain tasks we couldn't carry out before. However, with Wazuh, we found a solution within a single platform. It only required a one-time effort to set up and configure the version. After that, it's just about monitoring the alerts and making revisions. No additional efforts are needed.

The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.

There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. 

In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. 

If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

We have been working with Wazuh for the last year. We currently use the latest version.

Sometimes, it has disturbances, but at the end of the day, it's not Wazuh but, actually, the configurations that engineers do sometimes do not have compatibility. So at that time, we face issues, but as of now, Wazuh has not disappointed us in any way.

It is scalable. We can add a new machine or server, install the components, and inform the other components about its IP address. We add it to the cluster, and a restart of the cluster is all that's needed to integrate the new component.

While there are many people involved, only three or four security engineers manage and oversee the events collected and provided by Wazuh.

We used Splunk primarily for log management purposes. There were no extra security modules or playbooks involved. We indexed the logs, built dashboards, generated reports, and set up alerts. That was the extent of our usage, without any additional security features.

The initial setup was not complex. We had prior experience with Elastic and Elk, so the deployment of Wazuh was quite familiar to us. It wasn't a major challenge.

However, we do need maintenance as we need to upgrade the version periodically. During maintenance, we have to switch off all the endpoints, turn off all the components, and then power off one by one to upgrade them to the latest version. This is done during a maintenance window.

One or two engineers are usually enough to handle the maintenance tasks.

In terms of the deployment plan, if we exclude the endpoints (monitored servers), we have multiple nodes for each component: indexer, manager, and dashboard. We also implemented an NGINX-based load balancer, following the documentation provided by Wazuh on configuring NGINX as a load balancer. This helps in load disturbance and redundancy, so we don't have a single point of failure when any server goes down.

The deployment process took approximately one to two weeks to fully test and deploy the system. We had to spend time on research and development to properly configure everything. The resources mainly involved Linux servers. There were not many additional resources involved beyond that.

We evaluated LogRhythm, which is an excellent intelligence-based tool. However, it comes with a high cost for the intelligence features. Wazuh lacks AI or machine learning capabilities, but otherwise, it has all the necessary capabilities for a similar solution.

I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges.

Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. 

Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.