Wazuh Reviews

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.

The primary use case for Wazuh is the detection of malware.

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

Improving the abilities related to security threat mapping, such as threat map landscape visualization, would be a great benefit. Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.

I have been working with it for two years.

I would rate the stability eight out of ten.

I used Azure documentation and report storage, while researching other internet resources to gain a broader perspective on different product capabilities that are available for learning and deployment needs. Wazuh offers excellent features.

When I contacted customer care, they mentioned bundling options, that I found to be overall affordable.

I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. 

So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.

Since it's an open-source tool, scalability is the main issue. We haven't paid for it, so if we want to scale it, we would need to purchase the enterprise version, which can be quite expensive. So scalability and limited support are the main limitations of the free version.

We started in December, so it has been six months now. We are using the open-source version of Wazuh.

Eight of us in the security team are using Wazuh.

We are not allowed to contact the support team on a one-on-one basis in the free version. However, we can post our queries in the community forum, where other users share their experiences and provide assistance.

The initial setup was pretty straightforward. They provide documentation that guides us through the process.

We are using the cloud version. We have deployed it on GCP (Google Cloud Platform).

So if budget is not an issue, you should consider other options. And if you want to save costs, the open-source or Wazuh enterprise would be suitable.

Wazuh is a good tool, but the open-source version has scalability limitations.

If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices.

I would rate the open-source version as five out of ten.

We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements.

We have five to seven users and we will be adding more users.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The scalability of this solution could be improved. 

We have been Wazah for the past month. 

This is a stable solution but we have only tested that for one month. 

Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application. 

We have not reached out to the support team. We have just followed the Wazuh online documentation.

The initial setup is a little bit complex as it takes some time to understand the configurations. 

We started the implementation with the assistance of a consultant but completed it in-house. 

I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks.

Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. 

I would rate this solution a six out of ten.

It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.

The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.

The computing resources are consuming and do not make sense. It should be lighter in terms of memory, CPU, and computing. There is a direct need for improvisation for any user, and it should be lighter than the current version. In the next release, they should include secure mobile app integration.

We have been using this solution for almost three months. It is deployed on-premises by our vendor.

It is a stable solution, and the performance is good.

It is scalable and does not require adding further devices. The number of devices that we already have are listed there. The basic use case is the compliance factor, and there's no additional need. However, if we start doing more extensive logging, we might need Splunk because Wazuh has some limitations in consuming heavier resources. Splunk is the best for large data computing and big data.

The vendor provides support, but we haven't approached them for support yet.

We hired a third-party company for the setup, and they took considerable time to complete it. They were not experts, and it took them about a week. It should have taken only about three days. I rate the setup an eight out of ten. After setup, it does not require any additional maintenance.

We paid a lump sum as managed services, so the operator charges an amount for a year using a complete compliance system. The complete compliance system is just one component, so we are not being charged separately for the suite. This means we have the luxury of using it as a combo deal.

I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.