Wazuh Reviews

We use the solution for event monitoring.

The tool is stable.

The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.

I have been using the solution for about eight months.

The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.

We did not contact support. Our company’s security personnel set everything and documented it.

We use Elastic Stack for logs.

The deployment was straightforward. It took two to three months. We needed two people for deployment.

We did the deployment in-house with the help of our security personnel and someone from the DevOps team.

The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.

We evaluated Google Cloud.

When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.

It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.

Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.

I only started working with Wazuh recently. 

It seems like they're constantly updating Wazuh, and it causes some instability. So you get a lot of updates after a short while, and there are so many things that Wazuh is trying to implement. When I see these rapid changes, it means the Wazuh team is trying to implement some of the things that are not yet implemented. So when you implement new features, you only have to understand that it's not covering many sources of events. That's where I would say stability becomes an issue.

Wazuh is not easily scalable. You have to consider the sources of events and maybe the amount of traffic. I think it's still a solution that's not easily adaptable to a massive amount of information.

Our current clients are happy with Wazuh support. One client upgraded from the basic open-source package to a support subscription, so I haven't heard any complaints from that person since.

Wazuh is a straightforward platform to set it up in a new environment. I wouldn't say it's complex. Another platform I used had a lot of licenses that were a pain to implement. Of course, after I implemented these licenses, it was very nice to work with. But Wazuh and Splunk are effortless to deploy.

Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.

I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. 

If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious

Wazuh is used for event information and management. We have several events that are of interest, and Wazuh lets our folks know if any of them trigger.

My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance.

There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded. 

I've only been with the company since November, but I believe they've been using Wazuh for maybe five years.

I haven't had issues with stability.

Wazuh can scale up, but it doesn't scale easily. It's extensively used. We have about 30 people in our company using it. 

Wazuh is an open-source solution, so there isn't any support. We look for answers in the knowledge base and on user forums.  

I wasn't with the company during the initial installation, but Wazuh does require some maintenance. We don't have the resources to take care of it, so it tends to get out of date and require updates. We have an administrator, but maintaining Wazuh is only one of his responsibilities. 

Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful. 

There are more advanced and robust offerings out there like QRadar that we should try instead of upgrading to a new version of Wazuh.

I rate Wazuh four out of 10. It can do the job, but you need to invest a lot of time configuring it for your use case.

My main use case for Wazuh is checking security events.

Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.

Wazuh needs more security features, particularly visualization features and a health monitor. In the next release, it should be easier to see the origin of events when connected to a firewall or switch. I would also like more integration with XDR and cloud-based formats like the GCO log testing system or Huawei.

I've just started using Wazuh.

Wazuh is stable.

I believe Wazuh is scalable.

I previously used Splunk and changed to Wazuh because of its lower cost.

The initial setup is easy.

Wazuh is a good solution if you want to visualize your environment. I would rate Wazuh eight out of ten.

We use Wazuh as a SIEM tool for log aggregation and understanding different compliances. If there are vulnerabilities in the operating systems, that can be traced using Wazuh.

I like that the solution is on top of the Kubernetes stack.

The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way.

We have been using Wazuh for six to eight months.

Wazuh is stable after some tweaks. 

Wazuh is scalable. One of our customers is using Wazuh and has about 98 endpoints. So, we could say 98 servers, and it's been integrated.

The initial setup is straightforward. I don't see that much of a challenge, especially on the Wazuh cloud. Even Wazuh's on-prem solutions are pretty comprehensive.

It takes about three to four hours to set up Wazuh manager on-premise. After that, the client installations are very straightforward. For a client, it might take about five minutes.

We implement this solution for our clients. Maintenance and management depend on how many clients, how many different instances, or how many different projects you are maintaining. One technical staff is more than enough if it's for a single setup because there's not much maintenance required. You can set up all the policies on Wazuh itself. Like all the lifecycle management solutions, all that is inbuilt.

Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them.

I would recommend this solution to potential users. It's a simple solution you can try for free, and you can get support. I would recommend Wazuh because people can test it, understand how it works, and then decide if they want to continue using it.

On a scale from one to ten, I would give Wazuh a six. 

We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.

I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.

A lot of things could be improved with Wazuh. A company I worked with used this product with their customizations since Wazuh is missing many things that a typical SIEM should have. One thing that was missing was log source management. We didn't have any modules for that. Wazuh's parsing is very complex. You must write decoders to make it as easy as in other SIEMs, like in QRadar.

The stability and scalability could be improved.

I've been working on Wazuh for about eight months.

I am 60% confident in Wazuh's stability. I have one client, and I have been facing stability issues. I have to troubleshoot the solution every second or third month.

I am 60% confident in Wazuh's scalability.

The initial setup is very easy. It is exactly like ELK. You deploy Elasticsearch, Wazuh, and Kibana. It took one day to deploy the solution.

For deployment, you need to plan how many resources you need. For example, if it's a Linux machine, you just download the required binaries from their site. After that, unzip the folder downloaded from their site, and then you just want a couple of scripts, and it will install Elasticsearch. You would do the same for Logstash, Wazuh, or Kibana. You must configure the solution a little to ensure that Logstash or Elasticsearch recognizes Kibana, so you have to provide the IPs and all that. Then, the solution is all set up.

My client uses the open-source version of Wazuh.

Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client.

The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution.

I rate Wazuh a five-point five out of ten.

I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.

Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.

The technical support can be improved. Wazuh has some bugs that need to be fixed.

It would be good if we can have automation with respect to incidence responses.

I've been working with this solution for almost a year.

It's deployed both on the cloud and on-premises.

I rate technical support at eight out of ten. It could be improved.

Positive

The initial setup is easy.

We looked at AlienVault and EventLog Analyzer.

If you have a small company or if you are new to SIEM and want to create your own tools, I highly recommend Wazuh.

I would rate Wazuh at eight on a scale from one to ten.

Our primary use case is for monitoring the cloud as well as infrastructure.

The most valuable features are the modules and metrics. The asset inventory and everything from the agent and the capabilities to integrate the Windows Defender directly into the SIEM solution.

When the agents are not upgraded in comparison to the server they start behaving unknowingly. Some modules will be working, some modules will not be working. It would be great if there could be customization for the decoder portion.

I have been using Wazuh for the past year and a half.

The stability is excellent and I would rate it a ten out of ten.

the scalability is high and I would rate it an eight on a scale of one to ten.

The initial setup was straightforward and easy to deploy.

The time for deployment on the hardware takes only a few days.

The current pricing is open source.

I would highly recommend it, considering the current threats and cyber war also going on. if companies do not have a large budget to have a proper cybersecurity solution, they might consider Wazuh, another open source so that they can actually secure what is going on in the infrastructure. I would rate Wazuh a nine out of ten.