Wazuh Reviews

We primarily use the solution as a cybersecurity monitoring solution. It has a powerful endpoint agent and can work as an EDR for endpoint detection and response. 

We gather information about the company and identify data sources. We develop a use case around them and have a specified case output. For example, if we want to do hard test or service scans, we gather some event logs from the firewalls, et cetera, and develop some logic. The logic will help us detect anomalies during hard scans. We use Wazuh for log extraction and logic application. It is a general framework. 

We like the fact that it is open-source and free to use. 

It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

It's stable.

The solution can scale. 

My understanding is the latest version, eight, can't support the latest version of Elasticsearch.

The older versions do not support EQ query syntax. There need to be more languages on offer. 

They need to improve collation detection.

The deployment is a bit complex. 

The performance is very good. It's reliable. It's better than Splunk. I'd rate the stability eight out of ten. 

The solution is scalable. I'd rate the ability to scale nine out of ten.

We have 13 people using the solution, and we provide some services to different companies. We work as an MSP.

I can't speak to support. We have some limitations when it comes to receiving support. We cannot directly contact the company as we are in Iran. 

I am also familiar with Splunk. I find this product to offer better performance. Splunk is also a commercial solution. It is not open-source.

The solution offers a complex deployment. We wanted to divide it up and set different modules on different machines. That made it a bit more difficult. 

I'd rate the ease of setup sic out of ten. While for smaller setups, the situation may be more straightforward, for larger enterprise-level setups, it can get complex. 

The deployment happens across many phases. There's the identification of scope, assets, and communication. Then, you need to deploy to a basic cluster. After that, you need to collect logs from various areas of the organization. Then, there's the normalization and parsing of event logs and verification processes. 

We managed a deployment with three people. However, a higher-level installation would likely need more people. We only need two or three people to handle maintenance for 24/7 coverage. If we drop that to work hours only, we need one or two people to cover maintenance. 

The solution is open-source. We do not have to pay for a license. 

I'm an end-user.

We are not using the latest version of the solution as it may not be compatible with Elasticsearch. We use version seven. 

I'd highly recommend the solution to others. I'd rate it seven out of ten. 

Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

The configuration assessment and pile integrity monitoring features are decent.

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

We implemented Wazuh in 2019.

I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

I rate Wazuh eight out of 10 for scalability.

We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

We deployed Wazuh. 

Wazuh is a free solution. 

We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. 

So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.

Since it's an open-source tool, scalability is the main issue. We haven't paid for it, so if we want to scale it, we would need to purchase the enterprise version, which can be quite expensive. So scalability and limited support are the main limitations of the free version.

We started in December, so it has been six months now. We are using the open-source version of Wazuh.

Eight of us in the security team are using Wazuh.

We are not allowed to contact the support team on a one-on-one basis in the free version. However, we can post our queries in the community forum, where other users share their experiences and provide assistance.

The initial setup was pretty straightforward. They provide documentation that guides us through the process.

We are using the cloud version. We have deployed it on GCP (Google Cloud Platform).

So if budget is not an issue, you should consider other options. And if you want to save costs, the open-source or Wazuh enterprise would be suitable.

Wazuh is a good tool, but the open-source version has scalability limitations.

If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices.

I would rate the open-source version as five out of ten.

We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements.

We have five to seven users and we will be adding more users.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The scalability of this solution could be improved. 

We have been Wazah for the past month. 

This is a stable solution but we have only tested that for one month. 

Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application. 

We have not reached out to the support team. We have just followed the Wazuh online documentation.

The initial setup is a little bit complex as it takes some time to understand the configurations. 

We started the implementation with the assistance of a consultant but completed it in-house. 

I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks.

Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. 

I would rate this solution a six out of ten.