Wazuh Reviews

My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure.

We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.

It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment. Unlike other solutions, Wazuh is open-source, so you don't need to invest in significant capital expenses. You can easily set up a server on Azure or your infrastructure. While you will need specialized personnel to operate it, this is true for any SIEM solution.

One of Wazuh's most significant advantages, aside from being open source, is its flexible dashboards. Integrated with Elasticsearch, Wazuh allows you to create customized dashboards if you have an in-house developer. This level of customization isn’t available with Fortinet, which offers only pre-made dashboards. Wazuh lets you design any dashboard you need.

Wazuh doesn't have native support for some enterprise solutions. It requires an agent installed on the server, whether Windows Server or Linux, to collect logs. While you can gather information via SNMP or Splunk logs, this isn't natively supported. Some decoders are available, but they are community-built rather than officially supported. It relies on its community to create these decoders as an open-source platform, so they may not be fully integrated.

It's pretty stable. If it's not properly implemented, you don't have stability problems if you follow the documentation and do it as detailed documentation.

Wazuh is highly scalable. You can install it on-premises, in Azure, or using Docker. The architecture allows you to separate the dashboard, index, and node servers.

Wazuh offers technical support, but you need to pay for it. If you are using the open-source solution, you'll need to rely on the extensive documentation and the community itself.

The initial setup is complicated. You need a specialist in the technology to make good use of it. You can do it on-premises. You can do it on Azure. You can do it on the hybrid cloud as a docker. So it's very flexible.

We use Azure, which we currently use as a single server. We will migrate it to our partner using Azure.

It takes two months to deploy completely.

You save on licensing, and you need to invest in people.

When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it.

Overall, I rate the solution an eight out of ten.

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.

I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.

A lot of things could be improved with Wazuh. A company I worked with used this product with their customizations since Wazuh is missing many things that a typical SIEM should have. One thing that was missing was log source management. We didn't have any modules for that. Wazuh's parsing is very complex. You must write decoders to make it as easy as in other SIEMs, like in QRadar.

The stability and scalability could be improved.

I've been working on Wazuh for about eight months.

I am 60% confident in Wazuh's stability. I have one client, and I have been facing stability issues. I have to troubleshoot the solution every second or third month.

I am 60% confident in Wazuh's scalability.

The initial setup is very easy. It is exactly like ELK. You deploy Elasticsearch, Wazuh, and Kibana. It took one day to deploy the solution.

For deployment, you need to plan how many resources you need. For example, if it's a Linux machine, you just download the required binaries from their site. After that, unzip the folder downloaded from their site, and then you just want a couple of scripts, and it will install Elasticsearch. You would do the same for Logstash, Wazuh, or Kibana. You must configure the solution a little to ensure that Logstash or Elasticsearch recognizes Kibana, so you have to provide the IPs and all that. Then, the solution is all set up.

My client uses the open-source version of Wazuh.

Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client.

The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution.

I rate Wazuh a five-point five out of ten.

I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.

Our primary use case is for monitoring the cloud as well as infrastructure.

The most valuable features are the modules and metrics. The asset inventory and everything from the agent and the capabilities to integrate the Windows Defender directly into the SIEM solution.

When the agents are not upgraded in comparison to the server they start behaving unknowingly. Some modules will be working, some modules will not be working. It would be great if there could be customization for the decoder portion.

I have been using Wazuh for the past year and a half.

The stability is excellent and I would rate it a ten out of ten.

the scalability is high and I would rate it an eight on a scale of one to ten.

The initial setup was straightforward and easy to deploy.

The time for deployment on the hardware takes only a few days.

The current pricing is open source.

I would highly recommend it, considering the current threats and cyber war also going on. if companies do not have a large budget to have a proper cybersecurity solution, they might consider Wazuh, another open source so that they can actually secure what is going on in the infrastructure. I would rate Wazuh a nine out of ten.

Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.

The technical support can be improved. Wazuh has some bugs that need to be fixed.

It would be good if we can have automation with respect to incidence responses.

I've been working with this solution for almost a year.

It's deployed both on the cloud and on-premises.

I rate technical support at eight out of ten. It could be improved.

Positive

The initial setup is easy.

We looked at AlienVault and EventLog Analyzer.

If you have a small company or if you are new to SIEM and want to create your own tools, I highly recommend Wazuh.

I would rate Wazuh at eight on a scale from one to ten.

We are using Wazuh for our SOC environment. We are managing and monitoring our infrastructure using the Wazuh SIEM

The most valuable feature of Wazuh is the ELK for doing an investigation.  

Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions.

I have been using Wazuh for approximately six months.

Wazuh is a stable solution.

I have found Wazuh to be scalable.

We have approximately six people using the solution. We plan to increase the usage of the solution.

I have not used the support from Wazuh.

I have used Splunk previously.

The installation of Wazuh is simple.

We did the implementation of the solution ourselves.

We have six technicians supporting the solution.

There is not a license required for Wazuh.

My advice to others is Wazuh is a good starter solution but there are other more advanced solutions on the market, such as Splunk which is an industry-level solution.

I rate Wazuh a five out of ten.

The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.

I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions.

I have been working with this solution for about four months.

For mid-level customer, stability is okay.

This is a scalable solution.

Support needs to be purchased on an annual basis but the support required is excellent.

The initial setup is rather complex and takes a few days to perform. 

This is a very price sensitive product.

No hardware is required for this solution but be prepared to purchase implementation support. I would rate this solution a six or seven out of ten.

We collect logs in it, and then we correlate logs against the MITRE ATT&CK framework. We have configured some notifications.

The MITRE ATT&CK correlation is most valuable.

Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.

I have been using this solution for the last two years.

It is stable.

I am not sure about scalability. We have a total of seven users. Our department has two people, and there are five people from the IT department. We don't have any plans to increase its usage at this time.

I didn't use their technical support.

I was not involved in its installation. I am just using it.

Other colleagues from the IT department handle its installation. 

For our usage, I would rate Wazuh a six out of ten.