Wazuh Reviews

We use Wazuh for inventory, logging activity, malware detection, and detecting hidden processes running on the server. 

I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.

Integration with Vyara could be better.

I have been using Wazuh for about three months.

Wazuh is a stable solution. We have not faced any issues yet.

The initial setup is straightforward, but we faced some challenges integrating it with Vyara. 

On a scale from one to ten, I would give the initial setup a nine.

Wazuh is free and open source.

On a scale from one to ten, I would give Wazuh an eight.

We use Wazuh to deliver security features in a venture capital company project focused on building a mobile application.

They could include flexibility and customization capabilities by modifying for customers based on partner agreements. They could enhance governance-related tools for audit reports.

We conducted a cost-benefit evaluation and compared Wazuh with Sentinel and FortiCM. The decision to choose Wazuh was influenced by its compatibility with other systems and the strong open-source community.

In comparison, Microsoft has a huge community, but it needs to be easy to use. Additionally, FortiCM needs better community support.

We are the latest version of Wazuh.

We have not encountered any performance issues for the application up until now. I rate the stability an eight out of ten.

The product is easily scalable. We have around 20 executives using it daily. Our work on the use cases is still in progress.

We contact a third-party supplier for technical support. They provide seamless services and resolve issues by the next day most of the time.

I was a part of a service team using Splunk. I have experience working with Symantec Endpoint.

I rate the initial setup process a seven out of ten.

The implementation of Wazuh is done through a local third-party supplier, but the management and overall engagement with the company are handled in-house. The third-party supplier provides hardware provision, field engineers, and devices, with the day-to-day management and operations handled remotely.

There were some slight problems related to the images being used. However, these issues were attributed to infrastructure considerations rather than specific to Wazuh. Once the correct image was selected, the installation process for the first server during the proof of concept, which involved comparing Sentinel and other solutions, was completed relatively quickly—approximately one day.

It might require a team for regular patch management and vulnerability scanning. We have yet to start with the maintenance.

For both personal and service use, the perceived cost is relatively low. They have a good pricing strategy for market expansion.

I rate the product's pricing a three out of ten.

We evaluated Sentinel.

We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents.

One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us.

There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh.

I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support.

Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases.

I rate the product a seven out of ten.

We are using Wazuh for our SOC environment. We are managing and monitoring our infrastructure using the Wazuh SIEM

The most valuable feature of Wazuh is the ELK for doing an investigation.  

Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions.

I have been using Wazuh for approximately six months.

Wazuh is a stable solution.

I have found Wazuh to be scalable.

We have approximately six people using the solution. We plan to increase the usage of the solution.

I have not used the support from Wazuh.

I have used Splunk previously.

The installation of Wazuh is simple.

We did the implementation of the solution ourselves.

We have six technicians supporting the solution.

There is not a license required for Wazuh.

My advice to others is Wazuh is a good starter solution but there are other more advanced solutions on the market, such as Splunk which is an industry-level solution.

I rate Wazuh a five out of ten.

We collect logs in it, and then we correlate logs against the MITRE ATT&CK framework. We have configured some notifications.

The MITRE ATT&CK correlation is most valuable.

Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.

I have been using this solution for the last two years.

It is stable.

I am not sure about scalability. We have a total of seven users. Our department has two people, and there are five people from the IT department. We don't have any plans to increase its usage at this time.

I didn't use their technical support.

I was not involved in its installation. I am just using it.

Other colleagues from the IT department handle its installation. 

For our usage, I would rate Wazuh a six out of ten.

We use Wazuh for internal testing, instant response, security operations, and compliance.

Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation.

At the moment, we haven't tried the cloud version yet. My customers are mostly into the cloud. Wazuh should come up with more in-built rules and integrations for the cloud.

I have been using Wazuh for one year.

I rate Wazuh seven and a half out of ten for stability.

Around 10 users are using the solution in our organization.

For a technical and experienced person, the solution's initial setup is easy. The setup would be a little hard for a non-technical person with less experience.

The initial implementation and configuration may take a maximum of one week.

Wazuh is not an expensive solution.

If correctly configured, Wazuh can support threat detection and response for SMBs. Wazuh is a good solution if you can implement, integrate, and fine-tune it in the right way.

Overall, I rate Wazuh an eight out of ten.

The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.

I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions.

I have been working with this solution for about four months.

For mid-level customer, stability is okay.

This is a scalable solution.

Support needs to be purchased on an annual basis but the support required is excellent.

The initial setup is rather complex and takes a few days to perform. 

This is a very price sensitive product.

No hardware is required for this solution but be prepared to purchase implementation support. I would rate this solution a six or seven out of ten.